public function postComment() { if (ip_access_limit(C('IP_ACCESS_INTERVAL'))) { $post = D('Comment'); $this->ajaxReturn($post->addContent(), 'JSON'); } else { $ajax['status'] = -3; $ajax['info'] = '访问超速,请稍候再试!'; $this->ajaxReturn($ajax, 'JSON'); } }
<?php include '../inc/config_w.php'; if (!ip_access_limit()) { die('cs'); } $title = $_POST['title']; $author = $_POST['author']; $tag = $_POST['tag']; $des = $_POST['des']; $content = $_POST['content']; $class = $_POST['class']; $color = $_POST['color']; $ext = $_POST['ext']; if (!get_magic_quotes_gpc()) { $title = addslashes($_POST['title']); $author = addslashes($_POST['author']); $tag = addslashes($_POST['tag']); $des = addslashes($_POST['des']); $content = addslashes($_POST['content']); $class = (int) addslashes($_POST['class']); $color = addslashes($_POST['color']); $ext = addslashes($_POST['ext']); } if (ltrim($content)) { $error = -11; $link = mysql_connect(HOST . ':' . PORT, USER, PASSWORD); if ($link) { mysql_select_db(DATABASE, $link); mysql_query("INSERT INTO `" . WALL . "` SET `title` = '" . $title . "', `author` = '" . $author . "', `tag` = '" . $tag . "', `des` = '" . $des . "', `content` = '" . $content . "', `class` = '" . $class . "', `color` = '" . $color . "', `ext` = '" . $ext . "', `ctime`= '" . time() . "',`top` = '0', `click` = '0', `good` = '0', `time` = '" . time() . "'"); $error = mysql_errno();