sql 注入的隐患

app/admin/db_update_cs6_para.php

@@ -5,7 +5,7 @@ require_once "../path.php";
 	$db_file = _FILE_DB_PALITEXT_;
 	PDO_Connect("sqlite:$db_file");
 
-	$query = "select * from books where 1";
+	$query = "SELECT * from books where 1";
 	$books = PDO_FetchAll($query);
 
 

app/admin/setting.php

@@ -86,7 +86,7 @@ $album_power["2"]="编辑";
 	switch($currSettingItem){
 		case "account":
 			PDO_Connect("sqlite:"._FILE_DB_USERINFO_);
-			$query = "select * from 'user' where 1 limit 0,1000";
+			$query = "SELECT * from 'user' where 1 limit 0,1000";
 			$user_info = PDO_FetchAll($query);
 			echo "<table>";
 			echo "<tr><th>id</th><th>user name</th><th>nick name</th></tr>";
@@ -106,7 +106,7 @@ $album_power["2"]="编辑";
 			PDO_Connect("sqlite:$db_file");		
 			echo "<h2>Album</h2>";
 
-			$query = "select * from 'album' where 1 limit 0,1000";
+			$query = "SELECT * from 'album' where 1 limit 0,1000";
 			$Fetch = PDO_FetchAll($query);
 			?>
 			<table>
@@ -128,10 +128,10 @@ $album_power["2"]="编辑";
 			break;		
 		case "share":
 			PDO_Connect("sqlite:"._FILE_DB_FILEINDEX_);
-			$query = "select count(*) from 'fileindex' where share=1";
+			$query = "SELECT count(*) from 'fileindex' where share=1";
 			$file_count = PDO_FetchOne($query);
 			echo "共计：{$file_count} 个共享文件";
-			$query = "select * from 'fileindex' where share=1 limit 0,100";
+			$query = "SELECT * from 'fileindex' where share=1 limit 0,100";
 			$file_share = PDO_FetchAll($query);			
 			echo "<table>";
 			echo "<tr><th>id</th><th>user id</th><th>Title</th><th>Size</th><th></th></tr>";

app/course/course_get.php

@@ -7,8 +7,8 @@ require_once "../ucenter/function.php";
 
 $userinfo = new UserInfo();
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
-$query = "select * from course where id = '{$_GET["id"]}'   limit 0,1";
-$fCourse = PDO_FetchRow($query);
+$query = "SELECT * from course where id = ?   limit 0,1";
+$fCourse = PDO_FetchRow($query,array($_GET["id"]));
 
 if ($fCourse) {
     # code...

app/course/course_list.php

@@ -21,11 +21,11 @@ global $PDO;
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
 
 if(isset($_GET["teacher"])){
-    $query = "select * from course where teacher = ?  order by create_time DESC limit 0,100";
+    $query = "SELECT * from course where teacher = ?  order by create_time DESC limit 0,100";
     $Fetch = PDO_FetchAll($query,array($_GET["teacher"]));    
 }
 else{
-    $query = "select * from course where 1  order by create_time DESC limit 0,100";
+    $query = "SELECT * from course where 1  order by create_time DESC limit 0,100";
     $Fetch = PDO_FetchAll($query);
 }
 $userinfo = new UserInfo();

