Beispiel #1
0
function autoSavePostData($id, $tableName, $fieldNameList)
{
    $sql = '';
    $sql = getPostSql($id, $tableName, $fieldNameList);
    //检测SQL
    if (checkSql($sql) == false) {
        errorLog('出错提示:<hr>sql=' . $sql . '<br>');
        return '';
    }
    //conn.execute(sql)			'checksql这一步就已经执行了不需要再执行了20160410
}
Beispiel #2
0
function XY_AP_GeneralList($action, $tableName, $addSql)
{
    $title = '';
    $topNumb = '';
    $nTop = '';
    $isB = '';
    $sql = '';
    $columnName = '';
    $columnEnName = '';
    $aboutcontent = '';
    $bodyContent = '';
    $showTitle = '';
    $bannerImage = '';
    $smallImage = '';
    $bigImage = '';
    $id = '';
    $defaultStr = '';
    $i = '';
    $j = '';
    $s = '';
    $c = '';
    $startStr = '';
    $endStr = '';
    $url = '';
    $noFollow = '';
    //不追踪 20141222
    $defaultStr = getDefaultValue($action);
    //获得默认内容
    $modI = '';
    //余循环20150112
    $noFollow = aspTrim(lCase(RParam($action, 'noFollow')));
    //不追踪
    $lableTitle = '';
    //标题标题
    $target = '';
    //a链接打开目标方式
    $adddatetime = '';
    //添加时间
    $isFocus = '';
    $fieldNameList = '';
    //字段列表
    $abcolorStr = '';
    //A加粗和颜色
    $atargetStr = '';
    //A链接打开方式
    $atitleStr = '';
    //A链接的title20160407
    $anofollowStr = '';
    //A链接的nofollow
    $splFieldName = '';
    $fieldName = '';
    $replaceStr = '';
    $k = '';
    $idPage = '';
    $tableName = lCase($tableName);
    //转小写
    $fieldNameList = getHandleFieldList($GLOBALS['db_PREFIX'] . $tableName, '字段列表');
    $splFieldName = aspSplit($fieldNameList, ',');
    $topNumb = RParam($action, 'topNumb');
    $nTop = $topNumb;
    if ($nTop != '') {
        $nTop = CInt($nTop);
    } else {
        $nTop = 999;
    }
    if ($sql == '') {
        if ($topNumb != '') {
            $topNumb = ' top ' . $topNumb . ' ';
        }
        $sql = 'Select ' . $topNumb . '* From ' . $GLOBALS['db_PREFIX'] . $tableName;
    }
    //追加sql
    if ($addSql != '') {
        $sql = getWhereAnd($sql, $addSql);
    }
    $sql = replaceGlobleVariable($sql);
    //替换全局变量
    //检测SQL
    if (checkSql($sql) == false) {
        errorLog('出错提示:<br>action=' . $action . '<hr>sql=' . $sql . '<br>');
        return '';
    }
    $rsObj = $GLOBALS['conn']->query($sql);
    for ($i = 1; $i <= @mysql_num_rows($rsObj); $i++) {
        $rs = mysql_fetch_array($rsObj);
        $startStr = '';
        $endStr = '';
        //call echo(sql,i & "," & nTop)
        if ($i > $nTop) {
            break;
        }
        //#【PHP】$rs=mysql_fetch_array($rsObj);                                            //给PHP用,因为在 asptophp转换不完善
        $isFocus = false;
        //交点为假
        $id = $rs['id'];
        //【导航】
        if ($tableName == 'webcolumn') {
            if ($GLOBALS['isMakeHtml'] == true) {
                $url = getRsUrl($rs['filename'], $rs['customaurl'], '/nav' . $rs['id']);
            } else {
                $url = handleWebUrl('?act=nav&columnName=' . $rs['columnname']);
                //会追加gl等参数
                if ($rs['customaurl'] != '') {
                    $url = $rs['customaurl'];
                    $url = replaceGlobleVariable($url);
                }
            }
            //全局栏目名称为空则为自动定位首页 追加(20160128)
            if ($GLOBALS['glb_columnName'] == '' && $rs['columntype'] == '首页') {
                $GLOBALS['glb_columnName'] = $rs['columnname'];
            }
            if ($rs['columnname'] == $GLOBALS['glb_columnName']) {
                $isFocus = true;
            }
            //【文章】
        } else {
            if ($tableName == 'articledetail') {
                if ($GLOBALS['isMakeHtml'] == true) {
                    $url = getRsUrl($rs['filename'], $rs['customaurl'], 'detail/detail' . $rs['id']);
                } else {
