2 years ago · 7c1165889c
--- a/src/admin/article_add.php
+++ b/src/admin/article_add.php
@@ -40,7 +40,7 @@ if ($dopost != 'save') {
        }
    }
    //获得频道模型信息
    $cInfos = $dsql->GetOne("SELECT * From `#@__channeltype` where id='$channelid' ");
    $cInfos = $dsql->GetOne("SELECT * FROM `#@__channeltype` where id='$channelid' ");
    //获取文档最大id+1以确定当前权重
    $maxWright = $dsql->GetOne("SELECT id+1 AS cc FROM `#@__archives` ORDER BY id DESC LIMIT 1");
    $maxWright = empty($maxWright)? array('cc'=>1) : $maxWright;
--- a/src/admin/cards_make.php
+++ b/src/admin/cards_make.php
@@ -14,9 +14,9 @@ if (empty($dopost)) $dopost = '';
 if ($dopost == '') include(DEDEADMIN."/templets/cards_make.htm");
 //生成点卡
 elseif ($dopost == 'make') {
    $row = $dsql->GetOne("SELECT * FROM #@__moneycard_record ORDER BY aid DESC");
    $row = $dsql->GetOne("SELECT * FROM `#@__moneycard_record` ORDER BY aid DESC");
    !is_array($row) ? $startid = 100000 : $startid = $row['aid'] + 100000;
    $row = $dsql->GetOne("SELECT * FROM #@__moneycard_type WHERE tid='$cardtype'");
    $row = $dsql->GetOne("SELECT * FROM `#@__moneycard_type` WHERE tid='$cardtype'");
    $money = $row['money'];
    $num = $row['num'];
    $mtime = time();
--- a/src/admin/cards_manage.php
+++ b/src/admin/cards_manage.php
@@ -19,17 +19,17 @@ if ($dopost == "delete") {
        else $dquery .= " OR aid='$id' ";
    }
    if ($dquery != "") $dquery = " WHERE ".$dquery;
    $dsql->ExecuteNoneQuery("DELETE FROM #@__moneycard_record $dquery");
    $dsql->ExecuteNoneQuery("DELETE FROM `#@__moneycard_record` $dquery");
    ShowMsg("成功删除指定的记录", "cards_manage.php");
    exit();
 } else {
    $addsql = '';
    if (isset($isexp)) $addsql = " WHERE isexp='$isexp' ";
    $sql = "SELECT * FROM #@__moneycard_record $addsql ORDER BY aid DESC";
    $sql = "SELECT * FROM `#@__moneycard_record` $addsql ORDER BY aid DESC";
    $dlist = new DataListCP();
    $dlist->pagesize = 30;//设定每页显示记录数
    if (isset($isexp)) $dlist->SetParameter("isexp", $isexp);
    $dlist->dsql->SetQuery("SELECT * FROM #@__moneycard_type ");
    $dlist->dsql->SetQuery("SELECT * FROM `#@__moneycard_type`");
    $dlist->dsql->Execute('ts');
    while ($rw = $dlist->dsql->GetArray('ts')) {
        $TypeNames[$rw['tid']] = $rw['pname'];
@@ -44,7 +44,7 @@ function GetMemberID($mid)
 {
    global $dsql;
    if ($mid == 0) return '0';
    $row = $dsql->GetOne("SELECT userid FROM #@__member WHERE mid='$mid' ");
    $row = $dsql->GetOne("SELECT userid FROM `#@__member` WHERE mid='$mid' ");
    if (is_array($row)) return "<a href='member_view.php?mid={$mid}'>".$row['userid']."</a>";
    else return '0';
 }
--- a/src/admin/catalog_del.php
+++ b/src/admin/catalog_del.php
@@ -24,7 +24,7 @@ if ($dopost == 'ok') {
    ShowMsg("成功删除一个栏目", "catalog_main.php");
    exit();
 }
 $dsql->SetQuery("SELECT typename,typedir FROM #@__arctype WHERE id=".$id);
 $dsql->SetQuery("SELECT typename,typedir FROM `#@__arctype` WHERE id=".$id);
 $row = $dsql->GetOne();
 $wintitle = "删除栏目确认";
 $wecome_info = "<a href='catalog_main.php'>栏目管理</a> &gt; 删除栏目确认";
@@ -32,7 +32,7 @@ $win = new OxWindow();
 $win->Init('catalog_del.php', 'js/blank.js', 'POST');
 $win->AddHidden('id', $id);
 $win->AddHidden('dopost', 'ok');
 $win->AddTitle("您要确定要删除栏目：[{$row['typename']}] 吗");
 $win->AddTitle("您要确定要删除栏目：[{$row['typename']}]吗");
 $win->AddItem('栏目的文件保存目录：', $row['typedir']);
 $win->AddItem('是否删除文件：', "<label><input type='radio' name='delfile' value='no' checked='1'> 否</label> <label><input type='radio' name='delfile' value='yes'> 是</label>");
 $winform = $win->GetWindow('ok');
--- a/src/admin/content_batchup_action.php
+++ b/src/admin/content_batchup_action.php
@@ -42,7 +42,7 @@ if ($seltime == 1) {
    $gwhere .= " AND (senddate >= $t1 AND senddate <= $t2) ";
 }
 if (!empty($userid)) {
    $row = $dsql->GetOne("SELECT `mid` FROM #@__member WHERE `userid` LIKE '$userid'");
    $row = $dsql->GetOne("SELECT `mid` FROM `#@__member` WHERE `userid` LIKE '$userid'");
    if (is_array($row)) {
        $gwhere .= " AND mid = {$row['mid']} ";
    }
@@ -118,8 +118,8 @@ else if ($action == 'move') {
        ShowMsg('该操作必须指定栏目', 'javascript:;');
        exit();
    }
    $typeold = $dsql->GetOne("SELECT * FROM #@__arctype WHERE id='$typeid'; ");
    $typenew = $dsql->GetOne("SELECT * FROM #@__arctype WHERE id='$newtypeid'; ");
    $typeold = $dsql->GetOne("SELECT * FROM `#@__arctype` WHERE id='$typeid'; ");
    $typenew = $dsql->GetOne("SELECT * FROM `#@__arctype` WHERE id='$newtypeid'; ");
    if (!is_array($typenew)) {
        ShowMsg("无法检测移动到的新栏目的信息，不能完成操作", "javascript:;");
        exit();
@@ -160,7 +160,7 @@ else if ($action == 'move') {
 }
 //删除空标题内容
 else if ($action == 'delnulltitle') {
    $dsql->SetQuery("SELECT id FROM #@__archives WHERE trim(title)='' ");
    $dsql->SetQuery("SELECT id FROM `#@__archives` WHERE trim(title)='' ");
    $dsql->Execute('x');
    $tdd = 0;
    while ($row = $dsql->GetObject('x')) {
@@ -171,7 +171,7 @@ else if ($action == 'delnulltitle') {
 }
 //修正缩略图错误
 else if ($action == 'modddpic') {
    $dsql->ExecuteNoneQuery("UPDATE #@__archives SET litpic='' WHERE trim(litpic)='litpic' ");
    $dsql->ExecuteNoneQuery("UPDATE `#@__archives` SET litpic='' WHERE trim(litpic)='litpic' ");
    ShowMsg("成功修正缩略图错误", "javascript:;");
    exit();
 }
--- a/src/admin/diy_add.php
+++ b/src/admin/diy_add.php
@@ -14,13 +14,13 @@ $mysql_version = $dsql->GetVersion();
 $mysql_versions = explode(".", trim($mysql_version));
 $mysql_version = $mysql_versions[0].".".$mysql_versions[1];
 if (empty($action)) {
    $row = $dsql->GetOne("SELECT diyid FROM #@__diyforms ORDER BY diyid DESC LIMIT 0,1 ");
    $row = $dsql->GetOne("SELECT diyid FROM `#@__diyforms` ORDER BY diyid DESC LIMIT 0,1");
    if (is_array($row)) $newdiyid = $row['diyid'] + 1;
    else $newdiyid = 1;
    include(DEDEADMIN."/templets/diy_add.htm");
 } else {
    if (preg_match("#[^0-9-]#", $diyid) || empty($diyid)) {
        ShowMsg("<span class='text-danger'>'自定义表单diyid'</span>必须为数字", "-1");
        ShowMsg("<span class='text-danger'>'自定义表单id'</span>必须为数字", "-1");
        exit();
    }
    if ($table == "") {
@@ -29,7 +29,7 @@ if (empty($action)) {
    }
    $public = isset($public) && is_numeric($public) ? $public : 0;
    $name = dede_htmlspecialchars($name);
    $row = $dsql->GetOne("SELECT * FROM `#@__diyforms` WHERE diyid='$diyid' OR `table` LIKE '$table' OR name LIKE '$name' ");
    $row = $dsql->GetOne("SELECT * FROM `#@__diyforms` WHERE diyid='$diyid' OR `table` LIKE '$table' OR name LIKE '$name'");
    if (is_array($row)) {
