htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -45,7 +45,7 @@ if($_REQUEST['action']=='new'){
if($pid==0){
if($cid>0){
$problem_id = htmlentities($_POST['pid'],ENT_QUOTES,'UTF-8');
$problem_id = htmlspecialchars($_POST['pid'],ENT_QUOTES,'UTF-8');
//echo "problem_id:".$problem_id;
$num = strpos($PID,$problem_id);
//echo "num:$num";
@@ -79,7 +79,7 @@ if($_REQUEST['action']=='reply' || !is_null($tid)){
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$REMOTE_ADDR = $_SERVER['HTTP_X_FORWARDED_FOR'];
$tmp_ip = explode(',',$REMOTE_ADDR);
$ip = (htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
$ip = (htmlspecialchars($tmp_ip[0],ENT_QUOTES,"UTF-8"));
}
$sql = "INSERT INTO `reply` (`author_id`, `time`, `content`, `topic_id`,`ip`) VALUES(?,NOW(),?,?,?)";