/**
* 检测查询是否合法
*
* @access private
* @param string $sql 查询语句
* @return bool
*/
private function checkQuery($sql)
{
static $status = null, $checkcmd = array('SELECT', 'UPDATE', 'INSERT', 'REPLACE', 'DELETE');
global $_FANWE;
if ($status === null) {
$status = $_FANWE['config']['security']['query']['status'];
}
if ($status) {
$cmd = trim(strtoupper(substr($sql, 0, strpos($sql, ' '))));
if (in_array($cmd, $checkcmd)) {
$test = FDB::_doQuerySafe($sql);
//if($test < 1)
//FDB::_execute('halt', 'security_error', $sql);
}
}
return true;
}