app/course/lesson.php

@@ -8,58 +8,6 @@ include "../pcdl/html_head.php";
 <script src="../course/lesson.js"></script>
 <?php
     require_once("../pcdl/head_bar.php");
-
-/*
-
-require_once "../path.php";
-require_once "../public/_pdo.php";
-require_once '../ucenter/function.php';
-require_once '../public/function.php';
-
-global $PDO;
-PDO_Connect("sqlite:"._FILE_DB_COURSE_);
-$query = "select * from lesson where id = '{$_GET["id"]}'   limit 0,1";
-$Fetch = PDO_FetchAll($query);
-if(count($Fetch)==0)
-{
-    echo "无法找到此课程。可能该课程已经被拥有者删除。";
-    exit;
-}
-$lesson_info = $Fetch[0];
-
-$query = "select * from course where id = '{$lesson_info["course_id"]}'   limit 0,1";
-$Fetch = PDO_FetchAll($query);
-if(count($Fetch)==0)
-{
-    echo "无法找到此课程。可能该课程已经被拥有者删除。";
-    exit;
-}
-$course_info = $Fetch[0];
-
-echo "<div id='course_head_bar' style='background-color:var(--tool-bg-color1);padding:1em 10px 10px 10px;'>";
-echo "<div class='index_inner '>";
-echo "<div style='font-size:140%'>";
-echo "<a href='../uhome/course.php?userid={$course_info["teacher"]}'>";
-echo ucenter_getA($course_info["teacher"]);
-echo "</a>";
-echo " > ";
-echo "<a href='../course/course.php?id={$course_info["id"]}'>";
-echo $course_info["title"];
-echo "</a>";
-echo " > ";
-echo $lesson_info["title"];
-echo "</div>";
-echo '<div class="summary"  style="padding-bottom:5px;">'.$course_info["subtitle"].'</div>';
-echo '<div class="summary"  style=""><button>关注</button><button>报名</button><button>分享</button></div>';
-echo "</div>";
-echo '</div>';
-
-echo "<div  class='index_inner'>";
-
-echo "<div id='lesson_list'>";
-
-echo "</div>";
-*/
 ?>
 
 <link type="text/css" rel="stylesheet" href="./style.css" />

app/course/lesson_get.php

@@ -8,8 +8,8 @@ require_once "../ucenter/function.php";
 $userinfo = new UserInfo();
 
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
-$query = "select * from lesson where id = '{$_GET["id"]}'   limit 0,1";
-$fLesson = PDO_FetchRow($query);
+$query = "SELECT * from lesson where id = ?   limit 0,1";
+$fLesson = PDO_FetchRow($query,array($_GET["id"]));
 
 if ($fLesson) {
     # code...

app/course/lesson_list.php

@@ -6,8 +6,8 @@ require_once "../public/_pdo.php";
 
 global $PDO;
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
-$query = "select * from lesson where course_id = '{$_GET["id"]}' order by date DESC    limit 0,200";
-$fAllLesson = PDO_FetchAll($query);
+$query = "SELECT * from lesson where course_id = ? order by date DESC    limit 0,200";
+$fAllLesson = PDO_FetchAll($query,array($_GET["id"]));
 echo json_encode($fAllLesson, JSON_UNESCAPED_UNICODE);
 
 ?>

app/course/list_new.php

@@ -8,7 +8,7 @@ require_once '../ucenter/function.php';
 
 global $PDO;
 PDO_Connect("sqlite:" . _FILE_DB_COURSE_);
-$query = "select * from course where 1  order by modify_time DESC limit 0,4";
+$query = "SELECT * from course where 1  order by modify_time DESC limit 0,4";
 $Fetch = PDO_FetchAll($query);
 
 foreach ($Fetch as $row) {

app/course/my_course_edit.php

@@ -44,8 +44,8 @@ global $PDO;
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
 
 
-$query = "select * from course where id = '{$_GET["course"]}'   limit 0,1";
-$Fetch = PDO_FetchAll($query);
+$query = "SELECT * from course where id = ?   limit 0,1";
+$Fetch = PDO_FetchAll($query,array($_GET["course"]));
 if(count($Fetch)==0)
 {
     echo "无法找到此课程。可能该课程已经被拥有者删除。";

app/course/my_course_list.php

@@ -38,8 +38,8 @@ require_once '../ucenter/function.php';
 
 global $PDO;
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
-$query = "select * from course where creator = '{$_COOKIE["userid"]}'  order by modify_time DESC limit 0,100";
-$Fetch = PDO_FetchAll($query);
+$query = "SELECT * from course where creator = ?  order by modify_time DESC limit 0,100";
+$Fetch = PDO_FetchAll($query,array($_COOKIE["userid"]));
 
 foreach($Fetch as $row){
     echo '<div class="file_list_row">';

app/course/my_lesson_edit.php

@@ -45,8 +45,8 @@ require_once '../media/function.php';
 global $PDO;
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
 
