public static function quote($input, $convert = true) { if ($convert == true) { $input = util::convert($input); } if (is_array($input)) { foreach ($input as $k => $v) { $input[$k] = util::quote($v, $convert); } } else { $input = "'{$input}'"; } return $input; }
} //检查是否在客户端是否是内网ip //isPrivateIp($_SERVER['REMOTE_ADDR']) || exit('forbbidden'); include_once '../include/config.php'; $dsnName = get($_GET, 'dsn', 'db'); $table = get($_GET, 'table'); $db = pool::db($dsnName); if ('generate' == get($_GET, 'act')) { /** 生成校验函数内字符串 */ foreach ($db->query('show full COLUMNS from ' . $table) as $row) { $type = strpos($row['Type'], '(') !== false ? substr($row['Type'], 0, strpos($row['Type'], '(')) : $row['Type']; $emptyV = $row['Default'] != null ? "'" . $row['Default'] . "'" : (in_array($type, array('tinyint', 'smallint', 'mediumint', 'int', 'bigint', 'decimal', 'float', 'double', 'enum')) ? 'null' : "''"); $checkData .= sprintf("\r\n\t\tcase '%s':\r\n\t\t\t\$arr[\$k]=empty(\$v)?%s:\$v;\r\n\t\tbreak;", $row['Field'], $emptyV); } // 生成基本类 $fields = implode(',', util::quote(array_keys($_POST['field']))); $ds_table = str_replace('_', '/', $table); $mod = SYS_PATH . 'include/' . $ds_table . '.php'; $str = file_get_contents(SYS_PATH . 'tools/code/include.php'); $str = str_replace(array('__dsnName__', '__table__', '__ds_table__', '__fields__', '__checkData__'), array($dsnName, $table, $ds_table, $fields, $checkData), $str, $checkData); file::save($mod, $str); //生成表管理类 $mod = SYS_PATH . 'controller/' . $ds_table . '.php'; $str = file_get_contents(SYS_PATH . 'tools/code/modules.php'); $str = str_replace(array('__table__', '__ds_table__'), array($table, $ds_table), $str); file::save($mod, $str); //模板处理 $option = ''; foreach ($_POST['search'] as $key => $val) { $name = $_POST['field'][$key]; $option .= sprintf('<option value="%s">%s</option>' . "\n", $key, $name);
<?php // Altera o titulo $_SESSION['eload']['title'] = "Cusulta de pedidos - {sitename}"; // carrega o ID da Transação $pedido = JRequest::getvar('pedido', false); // remove os '-' $id = str_replace('-', '', $pedido); // carrega o e-mail $email = JRequest::getvar('email', false); // proteção sql injection jimport('edesktop.util'); $id2 = util::quote($id); $email2 = util::quote($email); // carrega a class jimport('edesktop.programas.loja.pedidos'); // inicia o obj $p = new edesktop_loja_pedidos(); // busca os dados $dados = $p->busca_por_transacaoID($id2, $email2); // verifica a consulta $msg = false; if ($email && !$dados) { $msg = true; } // envia os dados $this->assignRef('msg', $msg); $this->assignRef('dados', $dados); $this->assignRef('pedido', $pedido); $this->assignRef('email', $email);