        ShowMsg("可能自定义表单的‘diyid’、‘名称’在数据库中已存在，不能重复使用", "-1");
        exit();
--- a/src/admin/diy_field_add.php
+++ b/src/admin/diy_field_add.php
@@ -73,7 +73,7 @@ if ($action == 'save') {
 /*----------------------
 function ShowPage()
 ---------------------*/
 $row = $dsql->GetOne("SELECT `table` FROM #@__diyforms WHERE diyid='$diyid'");
 $row = $dsql->GetOne("SELECT `table` FROM `#@__diyforms` WHERE diyid='$diyid'");
 $trueTable = $row['table'];
 $tabsql = "CREATE TABLE IF NOT EXISTS  `$trueTable`(
 `id` int(10) unsigned NOT NULL auto_increment,
--- a/src/admin/diy_main.php
+++ b/src/admin/diy_main.php
@@ -13,7 +13,7 @@ CheckPurview('c_List');
 require_once(DEDEINC."/datalistcp.class.php");
 require_once(DEDEINC."/common.func.php");
 setcookie("ENV_GOBACK_URL", $dedeNowurl, time() + 3600, "/");
 $sql = "Select `diyid`,`name`,`table` From #@__diyforms order by diyid asc";
 $sql = "SELECT `diyid`,`name`,`table` FROM `#@__diyforms` ORDER BY diyid ASC";
 $dlist = new DataListCP();
 $dlist->SetTemplet(DEDEADMIN."/templets/diy_main.htm");
 $dlist->SetSource($sql);
--- a/src/admin/freelist_edit.php
+++ b/src/admin/freelist_edit.php
@@ -13,7 +13,7 @@ if (empty($dopost)) {
    require_once DEDEINC.'/typelink/typelink.class.php';
    require_once DEDEINC.'/dedetag.class.php';
    $aid = isset($aid) && is_numeric($aid) ? $aid : 0;
    $row = $dsql->GetOne("Select * From `#@__freelist` where aid='$aid' ");
    $row = $dsql->GetOne("SELECT * FROM `#@__freelist` where aid='$aid' ");
    $dtp = new DedeTagParse();
    $dtp->SetNameSpace("dede", "{", "}");
    $dtp->LoadSource("--".$row['listtag']."--");
--- a/src/admin/inc/inc_catalog_options.php
+++ b/src/admin/inc/inc_catalog_options.php
@@ -49,10 +49,10 @@ function GetOptionList($selid = 0, $userCatalog = 0, $channeltype = 0)
            $admin_catalogs = array_unique($admin_catalogs);
            $admin_catalog = join(',', $admin_catalogs);
            $admin_catalog = preg_replace("#,$#", '', $admin_catalog);
            $query = "Select id,typename,ispart,channeltype From `#@__arctype` where id in($admin_catalog) And reid=0";
            $query = "SELECT id,typename,ispart,channeltype FROM `#@__arctype` WHERE id in($admin_catalog) And reid=0";
        }
    } else {
        $query = "Select id,typename,ispart,channeltype From `#@__arctype` where reid=0 order by sortrank asc";
        $query = "SELECT id,typename,ispart,channeltype FROM `#@__arctype` WHERE reid=0 ORDER BY sortrank ASC";
    }
    $dsql->SetQuery($query);
    $dsql->Execute('cc');
--- a/src/admin/inc/inc_list_functions.php
+++ b/src/admin/inc/inc_list_functions.php
@@ -23,7 +23,7 @@ function GetTypename($tid)
            return base64_decode($cfg_Cs[$tid][3]);
        }
    } else {
        $row = $dsql->GetOne("SELECT typename FROM #@__arctype WHERE id = '{$tid}'");
        $row = $dsql->GetOne("SELECT typename FROM `#@__arctype` WHERE id = '{$tid}'");
        unset($dsql);
        unset($cfg_Cs);
        return isset($row['typename']) ? $row['typename'] : '';
--- a/src/admin/log_edit.php
+++ b/src/admin/log_edit.php
@@ -16,7 +16,7 @@ if (empty($dopost)) {
 }
 //清空所有日志
 if ($dopost == "clear") {
    $dsql->ExecuteNoneQuery("DELETE FROM #@__log");
    $dsql->ExecuteNoneQuery("DELETE FROM `#@__log`");
    ShowMsg("成功清空所有日志", "log_list.php");
    exit();
 } else if ($dopost == "del") {
@@ -31,7 +31,7 @@ if ($dopost == "clear") {
        }
    }
    if ($dquery != "") $dquery = " where ".$dquery;
    $dsql->ExecuteNoneQuery("DELETE FROM #@__log $dquery");
    $dsql->ExecuteNoneQuery("DELETE FROM `#@__log` $dquery");
    ShowMsg("成功删除指定的日志", $bkurl);
    exit();
 } else {
--- a/src/admin/member_operations.php
+++ b/src/admin/member_operations.php
@@ -21,7 +21,7 @@ $dlist = new DataListCP();
 $dlist->pagesize = 30;
 $dlist->SetParameter("buyid", $buyid);
 if (isset($sta)) $dlist->SetParameter("sta", $sta);
 $dlist->dsql->SetQuery("SELECT * FROM #@__moneycard_type ");
 $dlist->dsql->SetQuery("SELECT * FROM `#@__moneycard_type`");
 $dlist->dsql->Execute('ts');
 while ($rw = $dlist->dsql->GetArray('ts')) {
    $TypeNames[$rw['tid']] = $rw['pname'];
@@ -37,7 +37,7 @@ function GetMemberID($mid)
    if ($mid == 0) {
        return '0';
    }
    $row = $dsql->GetOne("SELECT userid FROM #@__member WHERE mid='$mid' ");
    $row = $dsql->GetOne("SELECT userid FROM `#@__member` WHERE mid='$mid' ");
    if (is_array($row)) {
        return "<a href='member_view.php?id={$mid}'>".$row['userid']."</a>";
    } else {
--- a/src/admin/member_pm.php
+++ b/src/admin/member_pm.php
@@ -18,7 +18,7 @@ if (!isset($keyword)) $keyword = '';
 if (isset($dopost)) {
    $ID = preg_replace("#[^0-9]#", "", $ID);
    if ($dopost == "del" && !empty($ID)) {
        $dsql->ExecuteNoneQuery("DELETE FROM #@__member_pms WHERE id='$ID'");
        $dsql->ExecuteNoneQuery("DELETE FROM `#@__member_pms` WHERE id='$ID'");
    }
 }
 $whereSql = '';
@@ -31,7 +31,7 @@ if (!empty($keyword)) {
 if (!empty($username)) {
    $whereSql .= " AND floginid like '%".$username."%'";
 }
 $sql = "SELECT * FROM #@__member_pms $whereSql ORDER BY sendtime desc";
 $sql = "SELECT * FROM `#@__member_pms` $whereSql ORDER BY sendtime desc";
 $dlist = new DataListCP();
 $dlist->pagesize = 30;
 $dlist->SetParameter("folder", $folder);
--- a/src/admin/member_pmone.php
+++ b/src/admin/member_pmone.php
@@ -57,7 +57,7 @@ if ($action == "post") {
        ShowMsg($msg, "-1");
        exit();
    }
    $row = $dsql->GetOne("Select * From `#@__member` where userid like '$msgtoid' ");
    $row = $dsql->GetOne("SELECT * FROM `#@__member` where userid like '$msgtoid' ");
    if (!is_array($row)) {
        ShowMsg("您指定的用户不存在，不能发送信息", "-1");
        exit();
--- a/src/admin/member_view.php
+++ b/src/admin/member_view.php
@@ -12,7 +12,7 @@ require(dirname(__FILE__)."/config.php");
 CheckPurview('member_Edit');
 $ENV_GOBACK_URL = isset($_COOKIE['ENV_GOBACK_URL']) ? "member_main.php" : '';
 $id = preg_replace("#[^0-9]#", "", $id);
 $row = $dsql->GetOne("SELECT * from #@__member where mid='$id'");
 $row = $dsql->GetOne("SELECT * FROM `#@__member` WHERE mid='$id'");
 $staArr = array(
    -10 => '等待验证邮件',
    -2 => '限制用户(禁言)',
--- a/src/admin/mychannel_edit.php
+++ b/src/admin/mychannel_edit.php
@@ -512,7 +512,7 @@ else if ($dopost == 'modifysearch') {
            }
        }
        if (is_array($addonfields) && !empty($addonfields)) {
            $query = "SELECT * FROM #@__channeltype WHERE id='$mid'";
            $query = "SELECT * FROM `#@__channeltype` WHERE id='$mid'";
            $channel = $dsql->GetOne($query);
