\r
if(!$page) $page='1';\r
\r
- $query = 'select * from '.sql_table('plug_gallery_comment').' as a left join '.sql_table('member').' as b on a.cmemberid=b.mnumber left join '.sql_table('plug_gallery_picture').' as c on a.cpictureid=c.pictureid limit '.$offset.', '.($NPG_CONF['AdminCommentsPerPage']+1);\r
+ $query = 'select * from '.sql_table('plug_gallery_comment').' as a left join '.sql_table('member').' as b on a.cmemberid=b.mnumber left join '.sql_table('plug_gallery_picture').' as c on a.cpictureid=c.pictureid limit '.intval($offset).', '.intval($NPG_CONF['AdminCommentsPerPage']+1);\r
$res = sql_query($query);\r
$nrows = mysql_num_rows($res);\r
\r
\r
$id = $_GET['id'];\r
if($gmember->isAdmin() && $id) { \r
- $query = 'select * from '.sql_table('plug_gallery_template')." where tdesc = $id";\r
+ $query = 'select * from '.sql_table('plug_gallery_template')." where tdesc = ".intval($id);\r
$result = sql_query($query);\r
if(mysql_num_rows($result)) {\r
while ($row = mysql_fetch_object($result)) {\r
}\r
}\r
\r
- $query2 = 'select * from '.sql_table('plug_gallery_template_desc')." where tdid = $id";\r
+ $query2 = 'select * from '.sql_table('plug_gallery_template_desc')." where tdid = ".intval($id);\r
$result2 = sql_query($query2);\r
if(!mysql_num_rows($result2)) {\r
echo __NPG_ERR_BAD_TEMPLATE.'<br/>';\r
$res = sql_query($query);\r
$nr = mysql_fetch_row($res);\r
if ($nr[0] > 1 && $id && NPG_TEMPLATE::existsID($id) && $gmember->isAdmin()) {\r
- $query = 'delete from '.sql_table('plug_gallery_template_desc').' where tdid='.$id;\r
+ $query = 'delete from '.sql_table('plug_gallery_template_desc').' where tdid='.intval($id);\r
sql_query($query);\r
- $query = 'delete from '.sql_table('plug_gallery_template').' where tdesc='.$id;\r
+ $query = 'delete from '.sql_table('plug_gallery_template').' where tdesc='.intval($id);\r
sql_query($query);\r
}\r
\r
global $galleryaction;\r
\r
$id = intval(requestvar('id'));\r
- $query = 'select * from '.sql_table('plug_gallery_comment').' as a left join '.sql_table('member').' as b on a.cmemberid=b.mnumber where a.commentid='.$id;\r
+ $query = 'select * from '.sql_table('plug_gallery_comment').' as a left join '.sql_table('member').' as b on a.cmemberid=b.mnumber where a.commentid='.intval($id);\r
$res = sql_query($query);\r
$row = mysql_fetch_object($res);\r
\r
function action_removeselectuser() {\r
global $gmember;\r
\r
- $mid = requestvar('userid');\r
+ $mid = intval(requestvar('userid'));\r
if($mid) {\r
$query='delete from '.sql_table('plug_gallery_member')." where memberid=$mid";\r
if($gmember->isAdmin()) $result = mysql_query($query);\r
function action_addselectuser() {\r
global $gmember;\r
\r
- $mid = requestvar('userid');\r
+ $mid = intval(requestvar('userid'));\r
if($mid) {\r
$query = 'insert into '.sql_table('plug_gallery_member')." values ('$mid',1) ";\r
if($gmember->isAdmin()) $result = mysql_query($query);\r
function action_deltmember() {\r
global $gmember,$galleryaction;\r
\r
- $aid = requestvar('aid');\r
- $mid = requestvar('mid');\r
+ $aid = intval(requestvar('aid'));\r
+ $mid = intval(requestvar('mid'));\r
if($aid && $mid) \r
if($gmember->canModifyAlbum($aid)) {\r
$query = 'delete from '.sql_table('plug_gallery_album_team')." where tmemberid=$mid and talbumid=$aid";\r
function action_toggleadmin() {\r
global $gmember,$galleryaction;\r
\r
- $aid = requestvar('aid');\r
- $mid = requestvar('mid');\r
+ $aid = intval(requestvar('aid'));\r
+ $mid = intval(requestvar('mid'));\r
if($aid && $mid) \r
if($gmember->canModifyAlbum($aid)) {\r
$query = 'update '.sql_table('plug_gallery_album_team')." set tadmin=abs(tadmin-1) where tmemberid=$mid and talbumid=$aid";\r
function action_addalbumteam() {\r
global $gmember,$galleryaction;\r
\r
- $id = requestvar('id');\r
- $tmember = requestvar('tmember');\r
- $admin = requestvar('admin');\r
+ $id = intval(requestvar('id'));\r
+ $tmember = intval(requestvar('tmember'));\r
+ $admin = intval(requestvar('admin'));\r
if($id && $tmember) {\r
if(!$admin) $admin = 0;\r
if($gmember->canModifyAlbum($id)) {\r
$option = requestVar('deleteoption');\r
if($id && $option && $gmember->canmodifyalbum($id)) {\r
if($option == '-1') { //delete pictures\r
- $query = 'select * from '.sql_table('plug_gallery_picture').' where albumid='.$id;\r
+ $query = 'select * from '.sql_table('plug_gallery_picture').' where albumid='.intval($id);\r
$result = mysql_query($query);\r
if(!$result) echo mysql_error().":$query<br/>";\r
while($row = mysql_fetch_object($result)) {\r
}\r
else {\r
$delresult = PICTURE::deletepromoposts($row->pictureid);\r
- $query2 = 'delete from '.sql_table('plug_gallery_picture').' where pictureid='.$row->pictureid;\r
+ $query2 = 'delete from '.sql_table('plug_gallery_picture').' where pictureid='.intval($row->pictureid);\r
$result2 = mysql_query($query2);\r
if(!$result2) echo mysql_error().":$query<br/>";\r
}\r
}\r
if($ok) {\r
- $query = 'delete from '.sql_table('plug_gallery_album').' where albumid='.$id;\r
+ $query = 'delete from '.sql_table('plug_gallery_album').' where albumid='.intval($id);\r
$result = mysql_query($query);\r
if(!$result) echo mysql_error().":$query<br/>";\r
}\r
}\r
else {\r
if($gmember->canaddpicture($option)) {\r
- $query = 'update '.sql_table('plug_gallery_picture').' set albumid='.$option.' where albumid='.$id;\r
+ $query = 'update '.sql_table('plug_gallery_picture').' set albumid='.intval($option).' where albumid='.intval($id);\r
$result = mysql_query($query);\r
if(!$result) echo mysql_error().'<br/>';\r
ALBUM::fixnumberofimages($option);\r
- $query = 'delete from '.sql_table('plug_gallery_album').' where albumid='.$id;\r
+ $query = 'delete from '.sql_table('plug_gallery_album').' where albumid='.intval($id);\r
$result = mysql_query($query);\r
if(!$result) echo mysql_error().'<br/>';\r
}\r
OSDN Git Service
