过滤字符

query("insert into {$dbtbpre}enewswords(oldword,newword) values('".eaddslashes($oldword)."','".eaddslashes($newword)."');"); $wordid=$empire->lastid(); GetConfig();//更新缓存 if($sql) { //操作日志 insert_dolog("wordid=".$wordid); printerror("AddWordSuccess","word.php".hReturnEcmsHashStrHref2(1)); } else {printerror("DbError","history.go(-1)");} } //----------------修改禁用字符 function EditWord($wordid,$oldword,$newword,$userid,$username){ global $empire,$dbtbpre; if(!$oldword||!$wordid) {printerror("EmptyWord","history.go(-1)");} //验证权限 CheckLevel($userid,$username,$classid,"word"); $wordid=(int)$wordid; $sql=$empire->query("update {$dbtbpre}enewswords set oldword='".eaddslashes($oldword)."',newword='".eaddslashes($newword)."' where wordid='$wordid'"); GetConfig();//更新缓存 if($sql) { //操作日志 insert_dolog("wordid=".$wordid); printerror("EditWordSuccess","word.php".hReturnEcmsHashStrHref2(1)); } else {printerror("DbError","history.go(-1)");} } //---------------删除禁用字符 function DelWord($wordid,$userid,$username){ global $empire,$dbtbpre; $wordid=(int)$wordid; if(!$wordid) {printerror("NotDelWordid","history.go(-1)");} //验证权限 CheckLevel($userid,$username,$classid,"word"); $sql=$empire->query("delete from {$dbtbpre}enewswords where wordid='$wordid'"); GetConfig();//更新缓存 if($sql) { //操作日志 insert_dolog("wordid=".$wordid); printerror("DelWordSuccess","word.php".hReturnEcmsHashStrHref2(1)); } else {printerror("DbError","history.go(-1)");} } $enews=$_POST['enews']; if(empty($enews)) {$enews=$_GET['enews'];} if($enews) { hCheckEcmsRHash(); } //增加过滤字符 if($enews=="AddWord") { $oldword=$_POST['oldword']; $newword=$_POST['newword']; AddWord($oldword,$newword,$logininid,$loginin); } //修改过滤字符 elseif($enews=="EditWord") { $wordid=$_POST['wordid']; $oldword=$_POST['oldword']; $newword=$_POST['newword']; EditWord($wordid,$oldword,$newword,$logininid,$loginin); } //删除过滤字符 elseif($enews=="DelWord") { $wordid=$_GET['wordid']; DelWord($wordid,$logininid,$loginin); } else {} $page=(int)$_GET['page']; $page=RepPIntvar($page); $start=0; $line=30;//每页显示条数 $page_line=12;//每页显示链接数 $offset=$page*$line;//总偏移量 $search=''; $search.=$ecms_hashur['ehref']; $totalquery="select count(*) as total from {$dbtbpre}enewswords"; $num=$empire->gettotal($totalquery); $query="select wordid,oldword,newword from {$dbtbpre}enewswords order by wordid desc limit $offset,$line"; $sql=$empire->query($query); $returnpage=page2($num,$line,$page_line,$start,$page,$search); ?> 过滤字符

位置：管理过滤字符

fetch($sql)) { ?> >

过滤字符	操作
将新闻内容包含 <?=ehtmlspecialchars($r[oldword])?> 替换成 <?=ehtmlspecialchars($r[newword])?>