if($keywords!='') { $s.=" and likewords like '%$keywords%' "; } if($key!='') { $s.=" and title like '%$key%' or scontent like '%$key%' or a.content like '%$key%' "; } $s.=" and shows='yes' "; $count=$products->GetCount($s); $options = array( 'total_rows' => $count, //总行数 'list_rows' => '20', //每页显示量 );
<?php
include("./include/mysql.class.php");
include("./include/config.php");
include("./class/product.class.php");
include("./class/sc.class.php");$bid=cint( isset($_REQUEST['bid']) ? $_REQUEST['bid'] : '0');
$sid=cint( isset($_REQUEST['sid']) ? $_REQUEST['sid'] : '0');
$cid=cint(isset($_REQUEST['cid']) ? $_REQUEST['cid'] : '0');
$ccid=cint(isset($_REQUEST['cid']) ? $_REQUEST['ccid'] : '0');
$products=new Product();
$sc= new SCClass();
$productclass=new ProductClass();
$webtitle="";
$webkey=$configs['web_keywords'];
$keywords= isset($_REQUEST['keywords']) ? $_REQUEST['keywords'] : '';
$key= isset($_REQUEST['key']) ? $_REQUEST['key'] : '';$webdes=$configs['web_des'];$webtitles="";
if($bid!=0)
{
$model=$productclass->GetClassModel($bid);
$webtitle=$model->ClassName."_";
$webkey=$model->KeyWord;
$webdes=$model->Des;
}if($sid!=0)
{
$models=$productclass->GetClassModel($sid);
$webtitles=$models->ClassName."_";
$webkey=$models->KeyWord;
$webdes=$models->Des;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible"content="IE=7">
<link rel="stylesheet" href="css/style.css" type="text/css" />
<link rel="stylesheet" href="css/lianxi.css" type="text/css" />
<link rel="stylesheet" href="css/dongtai.css" type="text/css" />
<script language="javascript" src="js/fun.js"></script>
<title><?=$webtitles?><?=$webtitle?>产品_<?=$configs['web_title']?></title>
<META content="<?=$webdes?>" name="description">
<META content="<?=$webkey?>" name="keywords">
<META name="AUTHOR" content="<?=$configs['web_author']?>">
<style>
.keywords,keywords2{ float:left; height:22px; line-height:22px; padding:0 8px; margin:3px;}
.keywords a{ color:#0066CC;} .keywords2 a{background:#0066FF; float:left; height:22px; line-height:22px; margin:3px; padding:0 8px; color:#fff;}
.STYLE1 {font-weight: bold}
</style>
<?
include("runjs.html");
?>
</head><script language="JavaScript" src='js/cookie.js'></script>
<script language="JavaScript" src='js/fj.js'></script>
<body onload="TransFor()">
<div class="cont">
<?
include("top.html");
include("./include/page.class.php"); ?>
<!--导航-->
<a name="top"></a><div class="neirong">
<? include("proleft.php");?>
<div class="right fl">
<? include("search_bar.php");?>
<iframe frameborder="0" scrolling="no" width="807" height="145" src="banner.php?types=力康产品" marginheight="0" marginwidth="0"></iframe>
<div>
<div id="neirong">
<table width="807">
<tr><td height="45" colspan="2"><span>筛选</span></td></tr>
<tr><td colspan="2" style="background:url(images/chanpin_fgx.jpg) no-repeat;"> </td></tr>
<tr><td width="60" align="center"><img src="images/chanpin_icosousuo.jpg" width="38" height="37" /></td><td valign="top">
<?
$ck1=$keywords==""?"2":"";
?>
<div class="keywords<?=$ck1?>"><a href="product.php?bid=<?=$bid?>&sid=<?=$sid?>">所有</a></div>
<?
$listkey=$products->GetPageListKey("",0,100);
foreach($listkey as $lrs)
{
$ck=$keywords==$lrs["keyword"]?"2":"";
?>
<div class="keywords<?=$ck?>"><a href="product.php?bid=<?=$bid?>&sid=<?=$sid?>&cid=<?=$cid?>&ccid=<?=$ccid?>&keywords=<?=$lrs["keyword"]?>"><?=$lrs["keyword"]?></a></div>
<?
}
?>
</td>
</tr>
<tr><td height="45" colspan="2"><span>产品展示</span></td></tr>
<tr><td colspan="2" style="background:url(images/chanpin_fgx.jpg) no-repeat;"> </td></tr>
</table>
<!--系列产品-->
<? if($bid==0 && $sid==0 && $keywords=="" && $key=="" && $cid==0 && $ccid==0)
{
foreach($list as $rs)
{
$c=$bid==$rs[0]?"class='current'":"";
?><table width="805" style="background:url(images/chanpin_menubg.jpg) repeat-x; margin-top:12px;">
<tr height="25">
<td> <span class="span1" style="color:#404040"><strong><?=$rs[1]?></strong></span></td>
</tr>
</table>
<?