                    $url = handleWebUrl('?act=detail&id=' . $rs['id']);
                    //会追加gl等参数
                    if ($rs['customaurl'] != '') {
                        $url = $rs['customaurl'];
                    }
                }
                //评论
            } else {
                if ($tableName == 'tablecomment') {
                }
            }
        }
        //A链接添加颜色
        $abcolorStr = '';
        if (inStr($fieldNameList, ',titlecolor,') > 0) {
            //A链接颜色
            if ($rs['titlecolor'] != '') {
                $abcolorStr = 'color:' . $rs['titlecolor'] . ';';
            }
        }
        if (inStr($fieldNameList, ',flags,') > 0) {
            //A链接加粗
            if (inStr($rs['flags'], '|b|') > 0) {
                $abcolorStr = $abcolorStr . 'font-weight:bold;';
            }
        }
        if ($abcolorStr != '') {
            $abcolorStr = ' style="' . $abcolorStr . '"';
        }
        //打开方式2016
        if (inStr($fieldNameList, ',target,') > 0) {
            $atargetStr = IIF($rs['target'] != '', ' target="' . $rs['target'] . '"', '');
        }
        //A的title
        if (inStr($fieldNameList, ',title,') > 0) {
            $atitleStr = IIF($rs['title'] != '', ' title="' . $rs['title'] . '"', '');
        }
        //A的nofollow
        if (inStr($fieldNameList, ',nofollow,') > 0) {
            $anofollowStr = IIF($rs['nofollow'] != 0, ' rel="nofollow"', '');
        }
        //交点判断(给栏目导航用的)
        if ($isFocus == true) {
            $startStr = '[list-focus]';
            $endStr = '[/list-focus]';
        } else {
            $startStr = '[list-' . $i . ']';
            $endStr = '[/list-' . $i . ']';
        }
        //在最后时排序当前交点20160202
        if ($i == $topNumb && $isFocus == false) {
            $startStr = '[list-end]';
            $endStr = '[/list-end]';
        }
        //例[list-mod2]  [/list-mod2]    20150112
        for ($modI = 6; $modI >= 2; $modI--) {
            if (inStr($defaultStr, $startStr) == false && $i % $modI == 0) {
                $startStr = '[list-mod' . $modI . ']';
                $endStr = '[/list-mod' . $modI . ']';
                if (inStr($defaultStr, $startStr) > 0) {
                    break;
                }
            }
        }
        //没有则用默认
        if (inStr($defaultStr, $startStr) == false) {
            $startStr = '[list]';
            $endStr = '[/list]';
        }
        if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
            $s = StrCut($defaultStr, $startStr, $endStr, 2);
            $s = replaceValueParam($s, 'i', $i);
            //循环编号
            $s = replaceValueParam($s, '编号', $i);
            //循环编号
            $s = replaceValueParam($s, 'id', $rs['id']);
            //id编号 因为获得字段他不获得id
            $s = replaceValueParam($s, 'url', $url);
            //网址
            $s = replaceValueParam($s, 'aurl', 'href="' . $url . '"');
            //网址
            $s = replaceValueParam($s, 'abcolor', $abcolorStr);
            //A链接加颜色与加粗
            $s = replaceValueParam($s, 'atitle', $atitleStr);
            //A链接title
            $s = replaceValueParam($s, 'anofollow', $anofollowStr);
            //A链接nofollow
            $s = replaceValueParam($s, 'atarget', $atargetStr);
            //A链接打开方式
            for ($k = 0; $k <= uBound($splFieldName); $k++) {
                if ($splFieldName[$k] != '') {
                    $fieldName = $splFieldName[$k];
                    $replaceStr = $rs[$fieldName] . '';
                    $s = replaceValueParam($s, $fieldName, $replaceStr);
                }
            }
            //开始位置加Dialog内容
            $startStr = '[list-' . $i . ' startdialog]';
            $endStr = '[/list-' . $i . ' startdialog]';
            if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