-$query = "select * from lesson where id = '{$_GET["lesson"]}'   limit 0,1";
-$Fetch = PDO_FetchAll($query);
+$query = "SELECT * from lesson where id = ?  limit 0,1";
+$Fetch = PDO_FetchAll($query,array($_GET["lesson"]));
 if(count($Fetch)==0)
 {
     echo "无法找到此课程。可能该课程已经被拥有者删除。";
@@ -54,8 +54,8 @@ if(count($Fetch)==0)
 }
 $lesson_info = $Fetch[0];
 
-$query = "select * from course where id = '{$lesson_info["course_id"]}'   limit 0,1";
-$Fetch = PDO_FetchAll($query);
+$query = "SELECT * from course where id = ?   limit 0,1";
+$Fetch = PDO_FetchAll($query,array($lesson_info["course_id"]));
 if(count($Fetch)==0)
 {
     echo "无法找到此课程。可能该课程已经被拥有者删除。";

app/course/my_lesson_list.php

@@ -43,8 +43,8 @@ require_once '../ucenter/function.php';
 
 global $PDO;
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
-$query = "select * from course where id = '{$_GET["course"]}'   limit 0,1";
-$Fetch = PDO_FetchAll($query);
+$query = "SELECT * from course where id = ?   limit 0,1";
+$Fetch = PDO_FetchAll($query,array($_GET["course"]));
 if(count($Fetch)==0)
 {
     echo "无法找到此课程。可能该课程已经被拥有者删除。";
@@ -113,8 +113,8 @@ echo '</div>';
 <div style="flex:8;padding:0 0.8em;">
 
 <?php
-$query = "select * from lesson where course_id = '{$_GET["course"]}'   limit 0,100";
-$fAllLesson = PDO_FetchAll($query);
+$query = "SELECT * from lesson where course_id = ?   limit 0,100";
+$fAllLesson = PDO_FetchAll($query,array($_GET["course"]));
 
 
 echo '<div id="userfilelist">';

app/course/my_lesson_new.php

@@ -36,8 +36,8 @@ require_once '../ucenter/function.php';
 
 global $PDO;
 PDO_Connect("sqlite:"._FILE_DB_COURSE_);
-$query = "select * from course where id = '{$_GET["course"]}'   limit 0,1";
-$Fetch = PDO_FetchAll($query);
+$query = "SELECT * from course where id = ?   limit 0,1";
+$Fetch = PDO_FetchAll($query,array($_GET["course"]));
 if(count($Fetch)==0)
 {
     echo "无法找到此课程。可能该课程已经被拥有者删除。";

app/course/teacher_list.php

@@ -8,7 +8,7 @@ require_once '../ucenter/function.php';
 
 global $PDO;
 PDO_Connect("sqlite:" . _FILE_DB_COURSE_);
-$query = "select teacher,count(*) as co from course where 1 group by teacher order by co DESC limit 0,4";
+$query = "SELECT teacher,count(*) as co from course where 1 group by teacher order by co DESC limit 0,4";
 $Fetch = PDO_FetchAll($query);
 
 foreach ($Fetch as $value) {
@@ -18,7 +18,7 @@ foreach ($Fetch as $value) {
     echo '<div class="title"><a href="../uhome/course.php?userid=' . $value['teacher'] . '">' . ucenter_getA($value['teacher']) . '</a></div>';
     echo '<div class="teacher_intro">';
     PDO_Connect("sqlite:" . _FILE_DB_USERINFO_);
-    $query = "select bio from profile where user_id = ? limit 0,10";
+    $query = "SELECT bio from profile where user_id = ? limit 0,10";
     $Fetch = PDO_FetchAll($query,array($value['teacher']));
     if($Fetch){
         echo $Fetch[0]["bio"];

