function autoSavePostData($id, $tableName, $fieldNameList)
{
$sql = '';
$sql = getPostSql($id, $tableName, $fieldNameList);
//检测SQL
if (checkSql($sql) == false) {
errorLog('出错提示:<hr>sql=' . $sql . '<br>');
return '';
}
//conn.execute(sql) 'checksql这一步就已经执行了不需要再执行了20160410
}
function XY_AP_GeneralList($action, $tableName, $addSql)
{
$title = '';
$topNumb = '';
$nTop = '';
$isB = '';
$sql = '';
$columnName = '';
$columnEnName = '';
$aboutcontent = '';
$bodyContent = '';
$showTitle = '';
$bannerImage = '';
$smallImage = '';
$bigImage = '';
$id = '';
$defaultStr = '';
$i = '';
$j = '';
$s = '';
$c = '';
$startStr = '';
$endStr = '';
$url = '';
$noFollow = '';
//不追踪 20141222
$defaultStr = getDefaultValue($action);
//获得默认内容
$modI = '';
//余循环20150112
$noFollow = aspTrim(lCase(RParam($action, 'noFollow')));
//不追踪
$lableTitle = '';
//标题标题
$target = '';
//a链接打开目标方式
$adddatetime = '';
//添加时间
$isFocus = '';
$fieldNameList = '';
//字段列表
$abcolorStr = '';
//A加粗和颜色
$atargetStr = '';
//A链接打开方式
$atitleStr = '';
//A链接的title20160407
$anofollowStr = '';
//A链接的nofollow
$splFieldName = '';
$fieldName = '';
$replaceStr = '';
$k = '';
$idPage = '';
$tableName = lCase($tableName);
//转小写
$fieldNameList = getHandleFieldList($GLOBALS['db_PREFIX'] . $tableName, '字段列表');
$splFieldName = aspSplit($fieldNameList, ',');
$topNumb = RParam($action, 'topNumb');
$nTop = $topNumb;
if ($nTop != '') {
$nTop = CInt($nTop);
} else {
$nTop = 999;
}
if ($sql == '') {
if ($topNumb != '') {
$topNumb = ' top ' . $topNumb . ' ';
}
$sql = 'Select ' . $topNumb . '* From ' . $GLOBALS['db_PREFIX'] . $tableName;
}
//追加sql
if ($addSql != '') {
$sql = getWhereAnd($sql, $addSql);
}
$sql = replaceGlobleVariable($sql);
//替换全局变量
//检测SQL
if (checkSql($sql) == false) {
errorLog('出错提示:<br>action=' . $action . '<hr>sql=' . $sql . '<br>');
return '';
}
$rsObj = $GLOBALS['conn']->query($sql);
for ($i = 1; $i <= @mysql_num_rows($rsObj); $i++) {
$rs = mysql_fetch_array($rsObj);
$startStr = '';
$endStr = '';
//call echo(sql,i & "," & nTop)
if ($i > $nTop) {
break;
}
//#【PHP】$rs=mysql_fetch_array($rsObj); //给PHP用,因为在 asptophp转换不完善
$isFocus = false;
//交点为假
$id = $rs['id'];
//【导航】
if ($tableName == 'webcolumn') {
if ($GLOBALS['isMakeHtml'] == true) {
$url = getRsUrl($rs['filename'], $rs['customaurl'], '/nav' . $rs['id']);
} else {
$url = handleWebUrl('?act=nav&columnName=' . $rs['columnname']);
//会追加gl等参数
if ($rs['customaurl'] != '') {
$url = $rs['customaurl'];
$url = replaceGlobleVariable($url);
}
}
//全局栏目名称为空则为自动定位首页 追加(20160128)
if ($GLOBALS['glb_columnName'] == '' && $rs['columntype'] == '首页') {
$GLOBALS['glb_columnName'] = $rs['columnname'];
}
if ($rs['columnname'] == $GLOBALS['glb_columnName']) {
$isFocus = true;
}
//【文章】
} else {
if ($tableName == 'articledetail') {
if ($GLOBALS['isMakeHtml'] == true) {
$url = getRsUrl($rs['filename'], $rs['customaurl'], 'detail/detail' . $rs['id']);
} else {
$url = handleWebUrl('?act=detail&id=' . $rs['id']);
//会追加gl等参数
if ($rs['customaurl'] != '') {
$url = $rs['customaurl'];
}
}
//评论
} else {
if ($tableName == 'tablecomment') {
}
}
}
//A链接添加颜色
$abcolorStr = '';
if (inStr($fieldNameList, ',titlecolor,') > 0) {
//A链接颜色
if ($rs['titlecolor'] != '') {
