<?php
/*
整体配置文件
*/
/*将当前文件所在的路径赋值于PATH这个变量,这里注意的是FILE前后是双下划线*/
define("PATH", dirname(__FILE__));
/*包含数据库连接类这个文件*/
include(PATH . '/db.class.php');
/*生成一个db的对象*/
$db = new db();
// if (isset($_POST['action']) =='addRunner') {
if ($_POST['action'] =='addRunner') {
//htmlspecialchars() 函数把预定义的字符转换为 HTML 实体,以避免注入攻击;
$fname= htmlspecialchars($_POST["txtFirstName"]);
$lname= htmlspecialchars($_POST["txtLastName"]);
$gender= htmlspecialchars($_POST["ddlGender"]);
$minutes=htmlspecialchars($_POST["txtMinutes"]);
$seconds= htmlspecialchars($_POST["txtSeconds"]);
//正则,用这个中文字符就不能进来
// if (preg_match('/[^\w\s]/i',$fname) || preg_match('/[^\w\s]/i',$lname)) {
// fail('Invalid name provided');
// }
if (empty($fname) ||empty($lname)) {
fail('please enter name');
}
if (empty($gender)) {
fail('please select a gender');
}
$time=$minutes.":".$seconds;
// $sql = "insert into runners set first_name='$fname',last_name='$lname',gender='$gender',finish_time='$time'";
$sql = "insert into runners (first_name,last_name,gender,finish_time) values ('$fname','$lname','$gender','$time')";
$result=$db->query($sql);
if ($result) {
$msg = "runner:".$fname."+".$lname." add successfully";
success($msg);
echo "1 record added";
} else {
fail("insert faild");
}
exit;
// } elseif (isset($_GET['action']) =='getRunners') {
} elseif ($_GET['action'] =='getRunners') {
// header('Content-Type:text/json');//以前需要,现在不需要这个
$sql = "select first_name,last_name,gender,finish_time from runners order by finish_time";
$result = $db->query($sql);
//一个空数组
$runners = array();
//循环,把每一条记录都写进数组$runners
while($row = $result->fetch_array(MYSQLI_ASSOC)){
array_push($runners,array('fname'=>$row['first_name'],'lname'=>$row['last_name'],'gender'=>$row['gender'],'time'=>$row['finish_time']));
}
echo json_encode(array('runners'=>$runners));
exit;
}
function fail($message){
die(json_encode(array("status"=>"fail","message"=>$message)));
}
function success($message){
die(json_encode(array("status"=>"success","message"=>$message)));
}
?>