                $s = StrCut($defaultStr, $startStr, $endStr, 2) . $s;
            }
            //结束位置加Dialog内容
            $startStr = '[list-' . $i . ' enddialog]';
            $endStr = '[/list-' . $i . ' enddialog]';
            if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
                $s = $s . StrCut($defaultStr, $startStr, $endStr, 2);
            }
            //加控制
            //【导航】
            if ($tableName == 'webcolumn') {
                $url = WEB_ADMINURL . '?act=addEditHandle&actionType=WebColumn&lableTitle=网站栏目&nPageSize=10&page=&id=' . $rs['id'] . '&n=' . getRnd(11);
                //【评论】
            } else {
                if ($tableName == 'tablecomment') {
                    $idPage = getThisIdPage($GLOBALS['db_PREFIX'] . $tableName, $rs['id'], 10);
                    $url = WEB_ADMINURL . '?act=addEditHandle&actionType=TableComment&lableTitle=评论&nPageSize=10&parentid=&searchfield=bodycontent&keyword=&addsql=&page=' . $idPage . '&id=' . $rs['id'] . '&n=' . getRnd(11);
                    //【文章】
                } else {
                    if ($tableName == 'articledetail') {
                        $idPage = getThisIdPage($GLOBALS['db_PREFIX'] . $tableName, $rs['id'], 10);
                        $url = WEB_ADMINURL . '?act=addEditHandle&actionType=ArticleDetail&lableTitle=分类信息&nPageSize=10&page=' . $idPage . '&parentid=' . $rs['parentid'] . '&id=' . $rs['id'] . '&n=' . getRnd(11);
                        $s = replaceValueParam($s, 'columnurl', getColumnUrl($rs['parentid'], ''));
                        //文章对应栏目URL 20160304
                        $s = replaceValueParam($s, 'columnname', getColumnName($rs['parentid']));
                        //文章对应栏目名称 20160304
                    }
                }
            }
            $s = handleDisplayOnlineEditDialog($url, $s, '', 'div|li|span');
            //处理是否添加在线修改管理器
            $c = $c . $s;
        }
    }
    //开始内容加Dialog内容
    $startStr = '[dialog start]';
    $endStr = '[/dialog start]';
    if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
        $c = StrCut($defaultStr, $startStr, $endStr, 2) . $c;
    }
    //结束内容加Dialog内容
    $startStr = '[dialog end]';
    $endStr = '[/dialog end]';
    if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
        $c = $c . StrCut($defaultStr, $startStr, $endStr, 2);
    }
    $XY_AP_GeneralList = $c;
    return @$XY_AP_GeneralList;
}
Beispiel #3
0
function executeSQL()
{
    $sqlvalue = '';
    $sqlvalue = 'delete from ' . $GLOBALS['db_PREFIX'] . 'WebSiteStat';
    if (@$_REQUEST['sqlvalue'] != '') {
        $sqlvalue = @$_REQUEST['sqlvalue'];
        $GLOBALS['conn='] = OpenConn();
        //检测SQL
        if (checkSql($sqlvalue) == false) {
            errorLog('出错提示:<br>sql=' . $sqlvalue . '<br>');
            return '';
        }
        aspEcho('执行SQL语句成功', $sqlvalue);
    }
    if (@$_SESSION['adminusername'] == 'ASPPHPCMS') {
        Rw('<form id="form1" name="form1" method="post" action="?act=executeSQL"  onSubmit="if(confirm(\'你确定要操作吗?\\n操作后将不可恢复\')){return true}else{return false}">SQL<input name="sqlvalue" type="text" id="sqlvalue" value="' . $sqlvalue . '" size="80%" /><input type="submit" name="button" id="button" value="执行" /></form>');
    } else {
        Rw('你没有权限执行SQL语句');
    }
}
Beispiel #4
0
function getDetailList($action, $content, $actionName, $lableTitle, $fieldNameList, $nPageSize, $nPage, $addSql)
{
    $GLOBALS['conn='] = OpenConn();
    $defaultStr = '';
    $i = '';
    $s = '';
    $c = '';
    $tableName = '';
    $j = '';
    $splxx = '';
    $sql = '';
    $x = '';
    $url = '';
    $nCount = '';
    $pageInfo = '';
    $modI = '';
    $startStr = '';
    $endStr = '';
    $fieldName = '';
    //字段名称
    $splFieldName = '';
    //分割字段
    $replaceStr = '';
