From 20f21476f65fb406bad53774a6d9eb42d60c1831 Mon Sep 17 00:00:00 2001 From: leoandshaw Date: Wed, 17 Jun 2015 13:36:49 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E5=8F=98=E6=9B=B4result()=E5=87=BD?= =?UTF-8?q?=E6=95=B0=EF=BC=8C=E5=8E=9F=E5=87=BD=E6=95=B0=E6=9B=B4=E5=90=8D?= =?UTF-8?q?=E4=B8=BAresult=5Fold()?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 变更说明:表单合法性检查在客户端完成; 简化转义操作;简化SQL语句生成(原代码更名为result_old()) 后续问题:表单结构名称发生变化,需要更改数据库user_info1和user_info2两个表结构 --- public/join/aef-include/ticket.class.php | 68 +++++++++++++++++++++++- 1 file changed, 66 insertions(+), 2 deletions(-) diff --git a/public/join/aef-include/ticket.class.php b/public/join/aef-include/ticket.class.php index 9f72014..a7bf982 100644 --- a/public/join/aef-include/ticket.class.php +++ b/public/join/aef-include/ticket.class.php @@ -83,11 +83,75 @@ private function CheckIsQQ($str) return (preg_match("/^[1-9][0-9]{4,}$/", $str)) ? true : false; } - + /* 变更说明:表单合法性检查在客户端完成; 简化转义操作;简化SQL语句生成(原代码更名为result_old())*/ + /* 后续问题:表单结构名称发生变化,需要更改数据库user_info1和user_info2两个表结构*/ private function result() { $data = $_REQUEST; + $DB = new MySql(['MODE' => 'WRITE', 'DEBUG' => DEBUG]); + $ip = new IP(['ONLYIP' => true, 'ECHO' => false]); + $DB->query("SET NAMES utf8"); + + //字符转义操作 + foreach($data as $key=>$value) + { + $data[$key] = $DB->escapeSQL($value); + } + //SQL语句生成 表单名称前缀为info1_插入user_info1表,前缀为info2_插入user_info2表 + $info1_key = "INSERT INTO `user_info1` (`id`; + $info1_val = ") VALUES (null"; + $info2_key = "INSERT INTO `user_info2` (`id`; + $info2_val = ") VALUES (null"; + foreach($data as $key=>$value) + { + if(is_numeric(strpos($key,"info1_"))){ + $info1_key = $info1_key.",".substr($key,6); + $info1_val = $info1_val.",'".$value."'"; + } + else if(is_numeric(strpos($key,"info2_"))){ + $info2_key = $info2_key.",".substr($key,6); + $info2_val = $info2_val.",'".$value."'"; + } + } + $sql1 = $info1_key.$info1_val.");"; + $DB->query($sql1); + $id = $DB->insert_id(); + $info2_key = $info2_key.",uid"; + $info2_val = $info2_val.",'".$id."'"; + $sql2 = $info2_key.$info2_val.");"; + $exec = $DB->query($sql); + if ($exec) { + if ($this->args['DEBUG']) { + $error['title'] = "调试信息"; + $message[] = "SQL: $sql"; + $message[] = "SQL ERROR: $DB->geterror()"; + $message[] = "REQUEST ARGU: $this->args"; + $message[] = "IP: $ip->result"; + $message[] = "DEBUG DATA: " . Debug::theDebug(); + $message[] = "UA INFO: " . $_SERVER['HTTP_USER_AGENT']; + $error['message'] = $message; + core::message($error); + } else { + $ret['extra']['desc'] = "报名成功。"; + $ret['extra']['code'] = 200; + core::json($ret); + } + } else { + //若失败插入失败查询 + $sql = "INSERT INTO `error` (`id` ,`username`, `qq`, `phone`, `ip`, `date`) VALUES (NULL, '$FullName', '$QQNumber', '$CellPhone', " . ip2long($ip->result) . ", CURRENT_TIMESTAMP);"; + $DB->query($sql); + $ret['extra']['desc'] = "提交数据出现问题。"; + $ret['extra']['code'] = 500; + core::json($ret); + } + } + + + private function result_old() + { + $data = $_REQUEST; + $FullName = $data['f1']; $Age = $data['f3']; $Gender = $data['f2']; @@ -367,4 +431,4 @@ private function result() core::json($ret); } } -} \ No newline at end of file +} From 05248a1b28cc1fb4d45c2ac34de8794543de7782 Mon Sep 17 00:00:00 2001 From: leoandshaw Date: Wed, 17 Jun 2015 16:41:59 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=BA=86=E8=AF=AD?= =?UTF-8?q?=E6=B3=95=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- public/join/aef-include/ticket.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/public/join/aef-include/ticket.class.php b/public/join/aef-include/ticket.class.php index a7bf982..4f5b415 100644 --- a/public/join/aef-include/ticket.class.php +++ b/public/join/aef-include/ticket.class.php @@ -99,9 +99,9 @@ private function result() $data[$key] = $DB->escapeSQL($value); } //SQL语句生成 表单名称前缀为info1_插入user_info1表,前缀为info2_插入user_info2表 - $info1_key = "INSERT INTO `user_info1` (`id`; + $info1_key = "INSERT INTO user_info1 (id"; $info1_val = ") VALUES (null"; - $info2_key = "INSERT INTO `user_info2` (`id`; + $info2_key = "INSERT INTO user_info2 (id"; $info2_val = ") VALUES (null"; foreach($data as $key=>$value) {