--- fenglin/bbs/ch_username_sub.php	2004/12/05 10:00:19	1.3
+++ fenglin/bbs/ch_username_sub.php	2025/03/12 13:28:32	1.7
@@ -11,37 +11,38 @@ if ($_SESSION["BBS_uid"]==0)
 } 
 
 $permit = false;
-if (ereg("^[A-Za-z]{3,12}$",$_SESSION["BBS_username"]))
+if (preg_match("/^[A-Za-z]{3,12}$/",$_SESSION["BBS_username"]))
 {
-	error_msg ("ÄúÎÞÈ¨ÐÞ¸ÄÓÃ»§Ãû£¡", true);
+	error_msg ("æ‚¨æ— æƒä¿®æ”¹ç”¨æˆ·åï¼", true);
 	exit();
 }
 
-$username=htmlspecialchars(trim($_POST["username"]));
-$username=addslashes($username);
+$username=trim($_POST["username"]);
 
-if (!ereg("^[A-Za-z]{5,12}$",$username))
+if (!preg_match("/^[A-Za-z]{5,12}$/",$username))
 {
-	error_msg ("ÓÃ»§ÃûÌîÐ´²»ÕýÈ·£¡", true);
+	error_msg ("ç”¨æˆ·åå¡«å†™ä¸æ­£ç¡®ï¼", true);
 	exit();
 }	
 if (!check_str($username))
 {
-	error_msg ("ÓÃ»§Ãûº¬ÓÐÏµÍ³±£Áô´Ê£¡", true);
+	error_msg ("ç”¨æˆ·åå«æœ‰ç³»ç»Ÿä¿ç•™è¯ï¼", true);
 	exit();
 }
 
 $db_conn=include "./db_open.inc.php";
 
-$rs=mysql_query("select UID from user_list where username='$username' limit 1");
+$rs=mysql_query("select UID from user_list where username='" .
+	mysqli_real_escape_string($db_conn, $username) . "' limit 1");
 if (mysql_num_rows($rs)>0)
 {
-	error_msg ("ÓÃ»§ÃûÒÑ´æÔÚ£¡", true);
+	error_msg ("ç”¨æˆ·åå·²å­˜åœ¨ï¼", true);
 	exit();
 }
 mysql_free_result($rs);
 
-mysql_query("update user_list set username='$username'".
+mysql_query("update user_list set username='" .
+	mysqli_real_escape_string($db_conn, $username) . "'".
 	" where UID=".$_SESSION["BBS_uid"])
 	or die("Update error!");