fixes:'typeid' SQL injection

This commit is contained in:
apoyl 2016-12-23 18:12:58 +08:00
parent b5ebc702a1
commit 25958019eb
1 changed files with 1 additions and 1 deletions

View File

@ -430,7 +430,7 @@ if($filter && $filter != 'hot') {
} }
} elseif($field == 'typeid' || $field == 'sortid') { } elseif($field == 'typeid' || $field == 'sortid') {
$fieldstr = $field == 'typeid' ? 'intype' : 'insort'; $fieldstr = $field == 'typeid' ? 'intype' : 'insort';
$filterarr[$fieldstr] = $value; $filterarr[$fieldstr] = dintval($value);
} }
$sp = ' '; $sp = ' ';
} }