<?php require_once 'head.php'; #定義常用的變數 $TBL['name']="show_kind";//資料表 $TBL['kind']="slider_home";//分類 #整理傳入變數 $op = isset($_REQUEST['op'])?$_REQUEST['op']:""; $sn = isset($_REQUEST['sn'])?intval($_REQUEST['sn']):""; #程式流程 switch($op){ #新增記錄 case "op_insert": $sn=op_insert(); redirect_header("nav_m.php?op=op_show&sn={$sn}",3000,"新增資料成功!!"); exit; break; #更新記錄 case "op_update": $sn=op_update($sn); redirect_header("nav_m.php?op=op_show&sn={$sn}",3000,"更新資料成功!!"); exit; break; #刪除記錄 case "op_delete": op_delete($sn); redirect_header($_SESSION['CurrentUrl'],3000,"刪除記錄成功!!"); exit; break; #表單 case "op_form": op_form($sn); break; #顯示單筆 case "op_show": op_show($sn); break; #列表 default: # ---- 目前網址 ---- $_SESSION['CurrentUrl']=getCurrentUrl(); $op="op_list"; op_list(); break; } #將變數送至樣板引擎 #op $smarty->assign("op", $op); /* $WEB['theme_name'] = "admin"; WEB['title'] = "網站名稱"; $WEB['file_name'] = basename ($_SERVER['PHP_SELF']); */ #變數在head.php $smarty->assign("WEB", $WEB); #程式結尾 $smarty->display('theme.html'); #函數 ######################################## # 新增記錄 ######################################## function op_insert() { global $mysqli,$TBL; #資料過濾 #http://php.net/manual/en/mysqli.real-escape-string.php $_POST['title'] = $mysqli->real_escape_string($_POST['title']); $_POST['target'] = intval($_POST['target']); $_POST['enable'] = intval($_POST['enable']); //$_POST['sort'] = intval($_POST['sort']); $_POST['url'] = $mysqli->real_escape_string($_POST['url']); $_POST['sort'] = get_max_sort_show_kind("sort",$TBL); # nav_home => 首頁的選單 $_POST['kind'] = $TBL['kind']; $sql = "insert into `{$TBL['name']}` (`title`, `target`, `enable`, `sort`,`url`,`kind`) VALUES ('{$_POST['title']}', '{$_POST['target']}', '{$_POST['enable']}', '{$_POST['sort']}', '{$_POST['url']}', '{$_POST['kind']}')"; $mysqli->query($sql) or die(printf("Error: %s <br>".$sql, $mysqli->sqlstate)); $sn=$mysqli->insert_id;//傳回insert 指令所產生之流水號 return $sn; } ######################################## # 更新記錄 ######################################## function op_update($sn="") { global $mysqli,$TBL; if(!$sn)redirect_header("index.php",3000,"更新記錄錯誤!!"); #資料過濾 $_POST['sn'] = intval($_POST['sn']); $_POST['title'] = $mysqli->real_escape_string($_POST['title']); $_POST['target'] = intval($_POST['target']); $_POST['enable'] = intval($_POST['enable']); $_POST['sort'] = intval($_POST['sort']); $_POST['url'] = $mysqli->real_escape_string($_POST['url']); $sql = "update `{$TBL['name']}` set `title` = '{$_POST['title']}' , `target` = '{$_POST['target']}', `enable` = '{$_POST['enable']}', `url` = '{$_POST['url']}', `sort` = '{$_POST['sort']}' where sn='{$_POST['sn']}'"; $mysqli->query($sql) or die(printf("Error: %s <br>".$sql, $mysqli->sqlstate)); return $sn; } ############################################################################### # 刪除資料 ############################################################################### function op_delete($sn="") { global $mysqli,$TBL; if(!$sn)redirect_header("index.php",3000,"刪除記錄錯誤!!"); #檢查 $sql = "delete from `{$TBL['name']}` where `sn`='{$sn}'";//die($sql); $mysqli->query($sql) or die(printf("Error: %s <br>".$sql, $mysqli->sqlstate)); return; } ######################################## #取得單筆記錄 ######################################## function get_show_kind($sn="") { global $mysqli,$TBL; if(!