来自:heige's Blog
post.php:
f(!$C_errormsg) {
if($postid) {
$sql='select post_content,post_date,user_name from '.__TAB_POST__.' where post_id='.$postid;
$result=$db->sql_query($sql);
$rows=$db->sql_fetchrow($result);
$qcontent=preg_replace("/\[quote\](.*)\[\/quote\]/is","",$rows['post_content']);
$qtime=date("Y-n-j G:i",$rows['date']);
$articlecontent='\n";
}
if($postid) {
$sql='select post_content,post_date,user_name from '.__TAB_POST__.' where post_id='.$postid;
$result=$db->sql_query($sql);
$rows=$db->sql_fetchrow($result);
$qcontent=preg_replace("/\[quote\](.*)\[\/quote\]/is","",$rows['post_content']);
$qtime=date("Y-n-j G:i",$rows['date']);
$articlecontent='
引用
引用'.$rows['user_name'].'于'.$qtime."发表的文章: \n".$qcontent."
}
$postid没过滤:
msgbox.php:
}elseif($action=='read') {
$sql="select msg_id from ".__TAB_MSG__." where user_name='".$_SESSION['username']."' and msg_id>$msgid and msg_kind='$kind' order by msg_id limit 1";
$result=$db->sql_query($sql);
$rows=$db->sql_fetchrow($result);
$nextmsgid=$rows['msg_id'];
$sql="select msg_id from ".__TAB_MSG__." where user_name='".$_SESSION['username']."' and msg_id>$msgid and msg_kind='$kind' order by msg_id limit 1";
$result=$db->sql_query($sql);
$rows=$db->sql_fetchrow($result);
$nextmsgid=$rows['msg_id'];
$msgid没过滤
