/[LeafOK_CVS]/fenglin/bbs/reg_user_service.php

Diff of /fenglin/bbs/reg_user_service.php

Parent Directory | Revision Log | View Patch Patch

- Revision 1.1 by sysadm,
 Mon Mar 31 14:13:22 2025 UTC
+ Revision 1.2 by sysadm,
 Tue Apr  1 12:18:40 2025 UTC
  Line 145
                  exit(json_encode($result_set));
          }
+         // Secure SQL statement
+         $nickname = mysqli_real_escape_string($db_conn, $nickname);
+         $realname = mysqli_real_escape_string($db_conn, $realname);
          // Begin transaction
          $rs = mysqli_query($db_conn, "SET autocommit=0");
          if ($rs == false)
- Line 167
+ Line 171
          }
          // Check availability of username and nickname
-         $sql = "SELECT UID FROM user_list WHERE username = '" .
+         $sql = "SELECT UID FROM user_list WHERE username = '$username'";
-                         mysqli_real_escape_string($db_conn, $username) . "'";
          $rs = mysqli_query($db_conn, $sql);
          if ($rs == false)
- Line 190
+ Line 193
          }
          mysqli_free_result($rs);
-         $sql = "SELECT UID FROM user_nickname WHERE nickname = '" .
+         $sql = "SELECT UID FROM user_nickname WHERE nickname = '$nickname'";
-                         mysqli_real_escape_string($db_conn, $nickname) . "'";
          $rs = mysqli_query($db_conn, $sql);
          if ($rs == false)
- Line 213
+ Line 215
          }
          mysqli_free_result($rs);
-         $sql = "SELECT UID FROM user_pubinfo WHERE email = '" .
+         $sql = "SELECT UID FROM user_pubinfo WHERE email = '$email'";
-                         mysqli_real_escape_string($db_conn, $email) . "'";
          $rs = mysqli_query($db_conn, $sql);
          if ($rs == false)
- Line 259
+ Line 260
          $uid = mysqli_insert_id($db_conn);
-         $sql = "INSERT INTO user_reginfo(UID, name, birthday, signup_dt, signup_ip) VALUES($uid, '" .
+         $sql = "INSERT INTO user_reginfo(UID, name, birthday, signup_dt, signup_ip)
-                         mysqli_real_escape_string($db_conn, $realname) . "', '$year-$month-$day', NOW(), '".
+                         VALUES($uid, '$realname', '$year-$month-$day', NOW(), '".
                          client_addr() . "')";
          $rs = mysqli_query($db_conn, $sql);
- Line 273
+ Line 274
                  exit(json_encode($result_set));
          }
-         $sql = "INSERT INTO user_pubinfo(UID, nickname, email, gender, gender_pub, qq, last_login_dt) VALUES($uid, '" .
+         $sql = "INSERT INTO user_pubinfo(UID, nickname, email, gender, gender_pub, qq, last_login_dt)
-                         mysqli_real_escape_string($db_conn, $nickname) . "', '$email', '$gender', $gender_public, '$qq', NOW())";
+                         VALUES($uid, '$nickname', '$email', '$gender', $gender_public, '$qq', NOW())";
          $rs = mysqli_query($db_conn, $sql);
          if ($rs == false)
- Line 286
+ Line 287
                  exit(json_encode($result_set));
          }
-         $sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason) VALUES($uid, '" .
+         $sql = "INSERT INTO user_nickname(UID, nickname, begin_dt, begin_reason)
-                         mysqli_real_escape_string($db_conn, $nickname) . "', NOW(), 'R')";
+                         VALUES($uid, '$nickname', NOW(), 'R')";
          $rs = mysqli_query($db_conn, $sql);
          if ($rs == false)

  Legend:

 
 
 Removed lines/characters
  
 
 
 Changed lines/characters
 
 
  
 Added lines/characters
 Legend:

 
 
 Removed lines/characters
  
 
 
 Changed lines/characters
 
 
  
 Added lines/characters
-Removed lines/characters
+Added lines/characters

webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1