$sn)redirect_header("index.php",3000,"查詢選單資料錯誤!!"); $sql = "select * from `{$TBL['name']}` where `sn`='{$sn}' and `kind`='{$TBL['kind']}'"; //$mysqli->query($sql) or die(printf("Error: %s <br>".$sql, $mysqli->sqlstate)); $result = $mysqli->query($sql) or die(printf("Error: %s <br>".$sql, $mysqli->sqlstate)); $DBV = $result->fetch_assoc(); #過濾撈出資料 $DBV['sn'] = intval($DBV['sn']); //http://www.w3school.com.cn/php/func_string_htmlspecialchars.asp $DBV['title'] = htmlspecialchars($DBV['title'], ENT_QUOTES); // 轉換雙引號和單引號 $DBV['url'] = htmlspecialchars($DBV['url'], ENT_QUOTES); // 轉換雙引號和單引號 $DBV['sort'] = intval($DBV['sort']); $DBV['enable'] = intval($DBV['enable']); $DBV['target'] = intval($DBV['target']); return $DBV; } ######################################## # 表單 ######################################## function op_form($sn="") { global $mysqli,$smarty; #抓取預設值 if($sn) { #編輯 $DBV=get_show_kind($sn);//取得單筆記錄 $DBV['op'] = "op_update"; $DBV['form_title'] = "編輯選單"; //print_r($DBV);die(); }else { #新增 $DBV=array(); $DBV['op'] = "op_insert"; $DBV['form_title'] = "新增選單"; } //預設值設定 //標題 title (text)、網址 url (text)、是否外連 target (radio)、是否啟用 enable (radio)、排序 sort(text) $DBV['sn'] = (isset($DBV['sn'])) ? $DBV['sn'] : ""; $DBV['title'] = (isset($DBV['title'])) ? $DBV['title'] : ""; $DBV['enable'] = (isset($DBV['enable'])) ? $DBV['enable'] : "1"; $DBV['target'] = (isset($DBV['target'])) ? $DBV['target'] : "0"; $DBV['url'] = (isset($DBV['url'])) ? $DBV['url'] : ""; $DBV['sort'] = (isset($DBV['sort'])) ? $DBV['sort'] : ""; $smarty->assign("DBV", $DBV); return; } ######################################## # op_show ######################################## function op_show($sn="") { global $mysqli,$smarty,$TBL; if(!$sn)redirect_header("index.php",3000,"查詢選單資料錯誤!!"); #取得單筆記錄,可以寫成函數 #sn ofsn kind title sort enable url target col_sn content $sql = "select * from `{$TBL['name']}` where `sn`='{$sn}' and `kind`='{$TBL['kind']}'"; //$mysqli->query($sql) or die(printf("Error: %s <br>".$sql, $mysqli->sqlstate)); $result = $mysqli->query($sql) or die(printf("Error: %s <br>".$sql, $mysqli->sqlstate)); $DBV = $result->fetch_assoc(); #過濾撈出資料 $DBV['sn'] = intval($DBV['sn']); //http://www.w3school.com.cn/php/func_string_htmlspecialchars.asp $DBV['title'] = htmlspecialchars($DBV['title'], ENT_QUOTES); // 轉換雙引號和單引號 $DBV['url'] = htmlspecialchars($DBV['url'], ENT_QUOTES); // 轉換雙引號和單引號 $DBV['sort'] = intval($DBV['sort']); $DBV['enable'] = $DBV['enable'] ? "是":"<span style='color:red;'>否</span>"; $DBV['target'] = $DBV['target'] ? "是":"<span style='color:red;'>否</span>"; $smarty->assign("DBV", $DBV); return; } ######################################## # 列表 ######################################## function op_list() { global $mysqli,$smarty,$TBL; #取得所有記錄 $sql = "select * from `{$TBL['name']}` where `kind`='{$TBL['kind']}' order by `sort` "; $result = $mysqli->query($sql) or die(printf("Error: %s <br>".$sql, $mysqli->sqlstate)); $DBV=array(); while($row = $result->fetch_assoc()) { #過濾撈出資料 $row['sn'] = intval($row['sn']); //http://www.w3school.com.cn/php/func_string_htmlspecialchars.asp $row['title'] = htmlspecialchars($row['title'], ENT_QUOTES); // 轉換雙引號和單引號 $row['url'] = htmlspecialchars($row['url'], ENT_QUOTES); // 轉換雙引號和單引號 $row['sort'] = intval($row['sort']); $row['enable'] = $row['enable'] ? "是":"<span style='color:red;'>否</span>"; $row['target'] = $row['target'] ? "是":"<span style='color:red;'>否</span>"; $DBV[]= $row; } $smarty->assign("DBV", $DBV); return; }