allinurl:"owered by CMSEZ" comments.php inurlowered by CMSEZ
//comments
include "mainfile.php";
$art=new article();
//設定
$confirm='yes';//yes:需要管理員認證后才能顯示,no:直接顯示
$member=new member();
$user_info=$member->member_auth();
$ulevel=$user_info[user_level];
########設置#############
$action = $_REQUEST[action];
$page="10";//
$need_user = "0";//
$id = $_REQUEST[id];// //對ID參數完全沒過濾
$fdb = $PlusDB->prefix(forum);//評論的數據庫
switch($action){
case "showNum":
$sql="select count(*) as num from ".$fdb." where post_aid='$id'";
$showNum=$PlusDB->getone($sql);
echo "
function comment(id)
{
var page = \"".PLUS_URL."/comments.php?id=\" + id ;
popwin = window.open(page,\"\",\"width=460,height=500,scrollbars,resizable\")
popwin.focus();
}
document.open();
document.write(\""._LANG_0931." $showNum "._LANG_0932."\");
document.close();";
break;
case "saveComment":
viewimg.php
//image.php 顯示附件的圖片
include "mainfile.php";
$member=new member();
$confirm==false;//true 會員才能看,false 都能看
$user_info = $member->member_auth();
if($user_info[user_level]=="Guest" && $confirm==true){
include "modules/member/index.php";
}else{
$imgdb = $PlusDB->prefix(images);
$id=$_GET[id]; //米過濾,為什么他要直接獲得啊!
$aid = $_GET[aid]; //難道趕著吃晚飯?
$sql="select id from $imgdb where aid=$aid order by id ";
,executeQuery()和executeUpdate()方法有什么區別?)
 方法)
