5 年之前 · 75d439f47f
--- a/lib/common/fileupload.class.php
+++ b/lib/common/fileupload.class.php
@@ -61,12 +61,13 @@ class FileUpload{
 
				 		//2016/10/26根据szc的意见修改
			
 
				 		if(empty($_FILES[$elename])) throw new Exception('没有上传文件或文件大小超过系统限制', 981);
			
 
				 		
			
 
				-		$f_name    = basename($_FILES[$elename]["name"]); //被上传文件的名称
			
 
				+		// $f_name    = basename($_FILES[$elename]["name"]); //被上传文件的名称(这种用法错误，因为basename方法不支持中文名)
			
 
				+		$f_name    = preg_replace('/^.+[\\\\\\/]/', '', $_FILES[$elename]["name"]); //被上传文件的名称
			
 
				 		$f_type    = $_FILES[$elename]["type"]; //被上传文件的类型
			
 
				 		$f_size    = $_FILES[$elename]["size"]; //被上传文件的大小，以字节计
			
 
				 		$f_tmpname = $_FILES[$elename]["tmp_name"]; //存储在服务器的文件的临时副本的名称
			
 
				 		$f_error   = $_FILES[$elename]["error"]; //由文件上传导致的错误代码
			
 
				-
			
 
				+		
			
 
				 		//是否发生错误
			
 
				 		if($f_error) $this->uploadFileError($f_error);
			
 
				 		
			
--- a/lib/common/paramcheck.class.php
+++ b/lib/common/paramcheck.class.php
@@ -120,5 +120,23 @@ class ParamCheck {
 
				 	static public function is_ID($val){
			
 
				 		return (bool)preg_match('/^([1-9]+[0-9]*)$/', $val);
			
 
				 	}
			
 
				+
			
 
				+	/**
			
 
				+	* 检查是否为身份证号
			
 
				+	* @param   string
			
 
				+	* @return  boolean
			
 
				+	*/
			
 
				+	static public function is_idcard($val){
			
 
				+		return (bool)preg_match('/(^\d{15}$)|(^\d{17}(\d|X)$)/', $val);
			
 
				+	}
			
 
				+
			
 
				+	/**
			
 
				+	* 检查是否为邮政编码
			
 
				+	* @param   string
			
 
				+	* @return  boolean
			
 
				+	*/
			
 
				+	static public function is_postcode($val){
			
 
				+		return (bool)preg_match('/^(\d{6})$/', $val);
			
 
				+	}
			
 
				 }
			
 
				 ?>
			
--- a/lib/table/table.class.php
+++ b/lib/table/table.class.php
@@ -98,6 +98,21 @@ abstract class Table {
 
				 	//@param $attr 数组，键值参考add()
			
 
				 	public function edit($id, $attr){}
			
 
				 
			
 
				+    //修改指定字段
			
 
				+    public function update($id, $attrs)
			
 
				+    {
			
 
				+        $params = array();
			
 
				+        foreach ($attrs as $key => $value) {
			
 
				+            //$type = self::getTypeByAttr($key);
			
 
				+            $params[$this->table_name.'_'.$key] = array('string', $value);
			
 
				+
			
 
				+        }
			
 
				+        //where条件
			
 
				+        $where = array( $this->table_id => array("number", $id));
			
 
				+        //返回结果
			
 
				+        $r = $this->pdo->sqlupdate($this->table_fullname, $params, $where);
			
 
				+        return $r;
			
 
				+    }
			
 
				 
			
 
				 	//--------------------------------------------------
			
 
				 	//------------依赖于字段设置的常见方法，可以重载----
			
@@ -175,6 +190,14 @@ abstract class Table {
 
				 				$val = $this->pdo->sql_check_input(array('string', $val));
			
 
				 				$where .= " and $field_name = $val ";
			
 
				 			}
			
 
				+            if($operator == '>num'){//大于数字
			
 
				+                $val = $this->pdo->sql_check_input(array('number', $val));
			
 
				+                $where .= " and $field_name > $val ";
			
 
				+            }
			
 
				+            if($operator == '<num'){//小于数字
			
 
				+                $val = $this->pdo->sql_check_input(array('number', $val));
			
 
				+                $where .= " and $field_name < $val ";
			
 
				+            }
			
 
				 
			
 
				 			if($operator == '%s'){//字符串，模糊搜索
			
 
				 				$val = '%'.$val.'%';
			
@@ -182,6 +205,51 @@ abstract class Table {
 
				 				$where .= " and $field_name like $val " ;
			
 
				 			}
			
 
				 
			
 
				+            if($operator == '=n_arr'){//or 连接的数字数组
			
 
				+                $where .= " and (";
			
 
				+			    $first = true;
			
 
				+			    foreach ($val as $item) {
			
 
				+			        if ($first) {
			
 
				+                        $where .= " $field_name = $item ";
			
 
				+                        $first = false;
			
 
				+                    } else {
			
 
				+                        $where .= " or $field_name = $item ";
			
 
				+                    }
			
 
				+                }
			
 
				+                $where .= ") ";
			
 
				+            }
			
 
				+
			
 
				+            if($operator == '=date'){//时间戳在当天
			
 
				+                $val = $this->pdo->sql_check_input(array('number', $val));
			
 
				+                if (empty($val)) {
			
 
				+                    break;
			
 
				+                }
			
 
				+                $begin = $val;    //不分时区
			
 
				+                $end = $val + 24*60*60;
			
 
				+                $where .= " and ($field_name >= $begin and $field_name < $end) ";
			
 
				+            }
			
 
				+
			
 
				+            if($operator == 'date2date'){//时间戳在两天之间
			
 
				+                if (!empty($val[0])) {
			
 
				+                    $begin = $val[0] - 8*60*60;    //东8时区
			
 
				+                    $where .= " and $field_name >= $begin ";
			
 
				+                }
			
 
				+                if (!empty($val[1])) {
			
 
				+                    $end = $val[1] + 16*60*60;
			
 
				+                    $where .= " and $field_name < $end ";
			
 
				+                }
			
 
				+            }
			
 
				+
			
 
				+            if($operator == 'id_in_arr'){//id在数组中
			
 
				+                $where .= " and (1=0 ";
			
 
				+			    foreach ($val as $tempId) {
			
 
				+                    $tempId = $this->pdo->sql_check_input(array('number', $tempId));
			
 
				+                    $where .= " or $field_name=$tempId ";
			
 
				+                }
			
 
				+                $where .= ") ";
			
 
				+            }
			
 
				+
			
 
				+
			
 
				 		}
			
 
				 		return $where;
			
 
				 	}