            $dtp = new DedeTagParse();
            $dtp->SetNameSpace("field", "<", ">");
@@ -576,7 +576,7 @@ else if ($dopost == 'modifysearch') {
        }
        $forms .= '<input type="submit" name="submit" value="开始搜索" /></form>';
        $formssql = addslashes($forms);
        $query = "REPLACE INTO #@__advancedsearch(mid, maintable, mainfields, addontable, addonfields, forms, template) VALUES ('$mid','$maintable','$mainstring','$addontable','$addonstring','$formssql', '$template')";
        $query = "REPLACE INTO `#@__advancedsearch` (mid, maintable, mainfields, addontable, addonfields, forms, template) VALUES ('$mid','$maintable','$mainstring','$addontable','$addonstring','$formssql', '$template')";
        $dsql->ExecuteNoneQuery($query);
        $formshtml = dede_htmlspecialchars($forms);
        echo '<meta http-equiv="Content-Type" content="text/html; charset='.$cfg_soft_lang.'">';
--- a/src/admin/templets/ad_add.htm
+++ b/src/admin/templets/ad_add.htm
@@ -139,12 +139,12 @@
      </tr>
    </table>
  </form>
  <div style="display:none" id="formtxt">
  <div id="formtxt" style="display:none">
    <div class="content" id="code" style="display:none">
      <table width="80%" cellpadding="3" cellspacing="1" class="i_table">
        <tr>
          <td width="260">广告代码:<br>
            请填写广告代码，支持html代码</td>
            请填写广告代码，支持网页代码</td>
          <td><textarea name="normbody[htmlcode]" class="biz-textarea"></textarea></td>
        </tr>
      </table>
--- a/src/admin/templets/adtype_main.htm
+++ b/src/admin/templets/adtype_main.htm
@@ -20,7 +20,7 @@
      <td width="36%" align="center">状态</td>
    </tr>
    <?php
  	$dsql->SetQuery("Select * From #@__myadtype");
  	$dsql->SetQuery("SELECT * FROM `#@__myadtype`");
  	$dsql->Execute();
  	$k=0;
  	while($row = $dsql->GetObject())
--- a/src/admin/templets/album_add.htm
+++ b/src/admin/templets/album_add.htm
@@ -89,7 +89,7 @@
              <td width="90">自定义属性：</td>
              <td>
              <?php
              $dsql->SetQuery("Select * From `#@__arcatt` order by sortid asc");
              $dsql->SetQuery("SELECT * FROM `#@__arcatt` order by sortid asc");
              $dsql->Execute();
              while($trow = $dsql->GetObject())
              {
@@ -401,7 +401,7 @@
              <td width="260"><select name="arcrank" id="arcrank" class="biz-input-sm">
                <?php
                $urank = $cuserLogin->getUserRank();
                $dsql->SetQuery("Select * from `#@__arcrank` where adminrank<='$urank'");
                $dsql->SetQuery("SELECT * FROM `#@__arcrank` where adminrank<='$urank'");
                $dsql->Execute();
                while($row = $dsql->GetObject())
                {
--- a/src/admin/templets/album_edit.htm
+++ b/src/admin/templets/album_edit.htm
@@ -448,7 +448,7 @@
              <option value="<?php echo $arcRow['arcrank']?>"> <?php echo $arcRow["rankname"]?> </option>
              <?php
              $urank = $cuserLogin->getUserRank();
              $dsql->SetQuery("Select * from #@__arcrank where adminrank<='$urank'");
              $dsql->SetQuery("SELECT * FROM #@__arcrank where adminrank<='$urank'");
              $dsql->Execute();
              while($row = $dsql->GetObject()){
              	echo "<option value='".$row->rank."'>".$row->membername."</option>";
--- a/src/admin/templets/archives_add.htm
+++ b/src/admin/templets/archives_add.htm
@@ -68,7 +68,7 @@
              <td width="90">自定义属性：</td>
              <td>
              <?php
            	$dsql->SetQuery("Select * From `#@__arcatt` order by sortid asc");
            	$dsql->SetQuery("SELECT * FROM `#@__arcatt` order by sortid asc");
            	$dsql->Execute();
            	while($trow = $dsql->GetObject())
            	{
@@ -284,7 +284,7 @@
              <td width="260"><select name="arcrank" id="arcrank" class="biz-input-sm">
              <?php
              $urank = $cuserLogin->getUserRank();
              $dsql->SetQuery("Select * from `#@__arcrank` where adminrank<='$urank'");
              $dsql->SetQuery("SELECT * FROM `#@__arcrank` where adminrank<='$urank'");
              $dsql->Execute();
              while($row = $dsql->GetObject())
              {
--- a/src/admin/templets/archives_edit.htm
+++ b/src/admin/templets/archives_edit.htm
@@ -279,7 +279,7 @@
                <option value='<?php echo $arcRow["arcrank"]?>'><?php echo $arcRow["rankname"]?></option>
                <?php
                $urank = $cuserLogin->getUserRank();
                $dsql->SetQuery("Select * from #@__arcrank where adminrank<='$urank'");
                $dsql->SetQuery("SELECT * FROM #@__arcrank where adminrank<='$urank'");
                $dsql->Execute();
                while($row = $dsql->GetObject()){
                	echo "<option value='".$row->rank."'>".$row->membername."</option>";
--- a/src/admin/templets/archives_sg_add.htm
+++ b/src/admin/templets/archives_sg_add.htm
@@ -67,7 +67,7 @@
              <td width="90">自定义属性：</td>
              <td>
              	<?php
              	$dsql->SetQuery("Select * From `#@__arcatt` where att<>'j' And att<>'p' order by sortid asc");
              	$dsql->SetQuery("SELECT * FROM `#@__arcatt` where att<>'j' And att<>'p' order by sortid asc");
              	$dsql->Execute();
              	while($trow = $dsql->GetObject())
              	{
@@ -131,7 +131,7 @@
              	<select name="arcrank" id="arcrank" class="biz-input-sm">
                <?php
                $urank = $cuserLogin->getUserRank();
                $dsql->SetQuery("Select * from `#@__arcrank` where adminrank<='$urank'");
                $dsql->SetQuery("SELECT * FROM `#@__arcrank` where adminrank<='$urank'");
                $dsql->Execute();
                while($row = $dsql->GetObject())
                {
--- a/src/admin/templets/archives_sg_edit.htm
+++ b/src/admin/templets/archives_sg_edit.htm
@@ -131,7 +131,7 @@
                <option value='<?php echo $addRow["arcrank"];?>'><?php echo $addRow["rankname"];?></option>
                <?php
                $urank = $cuserLogin->getUserRank();
                $dsql->SetQuery("Select * from `#@__arcrank` where adminrank<='$urank' And `rank`<>'{$addRow["arcrank"]}' ");
                $dsql->SetQuery("SELECT * FROM `#@__arcrank` where adminrank<='$urank' And `rank`<>'{$addRow["arcrank"]}' ");
                $dsql->Execute();
                while($row = $dsql->GetObject()) {
                	echo "<option value='".$row->rank."'>".$row->membername."</option>";
--- a/src/admin/templets/article_add.htm
