Authentication and Authorization

profileKingZone Deft
movie-list.php

<?php $method = empty($_GET['method'])?null:$_GET['method'] ; $type = empty($_GET['type'])?null:$_GET['type'] ; $post_method = $_SERVER['REQUEST_METHOD'] == 'POST' ? true : false ; if($post_method==true){ $method = empty($_POST['method'])?null:$_POST['method'] ; $type = empty($_POST['type'])?null:$_POST['type'] ; } if(empty($method) && $type=="ajax"){ echo "mehoth id error"; exit; } if($method=="delete"){ $id = empty($_POST['id'])?0:$_POST['id'] ; if(empty($id)){ tojson("id is not null",400) ; } $arr = db_query("select * from movie where id=".$id) ; if(empty($arr)){ tojson("record is null",400) ; } $rs = db_delete(sprintf("delete from movie where id = %d", $id)) ; if($rs>0){ tojson("delete success",200) ; }else{ tojson("delete fail",400) ; } } if($method=="add"){ $name = empty($_POST['name'])?"":$_POST['name'] ; if(empty($name)){ tojson("name is null",400) ; } $public_year = empty($_POST['public_year'])?"":$_POST['public_year'] ; $star = empty($_POST['star'])?"":$_POST['star'] ; $desc = empty($_POST['desc'])?"":$_POST['desc'] ; $image = empty($_POST['image'])?"":$_POST['image'] ; $insert_sql = sprintf("insert into movie(`name`,`public_year`,`star`,`desc`,`image`) values('%s', '%s', '%s', '%s', '%s')", $name, $public_year,$star,$desc,$image); $rs = db_insert($insert_sql) ; if($rs>0){ tojson("add success",200) ; }else{ tojson("add fail",400) ; } } if($method=="edit"){ $id = empty($_POST['id'])?"":$_POST['id'] ; if(empty($id)){ tojson("id is null",400) ; } $name = empty($_POST['name'])?"":$_POST['name'] ; if(empty($name)){ tojson("name is not null",400) ; } $arr = db_query("select * from movie where id=".$id) ; if(empty($arr)){ tojson("record is null",400) ; } $public_year = empty($_POST['public_year'])?"":$_POST['public_year'] ; $star = empty($_POST['star'])?"":$_POST['star'] ; $desc = empty($_POST['desc'])?"":$_POST['desc'] ; $image = empty($_POST['image'])?"":$_POST['image'] ; $update_sql = sprintf("update movie set `name` = '%s',`public_year`= '%s',`star`= '%s',`desc`= '%s',`image`= '%s' where id = %d",$name, $public_year,$star,$desc,$image, $id); $rs = db_update($update_sql) ; if($rs>0){ tojson("update success",200) ; }else{ tojson("update fail",400) ; } } function moive_list(){ $arr = db_query("select * from movie order by id desc") ; return $arr ; } function moive_one($id){ if(empty($id)){ echo "id is null"; exit; } $arr = db_query("select * from movie where id=".$id) ; if(!empty($arr) && !empty(current($arr))){ return current($arr) ; }else{ echo "no data"; exit; } } function tojson($msg="success",$code=200,$data=[]){ header('Content-Type:application/json; charset=utf-8'); $arr = ["code"=>$code,"msg"=>$msg,"data"=>$data]; exit(json_encode($arr,JSON_UNESCAPED_UNICODE)); } function db(){ $db = array( 'host' => '127.0.0.1', 'port' => '3306', 'dbname' => 'movie', 'username' => 'root', 'password' => '', 'charset' => 'utf8', ); $link = mysqli_connect($db['host'], $db['username'], $db['password']) or die( 'Could not connect: ' . mysqli_error ($link)); mysqli_select_db($link, $db['dbname']) or die ( 'Can\'t use foo : ' . mysqli_error ($link)); mysqli_set_charset($link, $db['charset']); return $link ; } function db_query($sql){ $link = db() ; $result = mysqli_query($link, $sql); $arr = []; while ($row = mysqli_fetch_assoc($result)){ $arr[] = $row ; } return $arr ; mysqli_close($link); } function db_delete($sql){ $link = db() ; mysqli_query($link,$sql); return $affected_rows = mysqli_affected_rows($link); } function db_insert($sql){ $link = db() ; mysqli_query($link, $sql) or die(mysqli_error($link)); $affected_rows = mysqli_affected_rows($link); $id = mysqli_insert_id($link); return $id ; } function db_update($sql){ $link = db() ; mysqli_query($link, $sql) or die(mysqli_error($link)); $affected_rows = mysqli_affected_rows($link); return $affected_rows ; }