Arbitrary SQL statement execution
Case 'LIST ':
$ TotalNum = $ mysql-> numTable ("member", $ where );
$ PageNum = 20;
$ TotalPage = intval ($ totalNum/$ pageNum) = $ totalNum/$ pageNum? $ TotalNum/$ pageNum: intval ($ totalNum/$ pageNum) + 1;
$ Page = $ page? $ Page: 1;
$ Page = $ page> $ totalPage? $ TotalPage: $ page;
$ Page = $ page <1? 1: $ page;
$ Members = $ mysql-> select ("member", "id, name, time, money, provience, city, picture", $ where, array ("id DESC "), array ($ page-1) * $ pageNum, $ pageNum); www.2cto.com
Require (INCLUDE_PATH. "page. class. php ");
$ PageClass = new page ($ page, $ totalNum, $ pageNum, WEB_URL. "member/u. php? Action = list ", true );
$ PageCode = $ pageClass-> getCode ();
$ Smarty-> assign ("webTitle", "Member List ");
$ Smarty-> assign ("uList", $ members );
$ Smarty-> assign ("pageCode", $ pageCode );
$ Smarty-> display ("member/m_u_list.html ");
Function numTable ($ table = '', $ wheres = false)
{
$ Table = $ this-> dbPrefix. $ table;
$ SQL = "SELECT COUNT (*) AS num FROM '$ table '";
If ($ wheres)
{
$ SQL. = "WHERE ";
If (is_array ($ wheres ))
{
Foreach ($ wheres as $ key => $ val)
{
$ Whr [] = "'$ key' ='". $ val ."'";
}
$ SQL. = implode ("AND", $ whr );
}
Elseif (is_string ($ wheres ))
{
$ SQL. = $ wheres;
}
}
$ Result = $ this-> fetch ($ this-> query ($ SQL ));
Return $ result ['num'];
}
If the Where clause is not initialized, arbitrary SQL statements can be executed.
Test:
Http://www.bkjia.com/stcms_html/member/u. php? Action = list & where = {SQL}
Solution: you know.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
