fix(bookings): 修复客服备注功能中的数据库连接和转义问题
将$conn改为$pdo以使用正确的数据库连接 移除addslashes函数调用,仅使用htmlspecialchars进行转义
This commit is contained in:
+3
-3
@@ -28,7 +28,7 @@ if (isset($_POST['action']) && isset($_POST['booking_id'])) {
|
|||||||
} elseif ($action == 'update_notes' && isset($_POST['notes_content'])) {
|
} elseif ($action == 'update_notes' && isset($_POST['notes_content'])) {
|
||||||
// 更新客服备注
|
// 更新客服备注
|
||||||
$notes_content = $_POST['notes_content'];
|
$notes_content = $_POST['notes_content'];
|
||||||
$stmt = $conn->prepare("UPDATE bookings SET custom_services = ? WHERE id = ?");
|
$stmt = $pdo->prepare("UPDATE bookings SET custom_services = ? WHERE id = ?");
|
||||||
$stmt->execute([$notes_content, $booking_id]);
|
$stmt->execute([$notes_content, $booking_id]);
|
||||||
echo 'success';
|
echo 'success';
|
||||||
exit();
|
exit();
|
||||||
@@ -230,13 +230,13 @@ try {
|
|||||||
<div class="package-description">
|
<div class="package-description">
|
||||||
<span class="detail-label">客服备注:</span>
|
<span class="detail-label">客服备注:</span>
|
||||||
<span><?php echo htmlspecialchars($booking['custom_services']); ?></span>
|
<span><?php echo htmlspecialchars($booking['custom_services']); ?></span>
|
||||||
<button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo addslashes(htmlspecialchars($booking['custom_services'])); ?>')" style="margin-left: 10px;">修改</button>
|
<button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo htmlspecialchars($booking['custom_services']); ?>')" style="margin-left: 10px;">修改</button>
|
||||||
</div>
|
</div>
|
||||||
<?php else: ?>
|
<?php else: ?>
|
||||||
<div class="package-description">
|
<div class="package-description">
|
||||||
<span class="detail-label">客服备注:</span>
|
<span class="detail-label">客服备注:</span>
|
||||||
<span style="color: #999;">无</span>
|
<span style="color: #999;">无</span>
|
||||||
<button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '')" style="margin-left: 10px;">添加</button>
|
<button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo htmlspecialchars($booking['custom_services']); ?>')" style="margin-left: 10px;">添加</button>
|
||||||
</div>
|
</div>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user