goodspeed/Cloudlog
1
0
派生 0
代码 工单 合并请求 项目 版本发布 软件包 百科 动态 Actions

[Advanced search] Only run a query which contains select, but not delete or update. Done for safety precautions.

浏览代码
这个提交包含在:
Andreas 2021-09-25 19:49:28 +02:00
父节点 0717fa74ff
当前提交 17170433e0
共有 1 个文件被更改,包括 5 次插入2 次删除
显示统计信息 下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

5
application/controllers/Search.php
查看文件

@ -88,11 +88,14 @@ class Search extends CI_Controller {
function run_query() { function run_query() {
$this->db->where('id', xss_clean($this->input->post('id'))); $this->db->where('id', xss_clean($this->input->post('id')));
$sql = $this->db->get('queries')->result(); $sql = $this->db->get('queries')->result();
$sql = $sql[0]->query;
$data['results'] = $this->db->query($sql[0]->query); if (stristr($sql, 'select', ) && !stristr($sql, 'delete') && !stristr($sql, 'update')) {
$data['results'] = $this->db->query($sql);
$this->load->view('search/search_result_ajax', $data); $this->load->view('search/search_result_ajax', $data);
} }
}
function save_query() { function save_query() {
if(isset($_POST['search'])) { if(isset($_POST['search'])) {