質問編集履歴
1
いいね用のformを追加
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -18,11 +18,29 @@
|
|
|
18
18
|
name : 投稿者名
|
|
19
19
|
created_at : 日付
|
|
20
20
|
message : 投稿内容
|
|
21
|
+
good : いいね回数
|
|
21
22
|
*/
|
|
23
|
+
|
|
24
|
+
$_SESSION['csrf-good'] = bin2hex(random_bytes(32));
|
|
22
25
|
|
|
23
26
|
try {
|
|
24
27
|
$pdo = 'DB接続の記述';
|
|
25
28
|
$sql = "SELECT * FROM net";
|
|
29
|
+
|
|
30
|
+
//●追加start
|
|
31
|
+
if($_SESSION['csrf-good'] === $_POST['csrf-good']) {
|
|
32
|
+
$sql = "
|
|
33
|
+
UPDATE net
|
|
34
|
+
SET good = good + 1
|
|
35
|
+
WHERE id = :id"
|
|
36
|
+
;
|
|
37
|
+
|
|
38
|
+
$stmt = $pdo->prepare($sql);
|
|
39
|
+
$stmt->bindValue(':id' , $_POST['id'] , PDO::PARAM_INT);
|
|
40
|
+
$stmt->execute();
|
|
41
|
+
}
|
|
42
|
+
//追加end
|
|
43
|
+
|
|
26
44
|
|
|
27
45
|
$stmt = $pdo->prepare($sql);
|
|
28
46
|
$stmt->execute();
|
|
@@ -35,7 +53,16 @@
|
|
|
35
53
|
foreach($stmt as $row) {
|
|
36
54
|
echo '<p>ID:' . $row['id'] . '-' . $row['name'] . '-' . $row['created_at'] . '</p>';
|
|
37
55
|
echo '<p>' . $row['message'] . '</p>';
|
|
56
|
+
|
|
57
|
+
//●変更・追加start
|
|
58
|
+
echo '<form method="post">';
|
|
38
|
-
|
|
59
|
+
echo '<input type="hidden" name="csrf-good" value="' . $_SESSION['csrf-good'] .'">';
|
|
60
|
+
echo '<input type="hidden" name="id" value="' . $row['id'] . '">' . $row['good'];
|
|
61
|
+
echo '<input type="submit" name="good" value="いいね">';
|
|
62
|
+
echo '</form>';
|
|
63
|
+
//変更・追加end
|
|
64
|
+
|
|
65
|
+
</button>';
|
|
39
66
|
}
|
|
40
67
|
|
|
41
68
|
|