/** * 检测查询是否合法 * * @access private * @param string $sql 查询语句 * @return bool */ private function checkQuery($sql) { static $status = null, $checkcmd = array('SELECT', 'UPDATE', 'INSERT', 'REPLACE', 'DELETE'); global $_FANWE; if ($status === null) { $status = $_FANWE['config']['security']['query']['status']; } if ($status) { $cmd = trim(strtoupper(substr($sql, 0, strpos($sql, ' ')))); if (in_array($cmd, $checkcmd)) { $test = FDB::_doQuerySafe($sql); //if($test < 1) //FDB::_execute('halt', 'security_error', $sql); } } return true; }