app/dict/dict_lookup.php

@@ -24,16 +24,8 @@ $right_word_list="";
 global $PDO;
 function isExsit($word){
 global $PDO;
-		$query = "select count(*) as co from dict where \"word\" = ".$PDO->quote($word);
-		$row=PDO_FetchOne($query);
-		/*
-		$Fetch = PDO_FetchAll($query);
-		$iFetch=count($Fetch);
-		$count_return+=$iFetch;
-		if($iFetch>0){
-		
-		}
-		*/
+		$query = "SELECT count(*) as co from dict where word = ? ";
+		$row=PDO_FetchOne($query,array($word));
 		if($row[0]==0){
 			return false;
 		}
@@ -141,9 +133,9 @@ switch($op){
 	case "pre"://预查询
 		PDO_Connect("sqlite:"._FILE_DB_REF_INDEX_);
 		echo "<div>";
-		$query = "select word,count from dict where \"eword\" like ".$PDO->quote($word.'%')." OR \"word\" like ".$PDO->quote($word.'%')."  limit 0,20";
+		$query = "SELECT word,count from dict where eword like ?  OR word like ?  limit 0,20";
 
-		$Fetch = PDO_FetchAll($query);
+		$Fetch = PDO_FetchAll($query,array($word.'%',$word.'%'));
 		$iFetch=count($Fetch);
 		if($iFetch>0){
 			for($i=0;$i<$iFetch;$i++){
@@ -163,8 +155,8 @@ switch($op){
 		$dict_list_a = [];
 		//社区字典开始
 		PDO_Connect("sqlite:"._FILE_DB_WBW_);
-		$query = "select *  from dict where \"pali\"= ".$PDO->quote($word)." limit 0,100";
-		$Fetch = PDO_FetchAll($query);
+		$query = "SELECT *  from dict where pali = ? limit 0,100";
+		$Fetch = PDO_FetchAll($query,array($word));
 		$iFetch=count($Fetch);
 		$count_return+=$iFetch;
 		if($iFetch>0){
@@ -206,9 +198,9 @@ switch($op){
 
 		PDO_Connect("sqlite:"._FILE_DB_REF_);
 		//直接查询
-		$query = "select dict.dict_id,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"word\" = ".$PDO->quote($word)." limit 0,100";
+		$query = "SELECT dict.dict_id,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where word = ? limit 0,100";
 		
-		$Fetch = PDO_FetchAll($query);
+		$Fetch = PDO_FetchAll($query,array($word));
 		$iFetch=count($Fetch);
 		$count_return+=$iFetch;
 		if($iFetch>0){
@@ -253,8 +245,8 @@ switch($op){
 
 		if(count($newWord)>0){
 			foreach($newWord as $x=>$x_value) {
-				$query = "select dict.dict_id,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"word\" = ".$PDO->quote($x)." limit 0,30";
-				$Fetch = PDO_FetchAll($query);
+				$query = "SELECT dict.dict_id,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where word = ? limit 0,30";
+				$Fetch = PDO_FetchAll($query,array($x));
 				$iFetch=count($Fetch);
 				$count_return+=$iFetch;
 				if($iFetch>0){
@@ -305,8 +297,8 @@ switch($op){
 			$word1=$org_word;
 			$wordInMean="%$org_word%";
 			echo "include $org_word:<br />";
-			$query = "select dict.dict_id,dict.word,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"mean\" like ".$PDO->quote($wordInMean)." limit 0,30";
-			$Fetch = PDO_FetchAll($query);
+			$query = "SELECT dict.dict_id,dict.word,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where mean like ? limit 0,30";
+			$Fetch = PDO_FetchAll($query,array($wordInMean));
 			$iFetch=count($Fetch);
 			$count_return+=$iFetch;
 			if($iFetch>0){