$abcolorStr = 'color:' . $rs['titlecolor'] . ';';
}
}
if (inStr($fieldNameList, ',flags,') > 0) {
//A链接加粗
if (inStr($rs['flags'], '|b|') > 0) {
$abcolorStr = $abcolorStr . 'font-weight:bold;';
}
}
if ($abcolorStr != '') {
$abcolorStr = ' style="' . $abcolorStr . '"';
}
//打开方式2016
if (inStr($fieldNameList, ',target,') > 0) {
$atargetStr = IIF($rs['target'] != '', ' target="' . $rs['target'] . '"', '');
}
//A的title
if (inStr($fieldNameList, ',title,') > 0) {
$atitleStr = IIF($rs['title'] != '', ' title="' . $rs['title'] . '"', '');
}
//A的nofollow
if (inStr($fieldNameList, ',nofollow,') > 0) {
$anofollowStr = IIF($rs['nofollow'] != 0, ' rel="nofollow"', '');
}
//交点判断(给栏目导航用的)
if ($isFocus == true) {
$startStr = '[list-focus]';
$endStr = '[/list-focus]';
} else {
$startStr = '[list-' . $i . ']';
$endStr = '[/list-' . $i . ']';
}
//在最后时排序当前交点20160202
if ($i == $topNumb && $isFocus == false) {
$startStr = '[list-end]';
$endStr = '[/list-end]';
}
//例[list-mod2] [/list-mod2] 20150112
for ($modI = 6; $modI >= 2; $modI--) {
if (inStr($defaultStr, $startStr) == false && $i % $modI == 0) {
$startStr = '[list-mod' . $modI . ']';
$endStr = '[/list-mod' . $modI . ']';
if (inStr($defaultStr, $startStr) > 0) {
break;
}
}
}
//没有则用默认
if (inStr($defaultStr, $startStr) == false) {
$startStr = '[list]';
$endStr = '[/list]';
}
if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
$s = StrCut($defaultStr, $startStr, $endStr, 2);
$s = replaceValueParam($s, 'i', $i);
//循环编号
$s = replaceValueParam($s, '编号', $i);
//循环编号
$s = replaceValueParam($s, 'id', $rs['id']);
//id编号 因为获得字段他不获得id
$s = replaceValueParam($s, 'url', $url);
//网址
$s = replaceValueParam($s, 'aurl', 'href="' . $url . '"');
//网址
$s = replaceValueParam($s, 'abcolor', $abcolorStr);
//A链接加颜色与加粗
$s = replaceValueParam($s, 'atitle', $atitleStr);
//A链接title
$s = replaceValueParam($s, 'anofollow', $anofollowStr);
//A链接nofollow
$s = replaceValueParam($s, 'atarget', $atargetStr);
//A链接打开方式
for ($k = 0; $k <= uBound($splFieldName); $k++) {
if ($splFieldName[$k] != '') {
$fieldName = $splFieldName[$k];
$replaceStr = $rs[$fieldName] . '';
$s = replaceValueParam($s, $fieldName, $replaceStr);
}
}
//开始位置加Dialog内容
$startStr = '[list-' . $i . ' startdialog]';
$endStr = '[/list-' . $i . ' startdialog]';
if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
$s = StrCut($defaultStr, $startStr, $endStr, 2) . $s;
}
//结束位置加Dialog内容
$startStr = '[list-' . $i . ' enddialog]';
$endStr = '[/list-' . $i . ' enddialog]';
if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
$s = $s . StrCut($defaultStr, $startStr, $endStr, 2);
}
//加控制
//【导航】
if ($tableName == 'webcolumn') {
$url = WEB_ADMINURL . '?act=addEditHandle&actionType=WebColumn&lableTitle=网站栏目&nPageSize=10&page=&id=' . $rs['id'] . '&n=' . getRnd(11);
//【评论】
} else {
if ($tableName == 'tablecomment') {
$idPage = getThisIdPage($GLOBALS['db_PREFIX'] . $tableName, $rs['id'], 10);
$url = WEB_ADMINURL . '?act=addEditHandle&actionType=TableComment&lableTitle=评论&nPageSize=10&parentid=&searchfield=bodycontent&keyword=&addsql=&page=' . $idPage . '&id=' . $rs['id'] . '&n=' . getRnd(11);
//【文章】
} else {
if ($tableName == 'articledetail') {
$idPage = getThisIdPage($GLOBALS['db_PREFIX'] . $tableName, $rs['id'], 10);
