XiaoLFeng/XF_Index
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

数据库漏洞修复

Browse Source
This commit is contained in:
筱锋xiao_lfeng 2023-05-02 14:40:45 +08:00
parent 6eb558f989
commit 909cd1e0dc
1 changed files with 24 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Class/Sql.php
View File

@ -10,10 +10,11 @@ class Sql
/** /**
* @return false|mysqli * @return false|mysqli
*/ */
public static function MySqlConn() { public static function MySqlConn()
{
// 从文件获取数据 // 从文件获取数据
$Array_ConfigData = null; $Array_ConfigData = null;
$FileData = fopen(dirname(__FILE__,3)."/setting.inc.json",'r'); $FileData = fopen(dirname(__FILE__, 2) . "/setting.inc.json", 'r');
while (!feof($FileData)) while (!feof($FileData))
$Array_ConfigData .= fgetc($FileData); $Array_ConfigData .= fgetc($FileData);
$Array_ConfigData = json_decode($Array_ConfigData, JSON_UNESCAPED_UNICODE); $Array_ConfigData = json_decode($Array_ConfigData, JSON_UNESCAPED_UNICODE);
@ -30,39 +31,33 @@ public static function MySqlConn() {
* @param string $Mysql_Query * @param string $Mysql_Query
* @return string[] 查找到结果返回结果 * @return string[] 查找到结果返回结果
*/ */
public static function SELECT(string $Mysql_Query): array { public static function SELECT(string $Mysql_Query): array
$Array_Push = null; {
$Array_OutPut = [ $CC_i = 0;
'output'=>null, $Array_OutPut = [];
'data'=>$Array_Push,
];
if (preg_match('/^SELECT/', $Mysql_Query)) { if (preg_match('/^SELECT/', $Mysql_Query)) {
$Result = mysqli_query(self::MySqlConn(), $Mysql_Query); $Result = mysqli_query(self::MySqlConn(), $Mysql_Query);
for ($CC_i = 0; $Result_Object = mysqli_fetch_object($Result); $CC_i++) { for (; $Result_Object = mysqli_fetch_object($Result); $CC_i++) {
if ($CC_i == 0 && empty($Result_Object)) { $Array_OutPut['output'] = 'Success';
$Array_OutPut['data'][$CC_i] = $Result_Object;
}
if ($CC_i == 0)
$Array_OutPut['output'] = 'EmptyResult'; $Array_OutPut['output'] = 'EmptyResult';
return $Array_OutPut; } else
} else {
$Array_Push[$CC_i] = $Result_Object;
}
}
return $Array_OutPut;
} else {
$Array_OutPut['output'] = 'TypeError'; $Array_OutPut['output'] = 'TypeError';
return $Array_OutPut; return $Array_OutPut;
} }
}
/** /**
* MySQL插入库 * MySQL插入库
* @param string $Mysql_Query * @param string $Mysql_Query
* @return bool * @return bool
*/ */
public static function INSERT(string $Mysql_Query): bool { public static function INSERT(string $Mysql_Query): bool
if (preg_match('/^INSERT/',$Mysql_Query)) { {
if (preg_match('/^INSERT/', $Mysql_Query))
return mysqli_query(self::MySqlConn(), $Mysql_Query); return mysqli_query(self::MySqlConn(), $Mysql_Query);
} else { else
return false; return false;
} }
} }
}