ravand
سه شنبه 02 خرداد 1391, 19:47 عصر
هر كاري كردم بلكه بتونم حفره اي كه در اين اسكريپت وجود داره رو از بين برم و جلوش رو بگيرم نشد.
ممنون ميشم راهنماييم كنيد.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php include_once('title.php'); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">
A{ text-decoration: none; }
#matlab{
width:477px;
direction:rtl;
text-align:right;
border-radius:3px;
padding:2px 0px;
border:1px #CCCCCC solid;
font-size:20px;
border:1px silver solid;
padding:10px 15px;
min-height:50px;
background-color:#F7F7F7;
shadow:1px 1px #ccc;
margin-top:10px;
border-radius:5px;
behavior: url('PIE.htc');
}
#matlab:hover
{
background-color:#EEEEEE;
}
</style>
</head>
<body>
<div align="center">
<div id="matlab">
<?php
header("Cache-Control: no-cache, must-revalidate");
if((!isset($_GET["id"])) or ($_GET["id"]=="") or (!is_numeric($_GET["id"]))){
header("Location:HTTP/1.0 404 Not Found");
die("");
exit;
}else{
$sql =$_GET['id'];
if(is_numeric($sql) and strlen($sql)<5){
$servername="localhost";
$dbname="database";
$user="root";
$pass="";
$dblink=mysql_connect($servername,$user,$pass);
mysql_select_db($dbname,$dblink);
date_default_timezone_set('Asia/Tehran');
include('jdf.php');
mysql_query("SET CHARACTER SET utf8",$dblink);
function escape($sql) {
$symbol = array(',', ')', '(', "'", '"','!', '?', '/', '[', ']', '+', '=', '#', '\x00','\x7F','\xC0','\xFD', '\n', '\r','\t', '\x1a', '&', '$', 'select', 'delete', 'from', 'xml', 'script', 'union','order','by','select','all','group','havin g');
$sql= preg_replace("/<.*?>/", "",htmlentities($sql));
$sql =str_replace($symbol,"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!get_magic_quotes_gpc() )
{
$sql = addslashes($sql);
}
$sql = addslashes($sql);
$sql = str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $sql);
$sql = stripslashes($sql);
$sql = mysql_real_escape_string($sql);
return $sql;
}
$dbresult=mysql_query("SELECT * FROM jadval where id={escape($sql)}",$dblink);
while($row=mysql_fetch_assoc($dbresult))
{$onvan=$row['subject'];
$begir=str_replace(" ","_",$onvan);
echo "<a href=http://site.ir/link/{$row['id']}/$begir title=\"{$row['subject']}\">{$row['subject']}</a><br>";
echo ($row['body']);
echo "<br>";
echo ('<a href="'.$row['linki'].'"> لينك</a>');
echo ": ";
echo jdate("h:i:s Y/m/d",strtotime($row["date"]));
}
mysql_close($dblink);
}
}
?>
</div>
</div>
</body>
</html>
ممنون ميشم راهنماييم كنيد.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php include_once('title.php'); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">
A{ text-decoration: none; }
#matlab{
width:477px;
direction:rtl;
text-align:right;
border-radius:3px;
padding:2px 0px;
border:1px #CCCCCC solid;
font-size:20px;
border:1px silver solid;
padding:10px 15px;
min-height:50px;
background-color:#F7F7F7;
shadow:1px 1px #ccc;
margin-top:10px;
border-radius:5px;
behavior: url('PIE.htc');
}
#matlab:hover
{
background-color:#EEEEEE;
}
</style>
</head>
<body>
<div align="center">
<div id="matlab">
<?php
header("Cache-Control: no-cache, must-revalidate");
if((!isset($_GET["id"])) or ($_GET["id"]=="") or (!is_numeric($_GET["id"]))){
header("Location:HTTP/1.0 404 Not Found");
die("");
exit;
}else{
$sql =$_GET['id'];
if(is_numeric($sql) and strlen($sql)<5){
$servername="localhost";
$dbname="database";
$user="root";
$pass="";
$dblink=mysql_connect($servername,$user,$pass);
mysql_select_db($dbname,$dblink);
date_default_timezone_set('Asia/Tehran');
include('jdf.php');
mysql_query("SET CHARACTER SET utf8",$dblink);
function escape($sql) {
$symbol = array(',', ')', '(', "'", '"','!', '?', '/', '[', ']', '+', '=', '#', '\x00','\x7F','\xC0','\xFD', '\n', '\r','\t', '\x1a', '&', '$', 'select', 'delete', 'from', 'xml', 'script', 'union','order','by','select','all','group','havin g');
$sql= preg_replace("/<.*?>/", "",htmlentities($sql));
$sql =str_replace($symbol,"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!get_magic_quotes_gpc() )
{
$sql = addslashes($sql);
}
$sql = addslashes($sql);
$sql = str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $sql);
$sql = stripslashes($sql);
$sql = mysql_real_escape_string($sql);
return $sql;
}
$dbresult=mysql_query("SELECT * FROM jadval where id={escape($sql)}",$dblink);
while($row=mysql_fetch_assoc($dbresult))
{$onvan=$row['subject'];
$begir=str_replace(" ","_",$onvan);
echo "<a href=http://site.ir/link/{$row['id']}/$begir title=\"{$row['subject']}\">{$row['subject']}</a><br>";
echo ($row['body']);
echo "<br>";
echo ('<a href="'.$row['linki'].'"> لينك</a>');
echo ": ";
echo jdate("h:i:s Y/m/d",strtotime($row["date"]));
}
mysql_close($dblink);
}
}
?>
</div>
</div>
</body>
</html>