Recently in the use of DEDECMS to do projects, DEDECMS inside the database operation class, in fact, this in the actual project used up is still very convenient.
1: Introduction of common.inc.php file
Require_once (DirName (__file__). "/include/common.inc.php");
2: Get the contents of a record
$row = $dsql->getone ("select * from dede_* where id = $aid");
3: Get total output of the query
$row = $dsql->getone ("SELECT count (*) as DD where typeid = $typeid");
echo $row [' dd '];//output total
4: output Several records of the query
$sql = "SELECT * from dede_*";
$dsql->setquery ($sql);//Format SQL query statements
$dsql->execute ();//Execute SQL operation
Executing results from a query through the loop output
while ($row = $dsql->getarray ()) {
echo $row [' id '];
echo $row [' title '];
}
4: insert a record
$sql = "
INSERT into ' Dede_member_flink ' (mid,title,url,linktype,imgurl,imgwidth,imgheight)
VALUES (". $cfg _ml->m_id.", ' $title ', ' $url ', ' $linktype ', ' $imgurl ', ' $imgwidth ', ' $imgheight '); /Insert Record Database
$dsql->executenonequery ($sql);//Execute SQL operation
$gid = $dsql->getlastid ();//Get the ID you just inserted
5: Delete a record
$sql = "Delete from Dede_member_flink where aid= ' $aid ' and mid= '". $cfg _ml->m_id. "';";
$dsql->setquery ($sql);
$dsql->execnonequery ();
or use simplified mode
$dsql->execnonequery ("Delete from Dede_member_flink where aid= ' $aid ' and mid= '". $cfg _ml->m_id. "';");
6: update a record
$upquery = "
Update Dede_member_flink Set
Title= ' $title ', url= ' $url ', linktype= ' $linktype ',
Imgurl= ' $imgurl ', imgwidth= ' $imgwidth ', imgheight= ' $imgheight '
where aid= ' $aid ' and mid= ' ". $cfg _ml->m_id." ';
";
$rs = $dsql->executenonequery ($upquery);
7: The solution of safe alert:request error step 1/2 in weaving dream dedecms
Weave Dream Dedecms appears safe alert:request error Step 1! or safe alert:request Error Step 2! The workaround
This is due to the security warning that the SQL statement anti-injection feature was used in the new version, and the following name is used in the custom modulo model
One of Union|sleep|benchmark|load_file|outfile
Will cause this warning, in addition to the collected content, if there is a ' union syntax like this will also appear in this warning,
There are currently no 100% perfect solutions that can enhance safety and prevent injection
DEDECMS DB base class can be modified to turn off the security check.
Open the dedesql.class.php under include to locate the constructor
function __construct ($pconnect =false, $nconnect =true)
{
$this->isclose = false;
$this->safecheck = true; (change the sentence to true to false, so it will not be wrapped incorrectly)
if ($nconnect)
{
$this->init ($pconnect);
}
}
dedecms--Database