$url = WEB_ADMINURL . '?act=addEditHandle&actionType=ArticleDetail&lableTitle=分类信息&nPageSize=10&page=' . $idPage . '&parentid=' . $rs['parentid'] . '&id=' . $rs['id'] . '&n=' . getRnd(11);
$s = replaceValueParam($s, 'columnurl', getColumnUrl($rs['parentid'], ''));
//文章对应栏目URL 20160304
$s = replaceValueParam($s, 'columnname', getColumnName($rs['parentid']));
//文章对应栏目名称 20160304
}
}
}
$s = handleDisplayOnlineEditDialog($url, $s, '', 'div|li|span');
//处理是否添加在线修改管理器
$c = $c . $s;
}
}
//开始内容加Dialog内容
$startStr = '[dialog start]';
$endStr = '[/dialog start]';
if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
$c = StrCut($defaultStr, $startStr, $endStr, 2) . $c;
}
//结束内容加Dialog内容
$startStr = '[dialog end]';
$endStr = '[/dialog end]';
if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
$c = $c . StrCut($defaultStr, $startStr, $endStr, 2);
}
$XY_AP_GeneralList = $c;
return @$XY_AP_GeneralList;
}
function executeSQL()
{
$sqlvalue = '';
$sqlvalue = 'delete from ' . $GLOBALS['db_PREFIX'] . 'WebSiteStat';
if (@$_REQUEST['sqlvalue'] != '') {
$sqlvalue = @$_REQUEST['sqlvalue'];
$GLOBALS['conn='] = OpenConn();
//检测SQL
if (checkSql($sqlvalue) == false) {
errorLog('出错提示:<br>sql=' . $sqlvalue . '<br>');
return '';
}
aspEcho('执行SQL语句成功', $sqlvalue);
}
if (@$_SESSION['adminusername'] == 'ASPPHPCMS') {
Rw('<form id="form1" name="form1" method="post" action="?act=executeSQL" onSubmit="if(confirm(\'你确定要操作吗?\\n操作后将不可恢复\')){return true}else{return false}">SQL<input name="sqlvalue" type="text" id="sqlvalue" value="' . $sqlvalue . '" size="80%" /><input type="submit" name="button" id="button" value="执行" /></form>');
} else {
Rw('你没有权限执行SQL语句');
}
}
function getDetailList($action, $content, $actionName, $lableTitle, $fieldNameList, $nPageSize, $nPage, $addSql)
{
$GLOBALS['conn='] = OpenConn();
$defaultStr = '';
$i = '';
$s = '';
$c = '';
$tableName = '';
$j = '';
$splxx = '';
$sql = '';
$x = '';
$url = '';
$nCount = '';
$pageInfo = '';
$modI = '';
$startStr = '';
$endStr = '';
$fieldName = '';
//字段名称
$splFieldName = '';
//分割字段
$replaceStr = '';
//替换字符
$tableName = lCase($actionName);
//表名称
$listFileName = '';
//列表文件名称
$listFileName = RParam($action, 'listFileName');
$abcolorStr = '';
//A加粗和颜色
$atargetStr = '';
//A链接打开方式
$atitleStr = '';
//A链接的title20160407
$anofollowStr = '';
//A链接的nofollow
$id = '';
$idPage = '';
$id = rq('id');
checkIDSQL(@$_REQUEST['id']);
if ($fieldNameList == '*') {
$fieldNameList = getHandleFieldList($GLOBALS['db_PREFIX'] . $tableName, '字段列表');
}
$fieldNameList = specialStrReplace($fieldNameList);
//特殊字符处理
$splFieldName = aspSplit($fieldNameList, ',');
//字段分割成数组
$defaultStr = getStrCut($content, '<!--#body start#-->', '<!--#body end#-->', 2);
$pageInfo = getStrCut($content, '[page]', '[/page]', 1);
if ($pageInfo != '') {
$content = replace($content, $pageInfo, '');
}
//call eerr("pageInfo",pageInfo)
$sql = 'select * from ' . $GLOBALS['db_PREFIX'] . $tableName . ' ' . $addSql;
//检测SQL
if (checkSql($sql) == false) {
errorLog('出错提示:<br>sql=' . $sql . '<br>');
return '';
}
$rsObj = $GLOBALS['conn']->query($sql);
$rs = mysql_fetch_array($rsObj);
$nCount = @mysql_num_rows($rsObj);
//为动态翻页网址
if ($GLOBALS['isMakeHtml'] == true) {