    //替换字符
    $tableName = lCase($actionName);
    //表名称
    $listFileName = '';
    //列表文件名称
    $listFileName = RParam($action, 'listFileName');
    $abcolorStr = '';
    //A加粗和颜色
    $atargetStr = '';
    //A链接打开方式
    $atitleStr = '';
    //A链接的title20160407
    $anofollowStr = '';
    //A链接的nofollow
    $id = '';
    $idPage = '';
    $id = rq('id');
    checkIDSQL(@$_REQUEST['id']);
    if ($fieldNameList == '*') {
        $fieldNameList = getHandleFieldList($GLOBALS['db_PREFIX'] . $tableName, '字段列表');
    }
    $fieldNameList = specialStrReplace($fieldNameList);
    //特殊字符处理
    $splFieldName = aspSplit($fieldNameList, ',');
    //字段分割成数组
    $defaultStr = getStrCut($content, '<!--#body start#-->', '<!--#body end#-->', 2);
    $pageInfo = getStrCut($content, '[page]', '[/page]', 1);
    if ($pageInfo != '') {
        $content = replace($content, $pageInfo, '');
    }
    //call eerr("pageInfo",pageInfo)
    $sql = 'select * from ' . $GLOBALS['db_PREFIX'] . $tableName . ' ' . $addSql;
    //检测SQL
    if (checkSql($sql) == false) {
        errorLog('出错提示:<br>sql=' . $sql . '<br>');
        return '';
    }
    $rsObj = $GLOBALS['conn']->query($sql);
    $rs = mysql_fetch_array($rsObj);
    $nCount = @mysql_num_rows($rsObj);
    //为动态翻页网址
    if ($GLOBALS['isMakeHtml'] == true) {
        $url = '';
        if (len($listFileName) > 5) {
            $url = mid($listFileName, 1, len($listFileName) - 5) . '[id].html';
            $url = urlAddHttpUrl($GLOBALS['cfg_webSiteUrl'], $url);
        }
    } else {
        $url = getUrlAddToParam(getUrl(), '?page=[id]', 'replace');
    }
    $content = replace($content, '[$pageInfo$]', webPageControl($nCount, $nPageSize, $nPage, $url, $pageInfo));
    if (EDITORTYPE == 'asp') {
        $x = getRsPageNumber($rs, $nCount, $nPageSize, $nPage);
        //获得Rs页数                                                  '记录总数
    } else {
        if ($nPage != '') {
            $nPage = $nPage - 1;
        }
        $sql = 'select * from ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' ' . $addSql . ' limit ' . $nPageSize * $nPage . ',' . $nPageSize;
        $rsObj = $GLOBALS['conn']->query($sql);
        $rs = mysql_fetch_array($rsObj);
        $x = @mysql_num_rows($rsObj);
    }
    //call echo("sql",sql)
    for ($i = 1; $i <= $x; $i++) {
        $rs = mysql_fetch_array($rsObj);
        //给PHP用,因为在 asptophp转换不完善
        $startStr = '[list-' . $i . ']';
        $endStr = '[/list-' . $i . ']';
        //在最后时排序当前交点20160202
        if ($i == $x) {
            $startStr = '[list-end]';
            $endStr = '[/list-end]';
        }
        //例[list-mod2]  [/list-mod2]    20150112
        for ($modI = 6; $modI >= 2; $modI--) {
            if (inStr($defaultStr, $startStr) == false && $i % $modI == 0) {
                $startStr = '[list-mod' . $modI . ']';
                $endStr = '[/list-mod' . $modI . ']';
                if (inStr($defaultStr, $startStr) > 0) {
                    break;
                }
            }
        }
        //没有则用默认
        if (inStr($defaultStr, $startStr) == false || $startStr == '') {
            $startStr = '[list]';
            $endStr = '[/list]';
        }
        if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
            $s = StrCut($defaultStr, $startStr, $endStr, 2);
            //s = defaultStr
            $s = replace($s, '[$id$]', $rs['id']);
            for ($j = 0; $j <= uBound($splFieldName); $j++) {
                if ($splFieldName[$j] != '') {
                    $splxx = aspSplit($splFieldName[$j] . '|||', '|');
                    $fieldName = $splxx[0];
                    $replaceStr = $rs[$fieldName] . '';
                    $s = replaceValueParam($s, $fieldName, $replaceStr);
                }
                if ($GLOBALS['isMakeHtml'] == true) {