+++ b/src/admin/templets/article_add.htm
@@ -90,7 +90,7 @@
              <td width="90">自定义属性：</td>
              <td align="left">
              <?php
            	$dsql->SetQuery("Select * From `#@__arcatt` order by sortid asc");
            	$dsql->SetQuery("SELECT * FROM `#@__arcatt` order by sortid asc");
            	$dsql->Execute();
            	while($trow = $dsql->GetObject())
            	{
@@ -318,7 +318,7 @@
                <select name="arcrank" id="arcrank" class="biz-input-sm">
                <?php
                $urank = $cuserLogin->getUserRank();
                $dsql->SetQuery("Select * from `#@__arcrank` where adminrank<='$urank'");
                $dsql->SetQuery("SELECT * FROM `#@__arcrank` where adminrank<='$urank'");
                $dsql->Execute();
                while($row = $dsql->GetObject())
                {
--- a/src/admin/templets/article_edit.htm
+++ b/src/admin/templets/article_edit.htm
@@ -281,7 +281,7 @@
                  <option value='<?php echo $arcRow["arcrank"]?>'> <?php echo $arcRow["rankname"]?> </option>
                  <?php
                  $urank = $cuserLogin->getUserRank();
                  $dsql->SetQuery("Select * from `#@__arcrank` where adminrank<='$urank'");
                  $dsql->SetQuery("SELECT * FROM `#@__arcrank` where adminrank<='$urank'");
                  $dsql->Execute();
                  while($row = $dsql->GetObject()){
                    echo "<option value='".$row->rank."'>".$row->membername."</option>";
--- a/src/admin/templets/cards_make.htm
+++ b/src/admin/templets/cards_make.htm
@@ -33,7 +33,7 @@
              <td>
                <select name="cardtype" class="biz-input-sm">
                  <?php
                  $dsql->SetQuery("Select * From #@__moneycard_type");
                  $dsql->SetQuery("SELECT * FROM `#@__moneycard_type`");
                  $dsql->Execute();
                  while($row=$dsql->GetArray()){
                    echo "  <option value='{$row['tid']}'>{$row['pname']}</option>";
--- a/src/admin/templets/cards_type.htm
+++ b/src/admin/templets/cards_type.htm
@@ -22,7 +22,7 @@
        <td width="17%" align="center">状态</td>
      </tr>
      <?php
    	$dsql->SetQuery("Select * From #@__moneycard_type");
    	$dsql->SetQuery("SELECT * FROM `#@__moneycard_type`");
    	$dsql->Execute();
    	$k=0;
    	while($row = $dsql->GetObject())
--- a/src/admin/templets/catalog_add.htm
+++ b/src/admin/templets/catalog_add.htm
@@ -237,7 +237,7 @@
              <td class="biz-td">
                <select name="corank" id="corank" class="biz-input-sm">
                  <?php
                  $dsql->SetQuery("Select * from `#@__arcrank` where `rank` >= 0");
                  $dsql->SetQuery("SELECT * FROM `#@__arcrank` where `rank` >= 0");
                  $dsql->Execute('cc');
                  while($row = $dsql->GetObject('cc')){
                    if ($corank==$row->rank) echo "<option value='".$row->rank."' selected>".$row->membername."</option>";
--- a/src/admin/templets/catalog_edit.htm
+++ b/src/admin/templets/catalog_edit.htm
@@ -214,7 +214,7 @@
              <td class="biz-td">
                <select name="corank" id="corank" class="biz-input-sm">
                <?php
                $dsql->SetQuery("Select * from #@__arcrank where `rank` >= 0");
                $dsql->SetQuery("SELECT * FROM `#@__arcrank` where `rank` >= 0");
                $dsql->Execute('cc');
                while($row = $dsql->GetObject('cc'))
                {
--- a/src/admin/templets/content_att.htm
+++ b/src/admin/templets/content_att.htm
@@ -24,7 +24,7 @@
        <td width="70%">属性名称</td>
      </tr>
      <?php
    	$dsql->SetQuery("SELECT * From `#@__arcatt` order by sortid asc ");
    	$dsql->SetQuery("SELECT * FROM `#@__arcatt` order by sortid asc ");
    	$dsql->Execute();
    	$k=0;
    	while($row = $dsql->GetObject())
--- a/src/admin/templets/feedback_edit.htm
+++ b/src/admin/templets/feedback_edit.htm
@@ -37,7 +37,7 @@
            </tr>
            <tr>
              <td>评论内容：</td>
              <td>修改的评论内容HTML代码不会被屏蔽，可用HTML语法编辑</td>
              <td>修改的评论内容网页代码不会被屏蔽，可用HTML语法编辑</td>
            </tr>
            <tr>
              <td height="62" align="center"></td>
@@ -45,7 +45,7 @@
            </tr>
            <tr>
              <td>管理员回复：</td>
              <td>回复内容的HTML代码会被屏蔽</td>
              <td>回复内容的网页代码会被屏蔽</td>
            </tr>
            <tr>
              <td align="center"></td>
--- a/src/admin/templets/freelist_add.htm
+++ b/src/admin/templets/freelist_add.htm
@@ -155,7 +155,7 @@
                  <?php
                  echo "<select name='typeid' class='biz-input-sm'>";
                  echo "<option value='0'>不限栏目</option>";
                  $dsql->SetQuery("Select ID,typename, channeltype From #@__arctype");
                  $dsql->SetQuery("Select ID,typename, channeltype From `#@__arctype`");
                  $dsql->Execute();
                  while($lrow = $dsql->GetObject()){
                 	$disable = '';
@@ -174,7 +174,7 @@
                  <?php
                  echo "<select name='channel' class='biz-input-sm'>";
                  echo "<option value='0' selected>不限</option>";
                  $dsql->SetQuery("Select ID,typename From #@__channeltype where ID>0");
                  $dsql->SetQuery("Select ID,typename From `#@__channeltype` where ID>0");
            	    $dsql->Execute();
            	    while($row = $dsql->GetObject())
            	    {
@@ -189,7 +189,7 @@
                  <?php
                  echo "<select name='att' class='biz-input-sm'>";
                  echo "<option value='0' selected>不限</option>";
                  $dsql->SetQuery("Select * From #@__arcatt");
                  $dsql->SetQuery("SELECT * FROM `#@__arcatt`");
          	      $dsql->Execute();
          	      while($row = $dsql->GetObject())
          	      {
--- a/src/admin/templets/freelist_edit.htm
+++ b/src/admin/templets/freelist_edit.htm
@@ -120,7 +120,7 @@
                  $typeid = $ctag->GetAtt('typeid');
                  echo "<select name='typeid' class='biz-input-sm'>";
                  echo "<option value='0'>不限栏目</option>";
                  $dsql->SetQuery("Select id,typename, channeltype From #@__arctype");
                  $dsql->SetQuery("Select id,typename, channeltype From `#@__arctype`");
                  $dsql->Execute();
                  while($lrow = $dsql->GetObject()){
                    $disable = '';
@@ -140,7 +140,7 @@
                  <?php
                  $channel  = $ctag->GetAtt('channel');
