add.php:
<?php
if($_POST['unum']==$_SESSION["randValid"]){
$username=addslashes(htmlspecialchars($_POST['username']));
$email=addslashes(htmlspecialchars($_POST['email']));
$content=addslashes(htmlspecialchars($_POST['content']));
$userip=$_SERVER["REMOTE_ADDR"];
$ifqqh=$_POST["ifqqh"];
if(empty($ifqqh)) $ifqqh=0;
$systime=date("Y-m-d H:i:s");
if(!empty($content) or !empty($username)){
$ifshow="";
//还原空格和回车
if(!empty($content)){
$content=str_replace(" ","",$content);
$content=ereg_replace("\n","<br> ",ereg_replace(" "," ",$content));
}
if($ifauditing==1){$ifshow=0;}else{$ifshow=1;}
//还原结束
$sql="insert into ".TABLE_PREFIX."guestbook(username,email,content,userip,systime,ifshow,ifqqh)values('".$username."','".$email."','".$content."','".$userip."','".$systime."',".$ifshow.",".$ifqqh.")";
//echo $sql;
$ifqqh=$_POST["ifqqh"];没有过滤。。。。。。。
$sql="insert into ".TABLE_PREFIX."guestbook(username,email,content,userip,systime,ifshow,ifqqh)values('".$username."','".$email."','".$content."','".$userip."','".$systime."',".$ifshow.",".$ifqqh.")";$ifqqh没有用 ' 来包含。不受magic_quotes_gpc影响 |