                    $url = getHandleRsUrl($rs['filename'], $rs['customaurl'], '/detail/detail' . $rs['id']);
                } else {
                    $url = handleWebUrl('?act=detail&id=' . $rs['id']);
                    if ($rs['customaurl'] != '') {
                        $url = $rs['customaurl'];
                    }
                }
                //A链接添加颜色
                $abcolorStr = '';
                if (inStr($fieldNameList, ',titlecolor,') > 0) {
                    //A链接颜色
                    if ($rs['titlecolor'] != '') {
                        $abcolorStr = 'color:' . $rs['titlecolor'] . ';';
                    }
                }
                if (inStr($fieldNameList, ',flags,') > 0) {
                    //A链接加粗
                    if (inStr($rs['flags'], '|b|') > 0) {
                        $abcolorStr = $abcolorStr . 'font-weight:bold;';
                    }
                }
                if ($abcolorStr != '') {
                    $abcolorStr = ' style="' . $abcolorStr . '"';
                }
                //打开方式2016
                if (inStr($fieldNameList, ',target,') > 0) {
                    $atargetStr = IIF($rs['target'] != '', ' target="' . $rs['target'] . '"', '');
                }
                //A的title
                if (inStr($fieldNameList, ',title,') > 0) {
                    $atitleStr = IIF($rs['title'] != '', ' title="' . $rs['title'] . '"', '');
                }
                //A的nofollow
                if (inStr($fieldNameList, ',nofollow,') > 0) {
                    $anofollowStr = IIF($rs['nofollow'] != 0, ' rel="nofollow"', '');
                }
                $s = replaceValueParam($s, 'url', $url);
                $s = replaceValueParam($s, 'abcolor', $abcolorStr);
                //A链接加颜色与加粗
                $s = replaceValueParam($s, 'atitle', $atitleStr);
                //A链接title
                $s = replaceValueParam($s, 'anofollow', $anofollowStr);
                //A链接nofollow
                $s = replaceValueParam($s, 'atarget', $atargetStr);
                //A链接打开方式
            }
        }
        //call echo("tableName",tableName)
        $idPage = getThisIdPage($GLOBALS['db_PREFIX'] . $tableName, $rs['id'], 10);
        //【留言】
        if ($tableName == 'guestbook') {
            $url = WEB_ADMINURL . '?act=addEditHandle&actionType=GuestBook&lableTitle=留言&nPageSize=10&parentid=&searchfield=bodycontent&keyword=&addsql=&page=' . $idPage . '&id=' . $rs['id'] . '&n=' . getRnd(11);
            //【默认显示文章】
        } else {
            $url = WEB_ADMINURL . '?act=addEditHandle&actionType=ArticleDetail&lableTitle=分类信息&nPageSize=10&page=' . $idPage . '&parentid=' . $rs['parentid'] . '&id=' . $rs['id'] . '&n=' . getRnd(11);
        }
        $s = handleDisplayOnlineEditDialog($url, $s, '', 'div|li|span');
        $c = $c . $s;
    }
    $content = replace($content, '<!--#body start#-->' . $defaultStr . '<!--#body end#-->', $c);
    if ($GLOBALS['isMakeHtml'] == true) {
        $url = '';
        if (len($listFileName) > 5) {
            $url = mid($listFileName, 1, len($listFileName) - 5) . '[id].html';
            $url = urlAddHttpUrl($GLOBALS['cfg_webSiteUrl'], $url);
        }
    } else {
        $url = getUrlAddToParam(getUrl(), '?page=[id]', 'replace');
    }
    $getDetailList = $content;
    return @$getDetailList;
}
function readon($server)
{
    echo "<span id=connect>Connected.<br></span>";
    while ($GLOBALS['connected']) {
        $line = read($server);
        $line = trim($line);
        if ($line != "") {
            if (strpos($line, ":!:ping:!:") !== false) {
                write(":!:pong:!:", $server);
            } else {
                if (strpos($line, ":!:hangup:!:") !== false) {
                    $GLOBALS['connected'] = false;
