function getsetsqlarr($valuearr) { $setsqlarr = array(); if (!empty($valuearr)) { foreach ($valuearr as $value) { if (isset($_POST[$value['fieldname']])) { if (!preg_match("/^(img|flash|file)\$/i", $value['formtype'])) { //提交来后的数据过滤 if (preg_match("/^(VARCHAR|CHAR|TEXT|MEDIUMTEXT|LONGTEXT)\$/i", $value['fieldtype'])) { if ($value['formtype'] == 'checkbox') { $_POST[$value['fieldname']] = implode("\n", shtmlspecialchars($_POST[$value['fieldname']])); } if (empty($value['ishtml'])) { $_POST[$value['fieldname']] = shtmlspecialchars(trim($_POST[$value['fieldname']])); } else { $_POST[$value['fieldname']] = trim($_POST[$value['fieldname']]); } if (!empty($value['isbbcode'])) { $_POST[$value['fieldname']] = modeldiscuzcode($_POST[$value['fieldname']]); } } elseif (preg_match("/^(TINYINT|SMALLINT|MEDIUMINT|INT|BIGINT)\$/i", $value['fieldtype'])) { $_POST[$value['fieldname']] = intval($_POST[$value['fieldname']]); } $setsqlarr[$value['fieldname']] = $_POST[$value['fieldname']]; } } } } return $setsqlarr; }
$thevalue = sstripslashes(unserialize($thevalue['message'])); } else { if ($wheresqlstr != 1) { $wheresqlstr = 'i.' . $wheresqlstr; } $query = $_SGLOBAL['db']->query('SELECT ii.*, i.* FROM ' . tname($resultmodels['modelname'] . 'message') . ' ii ' . 'LEFT JOIN ' . tname($resultmodels['modelname'] . 'items') . ' i ON i.itemid=ii.itemid ' . 'WHERE ii.itemid=\'' . $itemid . '\' AND ' . $wheresqlstr); $thevalue = $_SGLOBAL['db']->fetch_array($query); } if (empty($thevalue)) { showmessage('no_item_or_no_prem', S_URL . '/' . $theurl); } $tmpmessage = $thevalue['message']; if (!empty($thevalue)) { foreach ($thevalue as $tmpkey => $tmpvalue) { if (!empty($cacheinfo['columns'][$tmpkey]['isbbcode'])) { $thevalue[$tmpkey] = modeldiscuzcode($tmpvalue, 'de'); } } } $thevalue = shtmlspecialchars($thevalue); $thevalue['message'] = $tmpmessage; } } elseif ($_GET['op'] == 'add') { $thevalue = array('itemid' => 0, 'catid' => 0, 'subject' => '', 'dateline' => $_SGLOBAL['timestamp'], 'allowreply' => '1', 'replynum' => 0, 'tid' => 0, 'grade' => 0, 'message' => '', 'subjectimage' => ''); foreach ($resultmodelcolumns as $value) { if (!preg_match("/^(TEXT|MEDIUMTEXT|LONGTEXT)\$/i", $value['fieldtype'])) { $thevalue[$value['fieldname']] = $value['formtype'] != 'timestamp' ? $value['fielddefault'] : $_SGLOBAL['timestamp']; } else { $thevalue[$value['fieldname']] = ''; } }