htmlentities -> htmlspecialchars

This commit is contained in:
2024-12-06 15:35:38 +08:00
parent daa005f029
commit d9b2d13caa
184 changed files with 410 additions and 405 deletions

View File

@@ -178,7 +178,7 @@ if (isset($_GET['top'])) {
$problem_id = "";
if (isset($_GET['problem_id']) && $_GET['problem_id']!="") {
if (isset($_GET['cid'])) {
$problem_id = htmlentities($_GET['problem_id'],ENT_QUOTES,'UTF-8');
$problem_id = htmlspecialchars($_GET['problem_id'],ENT_QUOTES,'UTF-8');
$num = array_search($problem_id,$PID);
$problem_id = $PID[$num];
$sql = $sql."AND `num`='".$num."' ";
@@ -215,7 +215,7 @@ if (isset($_GET['user_id'])) {
$sql = $sql."AND solution.user_id=? ";
if ($str2!="")
$str2 = $str2."&";
$str2 = $str2."&user_id=".htmlentities(urlencode($user_id),ENT_QUOTES);
$str2 = $str2."&user_id=".htmlspecialchars(urlencode($user_id),ENT_QUOTES);
array_push($param,$user_id);
}
else{
@@ -261,13 +261,13 @@ if(isset($_GET['school'])&&trim($_GET['school'])!="" || isset($_GET['school'])&&
$school=trim($_GET['school']);
$sql.=" and users.school=? ";
array_push($param,trim($_GET['school']));
$str2 = $str2."&school=".htmlentities(trim($_GET['school']),ENT_QUOTES);
$str2 = $str2."&school=".htmlspecialchars(trim($_GET['school']),ENT_QUOTES);
}
if(isset($_GET['group_name'])&&trim($_GET['group_name'])!=""){
$group_name=trim($_GET['group_name']);
$sql.=" and users.group_name=? ";
array_push($param,trim($_GET['group_name']));
$str2 = $str2."&group_name=".htmlentities(trim($_GET['group_name']),ENT_QUOTES);
$str2 = $str2."&group_name=".htmlspecialchars(trim($_GET['group_name']),ENT_QUOTES);
}
}else{
$sql0="select $fields from solution inner join users on solution.user_id=users.user_id";