                } else {
                    if (strpos($line, ":!:players:!:") !== false) {
                        disPlayers(substr($line, 13));
                    } else {
                        if (strpos($line, ":!:info:!:") !== false) {
                            echo "<span id=info>" . substr($line, 10) . "</span><br>";
                        } else {
                            echo "<span id=gos>" . $line . "</span><br>";
                        }
                    }
                }
            }
        }
        checkSql($server);
        ob_flush();
        flush();
        echo " <script language=javascript>window.scroll(0,50000);</script>";
        sleep(1);
    }
}
Beispiel #6
0
        @($userID = trim($_GET['userID']));
        try {
            if (checkSql($userID) || ($dataArr = rankList($type, $userID)) < 1) {
                exit(getJsonResult($gNoData));
            }
            $dataArr['success'] = true;
            exit(getJsonResult($dataArr, true));
        } catch (Exception $e) {
            exit(getJsonResult($gSysError));
        }
        break;
    case 'historydata':
        @($type = trim($_GET['type']));
        @($date = trim($_GET['date']));
        try {
            if ($date == '' || checkSql($date) || ($dataArr = historydata($type, $date)) < 1) {
                exit(getJsonResult($gNoData));
            }
            $dataArr['success'] = true;
            exit(getJsonResult($dataArr, true));
        } catch (Exception $e) {
            exit(getJsonResult($gSysError));
        }
    default:
        dsRequest();
        break;
}
// 检查sql注入
function checkSql($sql_str)
{
    return eregi('select|insert|update|delete|\'|\\/\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile', $sql_str);
function importTXTData($content, $tableName, $sType)
{
    $fieldConfigList = '';
    $splList = '';
    $listStr = '';
    $splStr = '';
    $splxx = '';
    $s = '';
    $sql = '';
    $nOK = '';
    $fieldName = '';
    $fieldType = '';
    $fieldValue = '';
    $addFieldList = '';
    $addValueList = '';
    $updateValueList = '';
    $fieldStr = '';
    $tableName = aspTrim(lCase($tableName));
    //表
    //这样做是为了从GitHub下载时它把vbcrlf转成 chr(10)  20160409
    if (inStr($content, vbCrlf()) == false) {
        $content = replace($content, chr(10), vbCrlf());
    }
    $fieldConfigList = lCase(getFieldConfigList($GLOBALS['db_PREFIX'] . $tableName));
    $splStr = aspSplit($fieldConfigList, ',');
    $splList = aspSplit($content, vbCrlf() . '-------------------------------');
    $nOK = 0;
    foreach ($splList as $key => $listStr) {
        $addFieldList = '';
        //添加字段列表清空
        $addValueList = '';
        //添加字段列表值
        $updateValueList = '';
        //修改字段列表
        $s = lCase(newGetStrCut($listStr, '#stop#'));
        if ($s != '1' && $s != 'true') {
            foreach ($splStr as $key => $fieldStr) {
                if ($fieldStr != '') {
                    $splxx = aspSplit($fieldStr, '|');
                    $fieldName = $splxx[0];
                    $fieldType = $splxx[1];
                    if (inStr($listStr, '【' . $fieldName . '】') > 0) {
                        $listStr = $listStr . vbCrlf();
                        //加个换行是为了让最后一个参数能添加进去 20160629
                        if ($addFieldList != '') {
                            $addFieldList = $addFieldList . ',';
                            $addValueList = $addValueList . ',';
                            $updateValueList = $updateValueList . ',';
                        }
                        $addFieldList = $addFieldList . $fieldName;
                        $fieldValue = newGetStrCut($listStr, $fieldName);
                        if ($fieldType == 'textarea') {
                            $fieldValue = contentTranscoding($fieldValue);