                  echo "<select name='channel' class='biz-input-sm'><option value='0'>不限</option>";
                  $dsql->SetQuery("Select id,typename From #@__channeltype where id>0");
                  $dsql->SetQuery("Select id,typename From `#@__channeltype` where id>0");
                  $dsql->Execute();
                  while($nrow = $dsql->GetObject())
                  {
@@ -157,7 +157,7 @@
                  $att  = $ctag->GetAtt('att');
                  echo "<select name='att' class='biz-input-sm'>";
                  echo "<option value='0'>不限</option>";
                  $dsql->SetQuery("Select * From #@__arcatt");
                  $dsql->SetQuery("SELECT * FROM `#@__arcatt`");
                  $dsql->Execute();
                  while($nrow = $dsql->GetObject())
                  {
--- a/src/admin/templets/friendlink_add.htm
+++ b/src/admin/templets/friendlink_add.htm
@@ -72,7 +72,7 @@
          <td>
          <select name="typeid" id="typeid" class="biz-input-sm">
          <?php
          $dsql->SetQuery("select * from #@__flinktype");
          $dsql->SetQuery("SELECT * FROM `#@__flinktype`");
          $dsql->Execute();
          while($row=$dsql->GetObject())
          {
--- a/src/admin/templets/friendlink_edit.htm
+++ b/src/admin/templets/friendlink_edit.htm
@@ -61,7 +61,7 @@
                <select name="typeid" id="typeid" class="biz-input-sm">
                  <?php
                  echo " <option value='".$myLink['typeid']."'>".$myLink['typename']."</option>";
                  $dsql->SetQuery("select * from #@__flinktype where id<>'".$myLink['typeid']."'");
                  $dsql->SetQuery("SELECT * FROM `#@__flinktype` where id<>'".$myLink['typeid']."'");
                  $dsql->Execute();
                  while($row=$dsql->GetObject()){
                  	echo " <option value='".$row->id."'>".$row->typename."</option>";
--- a/src/admin/templets/friendlink_type.htm
+++ b/src/admin/templets/friendlink_type.htm
@@ -21,7 +21,7 @@
        <td width="34%" align="center">状态</td>
      </tr>
      <?php
    	$dsql->SetQuery("Select * From #@__flinktype");
    	$dsql->SetQuery("SELECT * FROM `#@__flinktype`");
    	$dsql->Execute();
    	$k=0;
    	while($row = $dsql->GetObject())
--- a/src/admin/templets/member_toadmin.htm
+++ b/src/admin/templets/member_toadmin.htm
@@ -67,7 +67,7 @@
              <td class="biz-td">
                <select name='usertype' class='biz-input-sm'>
                <?php
                $dsql->SetQuery("Select * from `#@__admintype` order by `rank` asc");
                $dsql->SetQuery("SELECT * FROM `#@__admintype` order by `rank` asc");
                $dsql->Execute("ut");
                while($myrow = $dsql->GetObject("ut"))
                {
--- a/src/admin/templets/member_type.htm
+++ b/src/admin/templets/member_type.htm
@@ -33,7 +33,7 @@
        <td width="16%" align="center">状态</td>
      </tr>
      <?php
      $dsql->SetQuery("Select * From #@__member_type");
      $dsql->SetQuery("SELECT * FROM `#@__member_type`");
      $dsql->Execute();
      $k=0;
      while($row = $dsql->GetObject())
--- a/src/admin/templets/member_view.htm
+++ b/src/admin/templets/member_view.htm
@@ -155,7 +155,7 @@
            <td>空间信息：</td>
            <td class="biz-td">
            <?php
            $nrow = $dsql->GetOne("Select * From `#@__member_tj` where mid='{$row['mid']}' ");
            $nrow = $dsql->GetOne("SELECT * FROM `#@__member_tj` where mid='{$row['mid']}' ");
            echo "文档：{$nrow['article']} 图集：{$nrow['album']} 文档：{$nrow['archives']} 收藏：{$nrow['stow']}";
            echo "<br>空间访问：{$nrow['homecount']} 页面访问：{$nrow['pagecount']} 留言：{$nrow['feedback']} 好友：{$nrow['friend']} ";
            ?>
--- a/src/admin/templets/mychannel_add.htm
+++ b/src/admin/templets/mychannel_add.htm
@@ -89,7 +89,7 @@
            <option value="0">游客</option>
            <?php
              $urank = $cuserLogin->getUserRank();
              $dsql->SetQuery("Select * from `#@__arcrank` where adminrank<='$urank' And `rank`>=10");
              $dsql->SetQuery("SELECT * FROM `#@__arcrank` where adminrank<='$urank' And `rank`>=10");
              $dsql->Execute();
              while($row2 = $dsql->GetObject())
              {
@@ -103,7 +103,7 @@
        <td>许可投稿会员组</td>
        <td>
          <?php
          $dsql->SetQuery("Select * from `#@__member_model`");
          $dsql->SetQuery("SELECT * FROM `#@__member_model`");
          $dsql->Execute();
          while($row3 = $dsql->GetObject())
          {
--- a/src/admin/templets/mychannel_edit.htm
+++ b/src/admin/templets/mychannel_edit.htm
@@ -141,7 +141,7 @@
            <option value="0">游客</option>
            <?php
            $urank = $cuserLogin->getUserRank();
            $dsql->SetQuery("Select * from `#@__arcrank` where adminrank<='$urank' And `rank`>=10");
            $dsql->SetQuery("SELECT * FROM `#@__arcrank` where adminrank<='$urank' And `rank`>=10");
            $dsql->Execute();
            while($row2 = $dsql->GetObject())
            {
@@ -156,7 +156,7 @@
        <td>许可投稿会员组</td>
        <td>
        <?php
        $dsql->SetQuery("Select * from `#@__member_model`");
        $dsql->SetQuery("SELECT * FROM `#@__member_model`");
        $dsql->Execute();
        while($row3 = $dsql->GetObject())
        {
--- a/src/admin/templets/mytag_add.htm
+++ b/src/admin/templets/mytag_add.htm
@@ -64,7 +64,7 @@
            <input type="hidden" name="dopost" value="save">
            <input type="hidden" name="_csrf_token" value="<?php echo $GLOBALS['csrf_token'];?>">
            <tr>
              <td colspan="3"><div class="alert alert-info mb-0">自定义标记的调用方法：{dede:mytag name='标记名称' ismake='是否含板块代码（yes 或 no）' typeid='栏目id'/} 1、name 标记名称，该项是必须的属性，以下2、3是可选属性；2、ismake 默认是no表示设定的纯HTML代码，yes表示含板块标记的代码；3、typeid表示所属栏目的id，默认为0，表示所有栏目通用的显示内容，在列表和文档模板中，typeid默认是这个列表或文档本身的栏目id</div></td>
              <td colspan="3"><div class="alert alert-info mb-0">自定义标记的调用方法：{dede:mytag name='标记名称' ismake='是否含板块代码（yes 或 no）' typeid='栏目id'/} 1、name 标记名称，该项是必须的属性，以下2、3是可选属性；2、ismake 默认是no表示设定的纯网页代码，yes表示含板块标记的代码；3、typeid表示所属栏目的id，默认为0，表示所有栏目通用的显示内容，在列表和文档模板中，typeid默认是这个列表或文档本身的栏目id</div></td>
            </tr>
            <tr>
              <td width="15%" align="center">所属栏目：</td>
--- a/src/admin/templets/mytag_tag_guide.htm
+++ b/src/admin/templets/mytag_tag_guide.htm
@@ -115,7 +115,7 @@
                  <?php
                  echo "<select name='channel' class='biz-input-sm'>";
                  echo "<option value='0' selected>不限频道</option>";
