Discuz插件PHP代码问题

代码如下： <?php if(!defined('IN_DISCUZ')) { exit('Access Denied'); } $var=$_G['cache']['plugin']['lwn_downcs_dzx']; loadcache('usergroups'); $notice=nl2br($var['notice']); $cpadmin=unserialize($var['apigroup']); $navtitle=$var['pluginame']; if(!$var['open'] && $_G['adminid'] != 1) showmessage($var[closemsg], "index.php"); $action = empty($_G['gp_action']) ? '' : $_G['gp_action']; $aid=$_G['gp_aid']; $name=$_G['gp_name']; $version=$_G['gp_version']; $url=$_G['gp_url']; $time=$_G['gp_time']; $thumb=$_G['gp_thumb']; $description=$_G['gp_description']; $charset=$_G['gp_charset']; $greenplugin=$_G['gp_greenplugin']; if($action=='add'){ $act='add'; }elseif($action=='edit'){ $act='edit'; } if($action=='add' && submitcheck('addsubmit')){ if (!in_array($_G['groupid'], $cpadmin)){ showmessage('lwn_downcs_dzx:not_allow','index.php'); } $sql=DB::query("INSERT INTO `".DB::table('lwn_downcs_dzx')."` (`name`, `version`, `url`, `time`, `thumb`, `description`, `charset`, `greenplugin`, `uid`) VALUES ('$name', '$version', '$url', '$time', '$thumb', '$description', '$charset', '$greenplugin', '$_G[uid]');"); if($sql){ showmessage('lwn_downcs_dzx:add_sus','plugin.php?id=lwn_downcs_dzx:api'); }else{ showmessage('lwn_downcs_dzx:add_err','plugin.php?id=lwn_downcs_dzx:api'); } }elseif($action=='edit'){ $ed = DB::fetch_first("select * from ".DB::table('lwn_downcs_dzx')." where id='$aid'"); if($_G['adminid'] != 1 && $ed['uid'] != $_G['uid']){ showmessage('lwn_downcs_dzx:not_allow', 'index.php'); } if($action=='edit' && submitcheck('addsubmit')){ DB::query("UPDATE ".DB::table('lwn_downcs_dzx')." SET name='$name',version='$version',url='$url',time='$time',thumb='$thumb',description='$description',charset='$charset',greenplugin='$greenplugin' WHERE id='$aid'"); showmessage('lwn_downcs_dzx:edit_sus','plugin.php?id=lwn_downcs_dzx:api'); } } elseif($action=='del'){ $ed = DB::fetch_first("select * from ".DB::table('lwn_downcs_dzx')." where id='$aid'"); if($_G['adminid'] != 1 && $ed['uid'] != $_G['uid']){ showmessage('lwn_downcs_dzx:not_allow', 'index.php'); } DB::query("DELETE FROM ".DB::table('lwn_downcs_dzx')." WHERE id='$aid'"); showmessage('lwn_downcs_dzx:del_sus','plugin.php?id=lwn_downcs_dzx:api'); }else{ $perpage = $var[nums]; $n = DB::query("select id,name,version,url,description,uid from ".DB::table('lwn_downcs_dzx')); $hnum = DB::num_rows($n); $page = max(1, $_G['gp_page']); $start = ($page-1)*$perpage; $hquery = DB::query("select id,name,version,url,description,uid from ".DB::table('lwn_downcs_dzx')." ORDER BY id DESC limit $start,$perpage"); while($hresult = DB::fetch($hquery)){ $hlist[] = $hresult; } $multi = multi($hnum, $perpage, $page, "plugin.php?id=lwn_downcs_dzx:api"); } include template('lwn_downcs_dzx:api'); ?> 安全问题，求救。

答案：LZ是准备参加Discuz!的插件比赛吧？

基本没什么大问题，不过要注意下代码格式的规范。

if($action=='add'){
$act='add';
}elseif($action=='edit'){
$act='edit';
}

为什么不直接写成：$act = $action; 呢？

其他：我觉得没有什么问题...但只代表个人看法