--- fenglin/bbs/article_service_post.php	2025/04/23 05:51:23	1.1
+++ fenglin/bbs/article_service_post.php	2025/04/27 02:35:47	1.4
@@ -496,7 +496,7 @@
 				exit(json_encode($result_set));
 			}
 
-			$ext = strtolower(substr($filename, (strrpos($filename, ".") ? strrpos($filename, ".") + 1 : 0)));
+			$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
 			switch ($ext)
 			{
 				case "bmp":
@@ -624,7 +624,8 @@
 			$sql = "UPDATE bbs SET reply_count = reply_count + 1,
 					last_reply_dt = NOW(), last_reply_UID=" . $_SESSION["BBS_uid"] .
 					", last_reply_username = '" . $_SESSION["BBS_username"] .
-					"', last_reply_nickname = '$nickname' WHERE Aid = $tid";
+					"', last_reply_nickname = '" . mysqli_real_escape_string($db_conn, $nickname) .
+					"' WHERE Aid = $tid";
 
 			$rs = mysqli_query($db_conn, $sql);
 			if ($rs == false)