                  $tl->dsql->SetQuery("Select id,typename From #@__channeltype where id>0");
                  $tl->dsql->SetQuery("Select id,typename From `#@__channeltype` where id>0");
              	  $tl->dsql->Execute();
              	  while($row = $tl->dsql->GetObject())
              	  {
@@ -127,7 +127,7 @@
                  <?php
                  echo "<select name='att' class='biz-input-sm'>";
                  echo "<option value='0' selected>不限</option>";
                  $tl->dsql->SetQuery("Select * From #@__arcatt");
                  $tl->dsql->SetQuery("SELECT * FROM `#@__arcatt`");
            	    $tl->dsql->Execute();
            	    while($row = $tl->dsql->GetObject())
            	    {
--- a/src/admin/templets/soft_add.htm
+++ b/src/admin/templets/soft_add.htm
@@ -82,7 +82,7 @@
            <tr>
              <td width="90">自定义属性：</td>
              <td><?php
              $dsql->SetQuery("Select * From `#@__arcatt` order by sortid asc");
              $dsql->SetQuery("SELECT * FROM `#@__arcatt` order by sortid asc");
              $dsql->Execute();
              while($trow = $dsql->GetObject())
              {
@@ -319,7 +319,7 @@
              <td align="left">
                <select name="daccess" id="daccess" class="biz-input-sm">
                <?php
                $dsql->SetQuery("Select * from `#@__arcrank` where `rank`>=0 ");
                $dsql->SetQuery("SELECT * FROM `#@__arcrank` where `rank`>=0 ");
                $dsql->Execute();
                while($row = $dsql->GetArray())
                {
--- a/src/admin/templets/soft_config.htm
+++ b/src/admin/templets/soft_config.htm
@@ -70,7 +70,7 @@
          <select name="dfrank" id="dfrank" class="biz-input-sm">
            <?php
              $urank = $cuserLogin->getUserRank();
              $dsql->SetQuery("Select * from `#@__arcrank` where `rank`>=0 ");
              $dsql->SetQuery("SELECT * FROM `#@__arcrank` where `rank`>=0 ");
              $dsql->Execute();
              while($nrow = $dsql->GetArray())
              {
--- a/src/admin/templets/soft_edit.htm
+++ b/src/admin/templets/soft_edit.htm
@@ -78,7 +78,7 @@
              <td width="90">自定义属性：</td>
              <td>
              <?php
 		          $dsql->SetQuery("Select * From `#@__arcatt` order by sortid asc");
 		          $dsql->SetQuery("SELECT * FROM `#@__arcatt` order by sortid asc");
 		          $dsql->Execute();
 		          while($trow = $dsql->GetObject())
 		          {
@@ -311,7 +311,7 @@
              <td>
                <select name="daccess" id="daccess" class="biz-input-sm">
                <?php
                $dsql->SetQuery("Select * from `#@__arcrank` where `rank`>=0 ");
                $dsql->SetQuery("SELECT * FROM `#@__arcrank` where `rank`>=0 ");
                $dsql->Execute();
                while($row = $dsql->GetArray())
                {
--- a/src/admin/templets/spec_add.htm
+++ b/src/admin/templets/spec_add.htm
@@ -106,7 +106,7 @@
            <tr>
              <td width="90">自定义属性：</td>
              <td><?php
            	$dsql->SetQuery("Select * From `#@__arcatt` order by sortid asc");
            	$dsql->SetQuery("SELECT * FROM `#@__arcatt` order by sortid asc");
            	$dsql->Execute();
            	while($trow = $dsql->GetObject())
            	{
--- a/src/admin/templets/spec_edit.htm
+++ b/src/admin/templets/spec_edit.htm
@@ -104,7 +104,7 @@
              <td width="90">自定义属性：</td>
              <td>
                <?php
                $dsql->SetQuery("Select * From `#@__arcatt` order by sortid asc");
                $dsql->SetQuery("SELECT * FROM `#@__arcatt` order by sortid asc");
                $dsql->Execute();
                while($trow = $dsql->GetObject())
                {
--- a/src/admin/templets/stepselect_showajax.htm
+++ b/src/admin/templets/stepselect_showajax.htm
@@ -1,6 +1,6 @@
 <?php
 if ($action=='edit') {
 $arr = $dsql->GetOne("Select * from `#@__stepselect` where id='$id' ");
 $arr = $dsql->GetOne("SELECT * FROM `#@__stepselect` where id='$id' ");
 $sbjs = " onsubmit=\"alert('该分类是系统内置枚举，不允许修改'); return false;\" ";
 if ($arr['issystem']==0) $sbjs = '';
 ?>
@@ -30,7 +30,7 @@ if ($arr['issystem']==0) $sbjs = '';
 </form>
 <?php
 } else if ($action=='addenum') {
 $arr = $dsql->GetOne("Select * from `#@__stepselect` where id='$id' ");
 $arr = $dsql->GetOne("SELECT * FROM `#@__stepselect` where id='$id' ");
 $dsql->Execute('out',"Select evalue,ename from `#@__sys_enum` where egroup='{$arr['egroup']}' And (evalue mod 500)=0  order by disorder asc,evalue asc");
 $options = '';
 if ($arr['issign']==0)
@@ -58,8 +58,8 @@ if ($arr['issign']==0)
 </form>
 <?php
 } else if ($action=='view') {
 	$arr = $dsql->GetOne("Select * from `#@__stepselect` where id='$id' ");
 	$dsql->Execute('out',"Select * From `#@__sys_enum` where egroup like '{$arr['egroup']}' order by disorder asc, evalue asc");
 	$arr = $dsql->GetOne("SELECT * FROM `#@__stepselect` where id='$id' ");
 	$dsql->Execute('out',"SELECT * FROM `#@__sys_enum` where egroup like '{$arr['egroup']}' order by disorder asc, evalue asc");
 	$options = '';
  while($row1 = $dsql->GetArray('out')) 
  {
--- a/src/admin/templets/sys_admin_user_add.htm
+++ b/src/admin/templets/sys_admin_user_add.htm
@@ -66,7 +66,7 @@
              <td class="biz-td">
                <select name="usertype" class="biz-input-sm">
                <?php
      			  	$dsql->SetQuery("Select * from `#@__admintype` order by `rank` asc");
      			  	$dsql->SetQuery("SELECT * FROM `#@__admintype` order by `rank` asc");
      			  	$dsql->Execute("ut");
      			  	while($myrow = $dsql->GetObject("ut"))
      			  	{
--- a/src/admin/templets/sys_admin_user_edit.htm
+++ b/src/admin/templets/sys_admin_user_edit.htm
@@ -44,7 +44,7 @@
              <td class="biz-td">
                <select name="usertype" class="biz-input-sm">
                <?php
                $dsql->SetQuery("Select * from `#@__admintype` order by `rank` asc");
                $dsql->SetQuery("SELECT * FROM `#@__admintype` order by `rank` asc");
                $dsql->Execute("ut");
                while($myrow = $dsql->GetObject("ut"))
                {
--- a/src/admin/templets/sys_admin_user_tj.htm
+++ b/src/admin/templets/sys_admin_user_tj.htm
@@ -38,7 +38,7 @@
  <tr>
    <td>
    <?php
    $dsql->Execute('me', 'Select * From `#@__admin` order by id asc');
    $dsql->Execute('me', 'SELECT * FROM `#@__admin` order by id asc');
    while( $arr = $dsql->GetArray('me') )
    {
