function index_action() { if (front::post('submit')) { if (!front::post('ballot')) { front::alert(lang('Please_select_vote')); return false; } if (config::get('checkip')) { $time=cookie::get('vttime'); if (time() -$time <config::get('timer') * 60) { front::alert(lang('You_have_voted')); return false; } } $bid=front::$post['bid']; if (is_array(front::$post['ballot'])) { $ids=implode(',',front::$post['ballot']); } else { $ids=front::$post['ballot']; } if(preg_match('/(select|union|and|\'|"|\))/i',$ids)){ exit('非法参数'); } if(preg_match('/(select|union|and|\'|"|\))/i',$bid)){ exit('非法参数'); } $where="id in($ids)"; $data='num=num+1'; $option=new option(); $option->rec_update($data,$where); $this->_table->rec_update($data,$bid); cookie::set('vttime',time(),time() +3600 * 24); front::alert(lang('Successful_vote')); } }