php在线非注册聊天系统的开发-中

接上一篇，对安全性加以防范，使用mysqli_real_escape_string:

因为只有say.php传入的数据可能有用户的输入，故在say.php加入以下两行：

$_POST[uname]=$mysqli->real_escape_string($_POST[uname]);//Protect SQL Injection
$_POST[text]=$mysqli->real_escape_string($_POST[text]);

另外，为了方便安装，不必手动建立复杂的数据表，写了install.php:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Installing Aspicube WebChat</title>
</head>


<body>
<?php 
require_once 'config.php';
$mysqli=new mysqli($mysql_address,$mysql_username,$mysql_password,$mysql_database);
/* check connection */ 
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$sql="CREATE DATABASE $mysql_database;
USE $mysql_database;
CREATE TABLE msg
(
id INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(id),
uname VARCHAR(10),
text VARCHAR(128),
time DATETIME
);";
$result=$mysqli->query($sql);
if(!$result)die('Please NOT reInstall or Some Errors Occur!');
echo 'Install Finished!';
?>
</body>
</html>