  	  echo "<div id='userct{$arr['id']}' class='userct'><p align='center'><img src='../static/web/img/loadinglit.gif'>正在加载</p></div><script>LoadUser({$arr['id']});</script>";
--- a/src/admin/templets/sys_group.htm
+++ b/src/admin/templets/sys_group.htm
@@ -31,7 +31,7 @@
        <td width="35%">管理</td>
      </tr>
      <?php
    	$dsql->SetQuery("Select `rank`,typename,`system` From #@__admintype");
    	$dsql->SetQuery("Select `rank`,typename,`system` From `#@__admintype`");
    	$dsql->Execute();
    	while($row = $dsql->GetObject())
    	{
--- a/src/admin/templets/sys_group_add.htm
+++ b/src/admin/templets/sys_group_add.htm
@@ -65,7 +65,7 @@
              <td colspan="2">
              <?php
              $l = 0;
              $dsql->SetQuery('Select plusname From #@__plus');
              $dsql->SetQuery('Select plusname From `#@__plus`');
              $dsql->Execute();
              while($row=$dsql->GetObject()){
               	echo " <label><input name='purviews[]' type='checkbox' id='purviews$k' value='plus_{$row->plusname}'> {$row->plusname}</label> ";
--- a/src/admin/templets/sys_group_edit.htm
+++ b/src/admin/templets/sys_group_edit.htm
@@ -74,7 +74,7 @@
                <td colspan="2">
                  <?php
                  $l = 0;
                  $dsql->SetQuery('SELECT plusname FROM #@__plus');
                  $dsql->SetQuery('SELECT plusname FROM `#@__plus`');
                  $dsql->Execute();
                  while($row=$dsql->GetObject()){
                   	echo " <label><input name='purviews[]' type='checkbox' id='purviews$k' value='plus_{$row->plusname}'".CRank("plus_{$row->plusname}")."> {$row->plusname}</label> ";
--- a/src/admin/templets/sys_info.htm
+++ b/src/admin/templets/sys_info.htm
@@ -157,7 +157,7 @@
 									<td width="260" class="border-top-0">变量名称</td>
 								</tr>
 								<?php
 								$dsql->SetQuery("Select * From `#@__sysconfig` where groupid='{$dls[0]}' order by aid asc");
 								$dsql->SetQuery("SELECT * FROM `#@__sysconfig` where groupid='{$dls[0]}' order by aid asc");
 								$dsql->Execute();
 								$i = 1;
 								while($row = $dsql->GetArray()) {
--- a/src/admin/vote_add.php
+++ b/src/admin/vote_add.php
@@ -26,7 +26,7 @@ if ($dopost == "save" && $isarc == 0) {
            $voteitems .= "<v:note id=\\'$j\\' count=\\'0\\'>".${"voteitem".$i}."</v:note>\r\n";
        }
    }
    $inQuery = "INSERT INTO `#@__vote`(votename,starttime,endtime,totalcount,ismore,votenote,isallow,view,spec,isenable) VALUES ('$votename','$starttime','$endtime','0','$ismore','$voteitems','$isallow','$view','$spec','$isenable'); ";
    $inQuery = "INSERT INTO `#@__vote` (votename,starttime,endtime,totalcount,ismore,votenote,isallow,view,spec,isenable) VALUES ('$votename','$starttime','$endtime','0','$ismore','$voteitems','$isallow','$view','$spec','$isenable'); ";
    if (!$dsql->ExecuteNoneQuery($inQuery)) {
        ShowMsg("增加投票失败，请检查数据是否非法", "-1");
        exit();
@@ -51,7 +51,7 @@ if ($dopost == "save" && $isarc == 0) {
            $voteitems .= "<v:note id=\\'$j\\' count=\\'0\\'>".${"voteitem".$i}."</v:note>\r\n";
        }
    }
    $inQuery = "INSERT INTO `#@__vote`(votename,starttime,endtime,totalcount,ismore,votenote,isallow,view,spec,isenable) VALUES ('$votename','$starttime','$endtime','0','$ismore','$voteitems','$isallow','$view','$spec','$isenable'); ";
    $inQuery = "INSERT INTO `#@__vote` (votename,starttime,endtime,totalcount,ismore,votenote,isallow,view,spec,isenable) VALUES ('$votename','$starttime','$endtime','0','$ismore','$voteitems','$isallow','$view','$spec','$isenable'); ";
    if (!$dsql->ExecuteNoneQuery($inQuery)) {
        ShowMsg("增加投票失败，请检查数据是否非法", "-1");
        exit();
--- a/src/apps/diy.php
+++ b/src/apps/diy.php
@@ -35,7 +35,7 @@ if ($action == 'post') {
                exit();
            }
        }
        $diyform = $dsql->getOne("SELECT * from `#@__diyforms` WHERE diyid='$diyid' ");
        $diyform = $dsql->getOne("SELECT * FROM `#@__diyforms` WHERE diyid='$diyid' ");
        if (!is_array($diyform)) {
            showmsg('自定义表单不存在', '-1');
            exit();
--- a/src/static/web/css/admin.css
+++ b/src/static/web/css/admin.css
@@ -514,6 +514,19 @@ span.page-link {
 	height:20px;
 	border-radius:.2rem
 }
 #browsehappy {
 	padding:20px 30px;
 	font-size:14px;
 	line-height:16px;
 	color:#856404;
 	background:#fff3cd;
 	border-radius:.25rem;
 	border:0
 }
 .browsehappy-close {
 	float:right;
 	cursor:pointer
 }
@media (min-width:576px) {
 	.modal-dialog {
 	max-width:520px
--- a/src/system/archive/specview.class.php
+++ b/src/system/archive/specview.class.php
@@ -117,7 +117,7 @@ class SpecView
            } else {
                $timesql = "";
            }
            $row = $this->dsql->GetOne("SELECT count(*) AS dd FROM #@__archives WHERE #@__archives.arcrank > -1 AND channel=-1 $timesql");
            $row = $this->dsql->GetOne("SELECT count(*) AS dd FROM `#@__archives` WHERE `#@__archives`.arcrank > -1 AND channel=-1 $timesql");
            if (is_array($row)) {
                $this->TotalResult = $row['dd'];
            } else {
--- a/src/system/archive/taglist.class.php
+++ b/src/system/archive/taglist.class.php
@@ -66,7 +66,7 @@ class TagList
        foreach ($GLOBALS['PubFields'] as $k => $v) $this->Fields[$k] = $v;
        //读取Tag信息
        if (!empty($this->Tag)) {
            $this->TagInfos = $this->dsql->GetOne("Select * From `#@__tagindex` where id = '{$this->Tag}' ");
            $this->TagInfos = $this->dsql->GetOne("SELECT * FROM `#@__tagindex` where id = '{$this->Tag}' ");
            if (!is_array($this->TagInfos)) {
                $msg = "系统无此标签，可能已经移除";
                ShowMsg($msg, "-1");
--- a/src/system/helpers/string.helper.php
+++ b/src/system/helpers/string.helper.php
@@ -195,7 +195,7 @@ if (!function_exists('GetPinyin')) {
    }
 }
 /**
 *  将实体html代码转换成标准html代码（兼容php4）
 *  将实体网页代码转换成标准网页代码（兼容php4）
 *
 * @access    public
 * @param     string  $str     字符串信息
--- a/src/system/taglib/channel.lib.php
+++ b/src/system/taglib/channel.lib.php
@@ -49,10 +49,10 @@ function lib_channel(&$ctag, &$refObj)
    if ($type == '' || $type == 'sun') $type = 'son';
    if ($innertext == '') $innertext = GetSysTemplets("channel_list.htm");
    if ($type == 'top') {
        $sql = "SELECT * From `#@__arctype` WHERE reid=0 And ishidden<>1 order by sortrank asc limit 0, $line ";
        $sql = "SELECT * FROM `#@__arctype` WHERE reid=0 And ishidden<>1 order by sortrank asc limit 0, $line ";
    } else if ($type == 'son') {
        if ($typeid == 0) return '';
        $sql = "SELECT * From `#@__arctype` WHERE reid='$typeid' And ishidden<>1 order by sortrank asc limit 0, $line ";