$url = '';
if (len($listFileName) > 5) {
$url = mid($listFileName, 1, len($listFileName) - 5) . '[id].html';
$url = urlAddHttpUrl($GLOBALS['cfg_webSiteUrl'], $url);
}
} else {
$url = getUrlAddToParam(getUrl(), '?page=[id]', 'replace');
}
$content = replace($content, '[$pageInfo$]', webPageControl($nCount, $nPageSize, $nPage, $url, $pageInfo));
if (EDITORTYPE == 'asp') {
$x = getRsPageNumber($rs, $nCount, $nPageSize, $nPage);
//获得Rs页数 '记录总数
} else {
if ($nPage != '') {
$nPage = $nPage - 1;
}
$sql = 'select * from ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' ' . $addSql . ' limit ' . $nPageSize * $nPage . ',' . $nPageSize;
$rsObj = $GLOBALS['conn']->query($sql);
$rs = mysql_fetch_array($rsObj);
$x = @mysql_num_rows($rsObj);
}
//call echo("sql",sql)
for ($i = 1; $i <= $x; $i++) {
$rs = mysql_fetch_array($rsObj);
//给PHP用,因为在 asptophp转换不完善
$startStr = '[list-' . $i . ']';
$endStr = '[/list-' . $i . ']';
//在最后时排序当前交点20160202
if ($i == $x) {
$startStr = '[list-end]';
$endStr = '[/list-end]';
}
//例[list-mod2] [/list-mod2] 20150112
for ($modI = 6; $modI >= 2; $modI--) {
if (inStr($defaultStr, $startStr) == false && $i % $modI == 0) {
$startStr = '[list-mod' . $modI . ']';
$endStr = '[/list-mod' . $modI . ']';
if (inStr($defaultStr, $startStr) > 0) {
break;
}
}
}
//没有则用默认
if (inStr($defaultStr, $startStr) == false || $startStr == '') {
$startStr = '[list]';
$endStr = '[/list]';
}
if (inStr($defaultStr, $startStr) > 0 && inStr($defaultStr, $endStr) > 0) {
$s = StrCut($defaultStr, $startStr, $endStr, 2);
//s = defaultStr
$s = replace($s, '[$id$]', $rs['id']);
for ($j = 0; $j <= uBound($splFieldName); $j++) {
if ($splFieldName[$j] != '') {
$splxx = aspSplit($splFieldName[$j] . '|||', '|');
$fieldName = $splxx[0];
$replaceStr = $rs[$fieldName] . '';
$s = replaceValueParam($s, $fieldName, $replaceStr);
}
if ($GLOBALS['isMakeHtml'] == true) {
$url = getHandleRsUrl($rs['filename'], $rs['customaurl'], '/detail/detail' . $rs['id']);
} else {
$url = handleWebUrl('?act=detail&id=' . $rs['id']);
if ($rs['customaurl'] != '') {
$url = $rs['customaurl'];
}
}
//A链接添加颜色
$abcolorStr = '';
if (inStr($fieldNameList, ',titlecolor,') > 0) {
//A链接颜色
if ($rs['titlecolor'] != '') {
$abcolorStr = 'color:' . $rs['titlecolor'] . ';';
}
}
if (inStr($fieldNameList, ',flags,') > 0) {
//A链接加粗
if (inStr($rs['flags'], '|b|') > 0) {
$abcolorStr = $abcolorStr . 'font-weight:bold;';
}
}
if ($abcolorStr != '') {
$abcolorStr = ' style="' . $abcolorStr . '"';
}
//打开方式2016
if (inStr($fieldNameList, ',target,') > 0) {
$atargetStr = IIF($rs['target'] != '', ' target="' . $rs['target'] . '"', '');
}
//A的title
if (inStr($fieldNameList, ',title,') > 0) {
$atitleStr = IIF($rs['title'] != '', ' title="' . $rs['title'] . '"', '');
}
//A的nofollow
if (inStr($fieldNameList, ',nofollow,') > 0) {
$anofollowStr = IIF($rs['nofollow'] != 0, ' rel="nofollow"', '');
}
$s = replaceValueParam($s, 'url', $url);
$s = replaceValueParam($s, 'abcolor', $abcolorStr);
//A链接加颜色与加粗
$s = replaceValueParam($s, 'atitle', $atitleStr);
//A链接title
$s = replaceValueParam($s, 'anofollow', $anofollowStr);
//A链接nofollow
$s = replaceValueParam($s, 'atarget', $atargetStr);
//A链接打开方式
}
}
