/[LeafOK_CVS]/fenglin/bbs/ch_username_sub.php

Diff of /fenglin/bbs/ch_username_sub.php

- Revision 1.6 by sysadm,
 Sat Mar  1 08:43:28 2025 UTC
+ Revision 1.8 by sysadm,
 Wed Mar 26 11:48:07 2025 UTC
  Line 6
  <?
  if ($_SESSION["BBS_uid"]==0)
  {
-         include "./force_login.inc.php";
+         echo ("尚未登陆");
          exit();
  }
  Line 17 
  if (preg_match("/^[A-Za-z]{3,12}$/",$_SE
          exit();
  }
- $username=htmlspecialchars(trim($_POST["username"]), ENT_COMPAT | ENT_HTML401, 'UTF-8');
+ $username=trim($_POST["username"]);
- $username=addslashes($username);
  if (!preg_match("/^[A-Za-z]{5,12}$/",$username))
  {
- Line 33 
  if (!check_str($username))
+ Line 32 
  if (!check_str($username))
  $db_conn=include "./db_open.inc.php";
- $rs=mysql_query("select UID from user_list where username='$username' limit 1");
+ $rs=mysql_query("select UID from user_list where username='" .
+         mysqli_real_escape_string($db_conn, $username) . "' limit 1");
  if (mysql_num_rows($rs)>0)
  {
          error_msg ("用户名已存在！", true);
  Line 41 
  if (mysql_num_rows($rs)>0)
  }
  mysql_free_result($rs);
- mysql_query("update user_list set username='$username'".
+ mysql_query("update user_list set username='" .
+         mysqli_real_escape_string($db_conn, $username) . "'".
          " where UID=".$_SESSION["BBS_uid"])
          or die("Update error!");

  Legend:

 
 
 Removed lines/characters
  
 
 
 Changed lines/characters
 
 
  
 Added lines/characters
 Legend:

 
 
 Removed lines/characters
  
 
 
 Changed lines/characters
 
 
  
 Added lines/characters
-Removed lines/characters
+Added lines/characters

webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1