htmlentities -> htmlspecialchars
This commit is contained in:
@@ -178,7 +178,7 @@ if (isset($_GET['top'])) {
|
||||
$problem_id = "";
|
||||
if (isset($_GET['problem_id']) && $_GET['problem_id']!="") {
|
||||
if (isset($_GET['cid'])) {
|
||||
$problem_id = htmlentities($_GET['problem_id'],ENT_QUOTES,'UTF-8');
|
||||
$problem_id = htmlspecialchars($_GET['problem_id'],ENT_QUOTES,'UTF-8');
|
||||
$num = array_search($problem_id,$PID);
|
||||
$problem_id = $PID[$num];
|
||||
$sql = $sql."AND `num`='".$num."' ";
|
||||
@@ -215,7 +215,7 @@ if (isset($_GET['user_id'])) {
|
||||
$sql = $sql."AND solution.user_id=? ";
|
||||
if ($str2!="")
|
||||
$str2 = $str2."&";
|
||||
$str2 = $str2."&user_id=".htmlentities(urlencode($user_id),ENT_QUOTES);
|
||||
$str2 = $str2."&user_id=".htmlspecialchars(urlencode($user_id),ENT_QUOTES);
|
||||
array_push($param,$user_id);
|
||||
}
|
||||
else{
|
||||
@@ -261,13 +261,13 @@ if(isset($_GET['school'])&&trim($_GET['school'])!="" || isset($_GET['school'])&&
|
||||
$school=trim($_GET['school']);
|
||||
$sql.=" and users.school=? ";
|
||||
array_push($param,trim($_GET['school']));
|
||||
$str2 = $str2."&school=".htmlentities(trim($_GET['school']),ENT_QUOTES);
|
||||
$str2 = $str2."&school=".htmlspecialchars(trim($_GET['school']),ENT_QUOTES);
|
||||
}
|
||||
if(isset($_GET['group_name'])&&trim($_GET['group_name'])!=""){
|
||||
$group_name=trim($_GET['group_name']);
|
||||
$sql.=" and users.group_name=? ";
|
||||
array_push($param,trim($_GET['group_name']));
|
||||
$str2 = $str2."&group_name=".htmlentities(trim($_GET['group_name']),ENT_QUOTES);
|
||||
$str2 = $str2."&group_name=".htmlspecialchars(trim($_GET['group_name']),ENT_QUOTES);
|
||||
}
|
||||
}else{
|
||||
$sql0="select $fields from solution inner join users on solution.user_id=users.user_id";
|
||||
|
||||
Reference in New Issue
Block a user