//call echo("tableName",tableName)
$idPage = getThisIdPage($GLOBALS['db_PREFIX'] . $tableName, $rs['id'], 10);
//【留言】
if ($tableName == 'guestbook') {
$url = WEB_ADMINURL . '?act=addEditHandle&actionType=GuestBook&lableTitle=留言&nPageSize=10&parentid=&searchfield=bodycontent&keyword=&addsql=&page=' . $idPage . '&id=' . $rs['id'] . '&n=' . getRnd(11);
//【默认显示文章】
} else {
$url = WEB_ADMINURL . '?act=addEditHandle&actionType=ArticleDetail&lableTitle=分类信息&nPageSize=10&page=' . $idPage . '&parentid=' . $rs['parentid'] . '&id=' . $rs['id'] . '&n=' . getRnd(11);
}
$s = handleDisplayOnlineEditDialog($url, $s, '', 'div|li|span');
$c = $c . $s;
}
$content = replace($content, '<!--#body start#-->' . $defaultStr . '<!--#body end#-->', $c);
if ($GLOBALS['isMakeHtml'] == true) {
$url = '';
if (len($listFileName) > 5) {
$url = mid($listFileName, 1, len($listFileName) - 5) . '[id].html';
$url = urlAddHttpUrl($GLOBALS['cfg_webSiteUrl'], $url);
}
} else {
$url = getUrlAddToParam(getUrl(), '?page=[id]', 'replace');
}
$getDetailList = $content;
return @$getDetailList;
}
function readon($server)
{
echo "<span id=connect>Connected.<br></span>";
while ($GLOBALS['connected']) {
$line = read($server);
$line = trim($line);
if ($line != "") {
if (strpos($line, ":!:ping:!:") !== false) {
write(":!:pong:!:", $server);
} else {
if (strpos($line, ":!:hangup:!:") !== false) {
$GLOBALS['connected'] = false;
} else {
if (strpos($line, ":!:players:!:") !== false) {
disPlayers(substr($line, 13));
} else {
if (strpos($line, ":!:info:!:") !== false) {
echo "<span id=info>" . substr($line, 10) . "</span><br>";
} else {
echo "<span id=gos>" . $line . "</span><br>";
}
}
}
}
}
checkSql($server);
ob_flush();
flush();
echo " <script language=javascript>window.scroll(0,50000);</script>";
sleep(1);
}
}
@($userID = trim($_GET['userID']));
try {
if (checkSql($userID) || ($dataArr = rankList($type, $userID)) < 1) {
exit(getJsonResult($gNoData));
}
$dataArr['success'] = true;
exit(getJsonResult($dataArr, true));
} catch (Exception $e) {
exit(getJsonResult($gSysError));
}
break;
case 'historydata':
@($type = trim($_GET['type']));
@($date = trim($_GET['date']));
try {
if ($date == '' || checkSql($date) || ($dataArr = historydata($type, $date)) < 1) {
exit(getJsonResult($gNoData));
}
$dataArr['success'] = true;
exit(getJsonResult($dataArr, true));
} catch (Exception $e) {
exit(getJsonResult($gSysError));
}
default:
dsRequest();
break;
}
// 检查sql注入
function checkSql($sql_str)
{
return eregi('select|insert|update|delete|\'|\\/\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile', $sql_str);
function importTXTData($content, $tableName, $sType)
{
$fieldConfigList = '';
$splList = '';
$listStr = '';
$splStr = '';
$splxx = '';
$s = '';
$sql = '';
$nOK = '';
$fieldName = '';
$fieldType = '';
$fieldValue = '';
$addFieldList = '';
$addValueList = '';
$updateValueList = '';
$fieldStr = '';
$tableName = aspTrim(lCase($tableName));
//表
//这样做是为了从GitHub下载时它把vbcrlf转成 chr(10) 20160409
if (inStr($content, vbCrlf()) == false) {
$content = replace($content, chr(10), vbCrlf());
}
$fieldConfigList = lCase(getFieldConfigList($GLOBALS['db_PREFIX'] . $tableName));
$splStr = aspSplit($fieldConfigList, ',');