app/dict/split.php

@@ -297,7 +297,7 @@ function microtime_float()
 
 function dict_lookup($word){
 	global $dbh;
-	$query = "select weight from part where \"word\" = ? ";
+	$query = "SELECT weight from part where word = ? ";
 	$stmt = $dbh->prepare($query);
 	$stmt->execute(array($word));
     $row = $stmt->fetch(PDO::FETCH_NUM);

app/dict_builder/dict_find3.php

@@ -18,16 +18,9 @@ PDO_Connect("sqlite:$dictFileName");
 
 function isExsit($word){
 global $PDO;
-		$query = "select count(*) as co from dict where \"word\" = ".$PDO->quote($word);
-		$row=PDO_FetchOne($query);
-		/*
-		$Fetch = PDO_FetchAll($query);
-		$iFetch=count($Fetch);
-		$count_return+=$iFetch;
-		if($iFetch>0){
-		
-		}
-		*/
+		$query = "SELECT count(*) as co from dict where \"word\" = ?";
+		$row=PDO_FetchOne($query,array($word));
+
 		if($row[0]==0){
 			return false;
 		}
@@ -134,8 +127,8 @@ function mySplit($strWord){
 switch($op){
 	case "pre"://预查询
 		echo "<wordlist>";
-		$query = "select word,count(*) as co from dict where \"eword\" like ".$PDO->quote($word.'%')." OR \"word\" like ".$PDO->quote($word.'%')." group by word order by length limit 0,100";
-		$Fetch = PDO_FetchAll($query);
+		$query = "SELECT word,count(*) as co from dict where \"eword\" like ? OR \"word\" like ? group by word order by length limit 0,100";
+		$Fetch = PDO_FetchAll($query,array($word.'%',$word.'%'));
 		$iFetch=count($Fetch);
 		if($iFetch>0){
 			for($i=0;$i<$iFetch;$i++){
@@ -151,9 +144,9 @@ switch($op){
 		break;
 	case "search":
 		//直接查询
-		$query = "select dict.dict_id,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"word\" = ".$PDO->quote($word)." limit 0,30";
+		$query = "SELECT dict.dict_id,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"word\" = ? limit 0,30";
 		
-		$Fetch = PDO_FetchAll($query);
+		$Fetch = PDO_FetchAll($query,array($word));
 		$iFetch=count($Fetch);
 		$count_return+=$iFetch;
 		if($iFetch>0){
@@ -189,8 +182,8 @@ switch($op){
 
 		if(count($newWord)>0){
 			foreach($newWord as $x=>$x_value) {
-				$query = "select dict.dict_id,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"word\" = ".$PDO->quote($x)." limit 0,30";
-				$Fetch = PDO_FetchAll($query);
+				$query = "SELECT dict.dict_id,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"word\" = ? limit 0,30";
+				$Fetch = PDO_FetchAll($query,array($x));
 				$iFetch=count($Fetch);
 				$count_return+=$iFetch;
 				if($iFetch>0){
@@ -237,8 +230,8 @@ switch($op){
 			$word1=$org_word;
 			$wordInMean="%$org_word%";
 			echo "include $org_word:<br />";
-			$query = "select dict.dict_id,dict.word,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"mean\" like ".$PDO->quote($wordInMean)." limit 0,30";
-			$Fetch = PDO_FetchAll($query);
+			$query = "SELECT dict.dict_id,dict.word,dict.mean,info.shortname from dict LEFT JOIN info ON dict.dict_id = info.id where \"mean\" like ? limit 0,30";
+			$Fetch = PDO_FetchAll($query,array($wordInMean));
 			$iFetch=count($Fetch);
 			$count_return+=$iFetch;
 			if($iFetch>0){

app/dict_builder/get_one_word.php

@@ -12,8 +12,8 @@ include "../public/_pdo.php";
 						
