tianya
3 years ago
3 changed files with 9 additions and 1 deletions
Unified View
Diff Options
-
+4 -0src/admin/sys_info.php
-
+4 -0src/system/database/dedesqli.class.php
-
+1 -1src/system/database/dedesqlite.class.php
+ 4
- 0
src/admin/sys_info.php
View File
| @@ -32,6 +32,7 @@ function ReWriteConfig() | |||||
| if ($row['value'] == '') $row['value'] = 0; | if ($row['value'] == '') $row['value'] = 0; | ||||
| fwrite($fp, "\${$row['varname']} = ".$row['value'].";\r\n"); | fwrite($fp, "\${$row['varname']} = ".$row['value'].";\r\n"); | ||||
| } else { | } else { | ||||
| $row['value'] = stripslashes($row['value']); | |||||
| fwrite($fp, "\${$row['varname']} = '".str_replace("'", '', $row['value'])."';\r\n"); | fwrite($fp, "\${$row['varname']} = '".str_replace("'", '', $row['value'])."';\r\n"); | ||||
| } | } | ||||
| } | } | ||||
| @@ -49,6 +50,9 @@ if ($dopost == "save") { | |||||
| continue; | continue; | ||||
| } | } | ||||
| $k = preg_replace("#^edit___#", "", $k); | $k = preg_replace("#^edit___#", "", $k); | ||||
| $v = $dsql->Esc($v); | |||||
| $k = $dsql->Esc($k); | |||||
| $dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='$v' WHERE varname='$k' "); | $dsql->ExecuteNoneQuery("UPDATE `#@__sysconfig` SET `value`='$v' WHERE varname='$k' "); | ||||
| } | } | ||||
| ReWriteConfig(); | ReWriteConfig(); | ||||
+ 4
- 0
src/system/database/dedesqli.class.php
View File
| @@ -189,6 +189,10 @@ class DedeSqli | |||||
| function Esc($_str) | function Esc($_str) | ||||
| { | { | ||||
| global $dsqli; | |||||
| if (!$dsqli->isInit) { | |||||
| $this->Init($this->pconnect); | |||||
| } | |||||
| if (version_compare(phpversion(), '4.3.0', '>=')) { | if (version_compare(phpversion(), '4.3.0', '>=')) { | ||||
| return @mysqli_real_escape_string($this->linkID, $_str); | return @mysqli_real_escape_string($this->linkID, $_str); | ||||
| } else { | } else { | ||||
+ 1
- 1
src/system/database/dedesqlite.class.php
View File
| @@ -163,7 +163,7 @@ class DedeSqlite | |||||
| function Esc($_str) | function Esc($_str) | ||||
| { | { | ||||
| return addslashes($_str); | |||||
| return $this->linkID->escapeString($_str); | |||||
| } | } | ||||
| //执行一个不返回结果的SQL语句,如update,delete,insert等 | //执行一个不返回结果的SQL语句,如update,delete,insert等 | ||||