$list2=$productclass->GetClassList($rs['ClassId']);
foreach($list2 as $rs2)
{
$cc=$sid==$rs2[0]?"style='color:#FF9900'":"";
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="23"><span class="span1" style="color:#0084C5"> <strong><?=$rs2[1]?></strong></span></td>
</tr>
<tr>
<td height="23">
<?
$plist=$products->GetPageList(" and a.bid=".$rs[0]." and a.sid=".$rs2[0]." and shows='yes' ",0,4);
foreach($plist as $rss)
{
?>
<div style="float:left; width:200px; height: 290px; margin-bottom:15px;">
<table height="269" id="tu">
<tr align="center">
<td width="200" valign="middle"><a href="proshow.php?id=<?=$rss["id"]?>" title="<?=$rss["title"]?>"><img src="<?=$rss["pic"]?>" alt="<?=$rss["title"]?>" width="175" height="150" onload="imgs(this,175,175);" /></a></td>
</tr>
<tr align="center">
<td width="200" height="61" valign="top"><a href="proshow.php?id=<?=$rss["id"]?>" title="<?=$rss["title"]?>"><?=sub_str($rss["title"],86)?></a></td>
</tr>
</table>
</div>
<?
}
?>
</td>
</tr>
</table> <? }?>
<?
}
}
else
{
?>
<?
if ($sid==0 )
{
?>
<table width="100%" height="67" border="0" cellpadding="0" cellspacing="3" style="margin:10px 0px; border:1px solid #ccc; display:none;">
<tr>
<td width="17%" style=" padding:5px;"><img src="<?=$productclass->GetClassPic($bid)?>" onload="imgs(this,120,120);" id="simg" width="118" height="118" /></td>
<td width="83%" valign="top" style=" padding:5px;">
<span class="STYLE1">
<?=$productclass->GetClassName($bid)?>
</span> <br />
<br />
<?=$productclass->GetClassContent($bid)?></td>
</tr>
</table>
<?
}
else
{
?>
<table width="100%" height="67" border="0" cellpadding="0" cellspacing="3" style="margin:10px 0px; border:1px solid #ccc; display:none;">
<tr>
<td width="17%" style=" padding:5px;"><img src="<?=$productclass->GetClassPic($sid)?>" onload="imgs(this,120,120);" id="simg" width="118" height="118" /></td>
<td width="83%" valign="top" style=" padding:5px;">
<?=$productclass->GetClassName($sid)?>
<br />
<br />
<?=$productclass->GetClassContent($sid)?></td>
</tr>
</table>
<?
}
?>
<?php
$s='';
if($bid!="0")
{
$s.=" and a.bid=$bid ";
}
if($sid!="0")
{
$s.=" and a.sid=$sid ";
}
if($cid!="0")
{
$s.=" and a.cid=$cid ";
}
if($ccid!="0")
{
$s.=" and a.ccid=$ccid ";
}
if($keywords!='')
{
$s.=" and likewords like '%$keywords%' ";
}
if($key!='')
{
$s.=" and title like '%$key%' or scontent like '%$key%' or a.content like '%$key%' ";
}
$s.=" and shows='yes' ";
$count=$products->GetCount($s); $options = array(
'total_rows' => $count, //总行数
'list_rows' => '20', //每页显示量
);
//判断当前页码
$page= isset($_REQUEST['p']) ? $_REQUEST['p'] : '1';
$page=cint($page);
$offset=$options['list_rows']*($page-1);
$list2=$products->GetPageList($s, $offset,$options['list_rows']);
if($list2==NULL)
{
if($key!="")
{
echo "抱歉,找不到与 ". $_REQUEST['key'] ." 相符的内容 <a href='product.php' style='margin-left:10px;'>点击查看所有产品</a>";
}
else
{
echo "抱歉,找不到 相符的内容";
}
}
foreach($list2 as $rss)
{
?>
<div style="float:left; width:200px; height: 290px; margin-bottom:15px;">
<table height="269" id="tu">
<tr align="center">
<td width="200" height="200" valign="middle"><a href="proshow.php?id=<?=$rss["id"]?>" title="<?=$rss["title"]?>"><img src="<?=$rss["pic"]?>" alt="<?=$rss["title"]?>" onload="imgs(this,175,175);" width="175" height="200" /></a></td>
</tr>
<tr align="center">
<td height="61" valign="top"><a href="proshow.php?id=<?=$rss["id"]?>" title="<?=$rss["title"]?>"><?=sub_str($rss["title"],86)?></a></td>
</tr>
</table>
</div>
<?php
}
?>
<table id="table" width="100%" >
<tr align="right"><td height="31">
<div class="pages" style="height:35px; margin-top:20px;">
</div>
</td></tr>
</table>
<?
}
?>
<table id="table" width="100%" >
<tr align="right"><td height="31"> <a href="#top" style="border:1px #0066CC solid; background:#fff; color:#003399; display:block; text-align:center; width:80px; height:20px; line-height:20px;">返回顶部</a> </td></tr>
</table>
</div>
</div>
</div>
</div>
<? include("foot.html")?>
</div>
</body>
</html>
看了看代码 大体就是上面说的过滤了,过滤掉一些非法字符拒绝非法注入.可以搜索一下PHP 过滤非法字符...