                        }
                        //call echo(tableName,fieldName)
                        //文章大类
                        if (($tableName == 'articledetail' || $tableName == 'webcolumn') && $fieldName == 'parentid') {
                            //call echo(tableName,fieldName)
                            //call echo("fieldValue",fieldValue)
                            $fieldValue = getColumnId($fieldValue);
                            //call echo("fieldValue",fieldValue)
                            //后台菜单
                        } else {
                            if ($tableName == 'listmenu' && $fieldName == 'parentid') {
                                $fieldValue = getListMenuId($fieldValue);
                            }
                        }
                        if ($fieldType == 'date' && $fieldValue == '') {
                            $fieldValue = aspDate();
                        } else {
                            if (($fieldType == 'time' || $fieldType == 'now') && $fieldValue == '') {
                                $fieldValue = now();
                            }
                        }
                        if ($fieldType != 'yesno' && $fieldType != 'numb') {
                            $fieldValue = '\'' . $fieldValue . '\'';
                            //默认数值类型为0
                        } else {
                            if ($fieldValue == '') {
                                $fieldValue = 0;
                            }
                        }
                        $addValueList = $addValueList . $fieldValue;
                        //添加值
                        $updateValueList = $updateValueList . $fieldName . '=' . $fieldValue;
                        //修改值
                    }
                }
            }
            //字段列表不为空
            if ($addFieldList != '') {
                if ($sType == '修改') {
                    $sql = 'update ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' set ' . $updateValueList;
                } else {
                    $sql = 'insert into ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' (' . $addFieldList . ') values(' . $addValueList . ')';
                }
                //检测SQL
                if (checkSql($sql) == false) {
                    eerr('出错提示', '<hr>sql=' . $sql . '<br>');
                }
                $nOK = $nOK + 1;
            } else {
                $nOK = batchImportColumnList($splStr, $listStr, $nOK, $tableName);
            }
        }
    }
    $importTXTData = $nOK;
    //call echo("sql",sql)
    //call echo("addFieldList",addFieldList)
    //call echo("updateValueList",updateValueList)
    return @$importTXTData;
}
Beispiel #8
0
        @($type = trim($_GET['type']));
        @($userID = trim($_GET['userID']));
        try {
            if ($type == '' || checkSql($userID) || ($dataArr = myHistoryRank($type, $userID)) == null) {
                exit(getJsonResult($gNoData));
            }
            $dataArr['success'] = true;
            exit(getJsonResult($dataArr, true));
        } catch (Exception $e) {
            exit(getJsonResult($gSysError));
        }
        break;
    case 'account':
        @($userID = trim($_GET['userID']));
        try {
            if ($userID == '' || checkSql($userID) || ($dataArr = account($userID)) < 1) {
                exit(getJsonResult($gNoData));
            }
            $dataArr['success'] = true;
            exit(getJsonResult($dataArr, true));
        } catch (Exception $e) {
            exit(getJsonResult($gSysError));
        }
        break;
    default:
        break;
}
// 检查sql注入
function checkSql($sql_str)
{
    return eregi('select|insert|update|delete|\'|\\/\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile', $sql_str);