        $sql = "SELECT * FROM `#@__arctype` WHERE reid='$typeid' And ishidden<>1 order by sortrank asc limit 0, $line ";
    } else if ($type == 'self') {
        if ($reid == 0) return '';
        $sql = "SELECT * FROM `#@__arctype` WHERE reid='$reid' And ishidden<>1 order by sortrank asc limit 0, $line ";
--- a/src/system/taglib/help/vote.txt
+++ b/src/system/taglib/help/vote.txt
@@ -8,4 +8,4 @@ tablewidth='100%' 表格宽度
 titlebgcolor='#EDEDE2' 投票标题背景色
 titlebackground=''
 tablebg ='' 投票表格背景色
 为了更方便修改样式，建议在后台->辅助插件->投票管理，直接复制生成的HTML代码来使用
 为了更方便修改样式，建议在后台->辅助插件->投票管理，直接复制生成的网页代码来使用
--- a/src/theme/plus/car.htm
+++ b/src/theme/plus/car.htm
@@ -103,7 +103,7 @@
 			//Print Page
 			function printPage(oper) {
 				if (oper < 10) {
 					bdhtml = window.document.body.innerHTML; //获取当前页的html代码
 					bdhtml = window.document.body.innerHTML; //获取当前页的网页代码
 					sprnstr = "<!--startprint" + oper + "-->"; //设置打印开始区域
 					eprnstr = "<!--endprint" + oper + "-->"; //设置打印结束区域
 					prnhtml = bdhtml.substring(bdhtml.indexOf(sprnstr) + 18); //从开始代码向后取html
--- a/src/theme/plus/flink-add.htm
+++ b/src/theme/plus/flink-add.htm
@@ -52,7 +52,7 @@
 								<td>
 									<select name="typeid" id="typeid">
 									<?php
 									$dsql->SetQuery("select * from #@__flinktype");
 									$dsql->SetQuery("SELECT * FROM `#@__flinktype`");
 									$dsql->Execute();
 									while($row=$dsql->GetObject())
 									{
--- a/src/theme/plus/flink-list.htm
+++ b/src/theme/plus/flink-list.htm
@@ -28,7 +28,7 @@
 					<?php
 					$row = 180;
 					$titlelen = 50;
 					$dsql->SetQuery("Select * from `#@__flink` where ischeck>0 order by sortrank asc");
 					$dsql->SetQuery("SELECT * FROM `#@__flink` where ischeck>0 order by sortrank asc");
 					$dsql->Execute();
 					$revalue = "";
 					for($i=1;$i<=$row;$i++)
--- a/src/theme/plus/heightsearch.htm
+++ b/src/theme/plus/heightsearch.htm
@@ -50,7 +50,7 @@
 									<select name="channeltype" id="channeltype" class="form-control">
 										<option value="0" selected>不限</option>
 										<?php
 										$dsql->SetQuery("Select id,typename From #@__channeltype order by id desc");
 										$dsql->SetQuery("Select id,typename From `#@__channeltype` order by id desc");
 										$dsql->Execute();
 										while($row = $dsql->GetObject())
 										{
--- a/src/user/album_add.php
+++ b/src/user/album_add.php
@@ -56,7 +56,7 @@ function _SaveArticle(){  }
 ------------------------------*/
 else if ($dopost == 'save') {
    include(DEDEMEMBER.'/inc/archives_check.php');
    $cInfos = $dsql->GetOne("Select * From `#@__channeltype` WHERE id='$channelid'; ");
    $cInfos = $dsql->GetOne("SELECT * FROM `#@__channeltype` WHERE id='$channelid'; ");
    $maxwidth = isset($maxwidth) && is_numeric($maxwidth) ? $maxwidth : 800;
    $pagepicnum = isset($pagepicnum) && is_numeric($pagepicnum) ? $pagepicnum : 12;
    $ddmaxwidth = isset($ddmaxwidth) && is_numeric($ddmaxwidth) ? $ddmaxwidth : 200;
--- a/src/user/album_edit.php
+++ b/src/user/album_edit.php
@@ -57,7 +57,7 @@ if (empty($dopost)) {
 function _Save(){  }
 ------------------------------*/
 else if ($dopost == 'save') {
    $cInfos = $dsql->GetOne("Select * From `#@__channeltype` WHERE id='$channelid'; ");
    $cInfos = $dsql->GetOne("SELECT * FROM `#@__channeltype` WHERE id='$channelid'; ");
    $maxwidth = isset($maxwidth) && is_numeric($maxwidth) ? $maxwidth : 800;
    $pagepicnum = isset($pagepicnum) && is_numeric($pagepicnum) ? $pagepicnum : 12;
    $ddmaxwidth = isset($ddmaxwidth) && is_numeric($ddmaxwidth) ? $ddmaxwidth : 200;
--- a/src/user/archives_add.php
+++ b/src/user/archives_add.php
@@ -22,7 +22,7 @@ $menutype = 'content';
 function _ShowForm(){  }
 --------------*/
 if (empty($dopost)) {
    $cInfos = $dsql->GetOne("Select * From `#@__channeltype` WHERE id='$channelid'; ");
    $cInfos = $dsql->GetOne("SELECT * FROM `#@__channeltype` WHERE id='$channelid'; ");
    if (!is_array($cInfos)) {
        ShowMsg('模型不存在', '-1');
        exit();
--- a/src/user/article_edit.php
+++ b/src/user/article_edit.php
@@ -74,16 +74,7 @@ else if ($dopost == 'save') {
    $body = AnalyseHtmlBody($body, $description);
    $body = HtmlReplace($body, -1);
    //更新数据库的SQL语句
    $upQuery = "UPDATE `#@__archives` SET
             ismake='$ismake',
             arcrank='$arcrank',
             typeid='$typeid',
             title='$title',
             description='$description',
             mtype = '$mtypesid',
             keywords='$keywords',            
             flag='$flag'
     WHERE id='$aid' AND mid='$mid'; ";
    $upQuery = "UPDATE `#@__archives` SET ismake='$ismake',arcrank='$arcrank',typeid='$typeid',title='$title',description='$description',mtype='$mtypesid',keywords='$keywords',flag='$flag' WHERE id='$aid' AND mid='$mid'; ";
    if (!$dsql->ExecuteNoneQuery($upQuery)) {
        ShowMsg("数据保存到数据库主表`#@__archives`时出错，请联系管理员".$dsql->GetError(), "-1");
        exit();
--- a/src/user/buy_action.php
+++ b/src/user/buy_action.php
@@ -54,7 +54,7 @@ if ($product == 'member') {
    $price = $row['money'];
 } else if ($product == 'card') {
    $ptype = "点卡购买";
    $row = $dsql->GetOne("SELECT * From `#@__moneycard_type` WHERE tid='{$pid}'");
    $row = $dsql->GetOne("SELECT * FROM `#@__moneycard_type` WHERE tid='{$pid}'");
    if (!is_array($row)) {
        ShowMsg("无法识别您的订单", 'javascript:;');
        exit();
--- a/src/user/config.php
+++ b/src/user/config.php
@@ -209,9 +209,9 @@ function countArchives($channelid)
        } else {
            $_field = 'articles';
        }
        $row = $dsql->GetOne("SELECT COUNT(*) AS nums FROM #@__archives WHERE channel='$id' AND mid='".$cfg_ml->M_ID."'");
        $row = $dsql->GetOne("SELECT COUNT(*) AS nums FROM `#@__archives` WHERE channel='$id' AND mid='".$cfg_ml->M_ID."'");
        $dsql->ExecuteNoneQuery("UPDATE #@__member_tj SET ".$_field."='".$row['nums']."' WHERE mid='".$cfg_ml->M_ID."'");
        $dsql->ExecuteNoneQuery("UPDATE `#@__member_tj` SET ".$_field."='".$row['nums']."' WHERE mid='".$cfg_ml->M_ID."'");
    } else {
        return FALSE;
    }
--- a/src/user/content_list.php
+++ b/src/user/content_list.php
@@ -37,7 +37,7 @@ if ($cInfos['usertype'] != '' && $cInfos['usertype'] != $cfg_ml->M_MbType) {
    exit();
 }
 if ($cid == 0) {
    $row = $tl->dsql->GetOne("Select typename From #@__channeltype where id='$channelid'");
    $row = $tl->dsql->GetOne("SELECT typename FROM `#@__channeltype` WHERE id='$channelid'");
    if (is_array($row)) {
        $positionname = $row['typename'];
    }