$splList = aspSplit($content, vbCrlf() . '-------------------------------');
$nOK = 0;
foreach ($splList as $key => $listStr) {
$addFieldList = '';
//添加字段列表清空
$addValueList = '';
//添加字段列表值
$updateValueList = '';
//修改字段列表
$s = lCase(newGetStrCut($listStr, '#stop#'));
if ($s != '1' && $s != 'true') {
foreach ($splStr as $key => $fieldStr) {
if ($fieldStr != '') {
$splxx = aspSplit($fieldStr, '|');
$fieldName = $splxx[0];
$fieldType = $splxx[1];
if (inStr($listStr, '【' . $fieldName . '】') > 0) {
$listStr = $listStr . vbCrlf();
//加个换行是为了让最后一个参数能添加进去 20160629
if ($addFieldList != '') {
$addFieldList = $addFieldList . ',';
$addValueList = $addValueList . ',';
$updateValueList = $updateValueList . ',';
}
$addFieldList = $addFieldList . $fieldName;
$fieldValue = newGetStrCut($listStr, $fieldName);
if ($fieldType == 'textarea') {
$fieldValue = contentTranscoding($fieldValue);
}
//call echo(tableName,fieldName)
//文章大类
if (($tableName == 'articledetail' || $tableName == 'webcolumn') && $fieldName == 'parentid') {
//call echo(tableName,fieldName)
//call echo("fieldValue",fieldValue)
$fieldValue = getColumnId($fieldValue);
//call echo("fieldValue",fieldValue)
//后台菜单
} else {
if ($tableName == 'listmenu' && $fieldName == 'parentid') {
$fieldValue = getListMenuId($fieldValue);
}
}
if ($fieldType == 'date' && $fieldValue == '') {
$fieldValue = aspDate();
} else {
if (($fieldType == 'time' || $fieldType == 'now') && $fieldValue == '') {
$fieldValue = now();
}
}
if ($fieldType != 'yesno' && $fieldType != 'numb') {
$fieldValue = '\'' . $fieldValue . '\'';
//默认数值类型为0
} else {
if ($fieldValue == '') {
$fieldValue = 0;
}
}
$addValueList = $addValueList . $fieldValue;
//添加值
$updateValueList = $updateValueList . $fieldName . '=' . $fieldValue;
//修改值
}
}
}
//字段列表不为空
if ($addFieldList != '') {
if ($sType == '修改') {
$sql = 'update ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' set ' . $updateValueList;
} else {
$sql = 'insert into ' . $GLOBALS['db_PREFIX'] . '' . $tableName . ' (' . $addFieldList . ') values(' . $addValueList . ')';
}
//检测SQL
if (checkSql($sql) == false) {
eerr('出错提示', '<hr>sql=' . $sql . '<br>');
}
$nOK = $nOK + 1;
} else {
$nOK = batchImportColumnList($splStr, $listStr, $nOK, $tableName);
}
}
}
$importTXTData = $nOK;
//call echo("sql",sql)
//call echo("addFieldList",addFieldList)
//call echo("updateValueList",updateValueList)
return @$importTXTData;
}
@($type = trim($_GET['type']));
@($userID = trim($_GET['userID']));
try {
if ($type == '' || checkSql($userID) || ($dataArr = myHistoryRank($type, $userID)) == null) {
exit(getJsonResult($gNoData));
}
$dataArr['success'] = true;
exit(getJsonResult($dataArr, true));
} catch (Exception $e) {
exit(getJsonResult($gSysError));
}
break;
case 'account':
@($userID = trim($_GET['userID']));
try {
if ($userID == '' || checkSql($userID) || ($dataArr = account($userID)) < 1) {
exit(getJsonResult($gNoData));
}
$dataArr['success'] = true;
exit(getJsonResult($dataArr, true));
} catch (Exception $e) {
exit(getJsonResult($gSysError));
}
break;
default:
break;
}
// 检查sql注入
function checkSql($sql_str)
{
return eregi('select|insert|update|delete|\'|\\/\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile', $sql_str);