 		$dictFileName=_FILE_DB_REF_;
 		PDO_Connect("sqlite:$dictFileName");
-		$query = "select * from dict where id='$word_id'";
-		$Fetch = PDO_FetchAll($query);
+		$query = "SELECT * from dict where id = ? ";
+		$Fetch = PDO_FetchAll($query,array($word_id));
 		
 		$dictFileName=$dir_dict_3rd."all.db3";
 		PDO_Connect("sqlite:$dictFileName");
@@ -21,8 +21,8 @@ include "../public/_pdo.php";
 		foreach($Fetch as $word){
 			echo "<h3>".$word["paliword"]."</h3>";
 			if($word["status"]>1){
-				$query = "select * from dict where \"from\"='".$word["id"]."'";
-				$FetchRichWord = PDO_FetchAll($query);
+				$query = "SELECT * from dict where from = ? ";
+				$FetchRichWord = PDO_FetchAll($query,array($word["id"]));
 				echo "<div id='final_word'>";
 				echo "<div id='final_word_header'>已编辑数据<button onclick='final_word_show_hide()'>显示/隐藏</bnutton></div>";
 				echo "<div id='final_word_body'>";

app/dict_builder/index - 副本.php

@@ -81,7 +81,7 @@ include "./_pdo.php";
 global $PDO;
 $dictFileName=$dir_dict_3rd."bhmf.db";
 PDO_Connect("sqlite:$dictFileName");
-		$query = "select * from dict where 1  limit 0,1000";
+		$query = "SELECT * from dict where 1  limit 0,1000";
 		$Fetch = PDO_FetchAll($query);
 		$iFetch=count($Fetch);
 		if($iFetch>0){

app/dict_builder/index.php

@@ -151,7 +151,7 @@ else{
 
 		$dictFileName=_FILE_DB_REF_;
 		PDO_Connect("sqlite:$dictFileName");
-		$query = "select * from info where 1  limit 0,100";
+		$query = "SELECT * from info where 1  limit 0,100";
 		$Fetch = PDO_FetchAll($query);
 		$iFetch=count($Fetch);
 		if($iFetch>0){
@@ -170,8 +170,8 @@ else{
 			}
 		}
 		if($dict_id!=-1){
-			$query = "select count(*) from dict where dict_id='$dict_id' ";
-			$dict_count = PDO_FetchOne($query);
+			$query = "SELECT count(*) from dict where dict_id = ? ";
+			$dict_count = PDO_FetchOne($query,array($dict_id));
 			$totle_page=ceil($dict_count/$page_size);
 		}
 		else{
@@ -214,8 +214,8 @@ else{
 						<?php
 						if($dict_id!=-1){
 							$from=$page_no*$page_size;
-							$query = "select id, paliword,status from dict where dict_id='$dict_id' limit $from , $page_size";
-							$Fetch = PDO_FetchAll($query);
+							$query = "SELECT id, paliword,status from dict where dict_id = ? limit ? , ? ";
+							$Fetch = PDO_FetchAll($query,array($dict_id,$from,$page_size));
 							foreach($Fetch as $word){
 								$class_status="status_".$word["status"];
 								$str_status="";

app/doc/coop.php

@@ -42,8 +42,8 @@ set (doc_id ,userid ,value)
     PDO_Connect("sqlite:"._FILE_DB_FILEINDEX_);
 
         echo "<input id='doc_coop_docid' type='hidden' value='{$_doc_id}' />";
-        $query = "select * from fileindex where id='{$_doc_id}' ";
-        $Fetch = PDO_FetchAll($query);
+        $query = "SELECT * from fileindex where id = ? ";
+        $Fetch = PDO_FetchAll($query,array($_doc_id));
         $iFetch=count($Fetch);
         if($iFetch>0){
 
@@ -102,8 +102,8 @@ set (doc_id ,userid ,value)
 
