--- fenglin/bbs/ch_username_sub.php	2013/01/05 13:44:28	1.5
+++ fenglin/bbs/ch_username_sub.php	2025/03/26 11:48:07	1.8
@@ -6,42 +6,43 @@
 <? 
 if ($_SESSION["BBS_uid"]==0)
 {
-	include "./force_login.inc.php";
+	echo ("å°šæœªç™»é™†");
 	exit();
 } 
 
 $permit = false;
 if (preg_match("/^[A-Za-z]{3,12}$/",$_SESSION["BBS_username"]))
 {
-	error_msg ("ÄúÎÞÈ¨ÐÞ¸ÄÓÃ»§Ãû£¡", true);
+	error_msg ("æ‚¨æ— æƒä¿®æ”¹ç”¨æˆ·åï¼", true);
 	exit();
 }
 
-$username=htmlspecialchars(trim($_POST["username"]), ENT_COMPAT | ENT_HTML401, 'GB2312');
-$username=addslashes($username);
+$username=trim($_POST["username"]);
 
 if (!preg_match("/^[A-Za-z]{5,12}$/",$username))
 {
-	error_msg ("ÓÃ»§ÃûÌîÐ´²»ÕýÈ·£¡", true);
+	error_msg ("ç”¨æˆ·åå¡«å†™ä¸æ­£ç¡®ï¼", true);
 	exit();
 }	
 if (!check_str($username))
 {
-	error_msg ("ÓÃ»§Ãûº¬ÓÐÏµÍ³±£Áô´Ê£¡", true);
+	error_msg ("ç”¨æˆ·åå«æœ‰ç³»ç»Ÿä¿ç•™è¯ï¼", true);
 	exit();
 }
 
 $db_conn=include "./db_open.inc.php";
 
-$rs=mysql_query("select UID from user_list where username='$username' limit 1");
+$rs=mysql_query("select UID from user_list where username='" .
+	mysqli_real_escape_string($db_conn, $username) . "' limit 1");
 if (mysql_num_rows($rs)>0)
 {
-	error_msg ("ÓÃ»§ÃûÒÑ´æÔÚ£¡", true);
+	error_msg ("ç”¨æˆ·åå·²å­˜åœ¨ï¼", true);
 	exit();
 }
 mysql_free_result($rs);
 
-mysql_query("update user_list set username='$username'".
+mysql_query("update user_list set username='" .
+	mysqli_real_escape_string($db_conn, $username) . "'".
 	" where UID=".$_SESSION["BBS_uid"])
 	or die("Update error!");