fix(bookings): 修复客服备注功能中的数据库连接和转义问题
将$conn改为$pdo以使用正确的数据库连接 移除addslashes函数调用,仅使用htmlspecialchars进行转义
This commit is contained in:
+3
-3
@@ -28,7 +28,7 @@ if (isset($_POST['action']) && isset($_POST['booking_id'])) {
|
||||
} elseif ($action == 'update_notes' && isset($_POST['notes_content'])) {
|
||||
// 更新客服备注
|
||||
$notes_content = $_POST['notes_content'];
|
||||
$stmt = $conn->prepare("UPDATE bookings SET custom_services = ? WHERE id = ?");
|
||||
$stmt = $pdo->prepare("UPDATE bookings SET custom_services = ? WHERE id = ?");
|
||||
$stmt->execute([$notes_content, $booking_id]);
|
||||
echo 'success';
|
||||
exit();
|
||||
@@ -230,13 +230,13 @@ try {
|
||||
<div class="package-description">
|
||||
<span class="detail-label">客服备注:</span>
|
||||
<span><?php echo htmlspecialchars($booking['custom_services']); ?></span>
|
||||
<button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo addslashes(htmlspecialchars($booking['custom_services'])); ?>')" style="margin-left: 10px;">修改</button>
|
||||
<button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo htmlspecialchars($booking['custom_services']); ?>')" style="margin-left: 10px;">修改</button>
|
||||
</div>
|
||||
<?php else: ?>
|
||||
<div class="package-description">
|
||||
<span class="detail-label">客服备注:</span>
|
||||
<span style="color: #999;">无</span>
|
||||
<button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '')" style="margin-left: 10px;">添加</button>
|
||||
<button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo htmlspecialchars($booking['custom_services']); ?>')" style="margin-left: 10px;">添加</button>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user