                 }
                 
-                $query = "select * from power where doc_id='{$_doc_id}' ";
-                $Fetch = PDO_FetchAll($query);
+                $query = "SELECT * from power where doc_id = ? ";
+                $Fetch = PDO_FetchAll($query,$_doc_id);
 
                 echo "<ul>";
                 foreach($Fetch as $row){

app/doc/coopfilelist.php

@@ -16,20 +16,20 @@ else{
 }
 
     PDO_Connect("sqlite:"._FILE_DB_FILEINDEX_);
-    $query = "select * from power where user='{$_COOKIE["userid"]}' order by modify_time DESC";
-    $Fetch = PDO_FetchAll($query);
+    $query = "SELECT * from power where user = ? order by modify_time DESC";
+    $Fetch = PDO_FetchAll($query,array($_COOKIE["userid"]));
     $result=array();
     foreach($Fetch as $row){
-        $query = "select * from fileindex where id='{$row['doc_id']}'  ";
-        $FetchFile = PDO_FetchAll($query);
+        $query = "SELECT * from fileindex where id = ?  ";
+        $FetchFile = PDO_FetchAll($query,array($row['doc_id']));
         if(count($FetchFile)>0){
             $FetchFile[0]["power"]=$row["power"];
             $FetchFile[0]["power_status"]=$row["status"];
             $FetchFile[0]["power_create_time"]=$row["create_time"];
             $FetchFile[0]["power_modify_time"]=$row["modify_time"];
             $FetchFile[0]["user_name"]=ucenter_get($FetchFile[0]["user_id"],"");
-            $query = "select id from fileindex where parent_id='{$row['doc_id']}' and user_id='{$uid}'";
-            $FetchFile[0]["my_doc_id"] = PDO_FetchOne($query);
+            $query = "SELECT id from fileindex where parent_id = ? and user_id = ? ";
+            $FetchFile[0]["my_doc_id"] = PDO_FetchOne($query,array($row['doc_id'],$uid));
             $FetchFile[0]["path"] = _get_para_path($FetchFile[0]["book"],$FetchFile[0]["paragraph"]);
             $result[] = $FetchFile[0];
         }

app/doc/docinfo.php

@@ -19,8 +19,8 @@
     if(isset($_GET["id"])){
 
         $doc_id=$_GET["id"];
-        $query = "select * from fileindex where id='{$doc_id}' ";
-        $Fetch = PDO_FetchAll($query);
+        $query = "SELECT * from fileindex where id = ? ";
+        $Fetch = PDO_FetchAll($query,array($doc_id));
         $iFetch=count($Fetch);
         if($iFetch>0){
             //文档信息

app/doc/edit_wbw.php

@@ -41,8 +41,8 @@ echo "<fieldset>";
 echo "<legend>{$_local->gui->channel} ({$_local->gui->required})</legend>";
 echo "<div>";
 PDO_Connect("sqlite:"._FILE_DB_CHANNAL_);
-$query = "select * from channal where owner = '{$_COOKIE["userid"]}'   limit 0,100";
-$Fetch = PDO_FetchAll($query);
+$query = "SELECT * from channal where owner = ?   limit 0,100";
+$Fetch = PDO_FetchAll($query,array($_COOKIE["userid"]));
 $i=0;
 foreach($Fetch as $row){
     echo '<div class="file_list_row" style="padding:5px;">';

app/studio/js/editor.js

@@ -655,9 +655,8 @@ function dictDataParse(xmlDictData, dictID) {
 }
 
 function pushNewDictItem(inArray, objNew) {
-	//var isExist=false;
-	for (indexList in inArray) {
-		if (inArray[indexList].Id == objNew.Id && inArray[indexList].dictID == objNew.dictID) {
+	for (const iterator of inArray) {
+		if (iterator.Id == objNew.Id && iterator.dictID == objNew.dictID) {
 			return;
 		}
 	}