fleat:update htmlspecialchars

conn.php

@@ -9,7 +9,7 @@ $conn = new mysqli("127.0.0.1", "crm", "Qweasdzxc", "crm");
 if ($conn->connect_error) {
     die("Connection failed: " . $conn->connect_error);
 }
-$conn->set_charset("utf8");
+$conn->set_charset("utf8mb4");
 
 // 检查登录
 function checkLogin() {
@@ -25,7 +25,7 @@ function getIp() {
     if (strlen($ip) > 15) {
         $ip = "UnKnow";
     }
-    return htmlspecialchars($ip);
+    return htmlspecialcharsFix($ip);
 }
 
 // 移除HTML
@@ -301,4 +301,10 @@ function sitelink_replace($t0, $t1, $t2, $t3) {
 
     return $t4;
 }
-?>
+
+//处理特殊字符
+function htmlspecialcharsFix($input_str)
+{
+    return $input_str;
+}
+

customerAdd.php

@@ -178,7 +178,7 @@ checkLogin();
                             $result = $stmt->get_result();
                             
                             while ($row = $result->fetch_assoc()) {
-                                echo "<i class=\"tag\">" . htmlspecialchars(textUncode($row['tagName'])) . "</i>,";
+                                echo "<i class=\"tag\">" . htmlspecialcharsFix(textUncode($row['tagName'])) . "</i>,";
                             }
                             ?>
                         </div>

customerEdit.php

@@ -97,7 +97,7 @@ if (!empty($id) && is_numeric($id)) {
                 <tr>
                     <th width="8%">客户编号</th>
                     <td>
-                        <input type="text" id="cs_code" name="cs_code" value="<?= htmlspecialchars($customer['cs_code']) ?>" 
+                        <input type="text" id="cs_code" name="cs_code" value="<?= htmlspecialcharsFix($customer['cs_code']) ?>" 
                             <?= !empty($customer['cs_claimFrom']) ? 'readonly' : '' ?> class="txt1" />
                         <input type="hidden" name="id" value="<?= $id ?>" />
                         <input type="hidden" name="cs_addtime" value="<?= $customer['cs_addtime'] ?>" />
@@ -106,11 +106,11 @@ if (!empty($id) && is_numeric($id)) {
                 </tr>
                 <tr>
                     <th width="8%">公司名称</th>
-                    <td><input type="text" id="cs_company" name="cs_company" value="<?= htmlspecialchars($customer['cs_company']) ?>" class="txt1" /></td>
+                    <td><input type="text" id="cs_company" name="cs_company" value="<?= htmlspecialcharsFix($customer['cs_company']) ?>" class="txt1" /></td>
                 </tr>
                 <tr>
                     <th width="8%">联系人</th>
-                    <td><input type="text" id="cs_name" name="cs_name" value="<?= htmlspecialchars($customer['cs_name']) ?>" class="txt1" /></td>
+                    <td><input type="text" id="cs_name" name="cs_name" value="<?= htmlspecialcharsFix($customer['cs_name']) ?>" class="txt1" /></td>
                 </tr>
                 <tr>
                     <th width="8%">地区</th>
@@ -125,7 +125,7 @@ if (!empty($id) && is_numeric($id)) {
                                     $countryResult = $stmt->get_result();
                                     if ($countryRow = $countryResult->fetch_assoc()) {
                                         $countryId = $countryRow['id'];
-                                        echo htmlspecialchars($countryRow['countryName']);
+                                        echo htmlspecialcharsFix($countryRow['countryName']);
                                     } else {
                                         echo "请选择";
                                     }
@@ -167,29 +167,29 @@ if (!empty($id) && is_numeric($id)) {
                 </tr>
                 <tr>
                     <th rowspan="7">联系方式</th>
-                    <td><input type="text" id="cs_tel" name="cs_tel" value="<?= htmlspecialchars($customer['cs_tel']) ?>" class="txt1 tel" placeholder="电话格式:区号+号码 如:+86 15012345678" /></td>
+                    <td><input type="text" id="cs_tel" name="cs_tel" value="<?= htmlspecialcharsFix($customer['cs_tel']) ?>" class="txt1 tel" placeholder="电话格式:区号+号码 如:+86 15012345678" /></td>
                 </tr>
                 <tr>
-                    <td><input type="text" id="cs_wechat" name="cs_wechat" value="<?= htmlspecialchars($customer['cs_wechat']) ?>" class="txt1 wechat" placeholder="微信"/></td>
+                    <td><input type="text" id="cs_wechat" name="cs_wechat" value="<?= htmlspecialcharsFix($customer['cs_wechat']) ?>" class="txt1 wechat" placeholder="微信"/></td>
                 </tr>
                 <tr>
-                    <td><input type="text" id="cs_whatsapp" name="cs_whatsapp" value="<?= htmlspecialchars($customer['cs_whatsapp']) ?>" class="txt1 whatsapp" placeholder="Whatsapp 格式:区号+号码 如:+86 15012345678"/></td>
+                    <td><input type="text" id="cs_whatsapp" name="cs_whatsapp" value="<?= htmlspecialcharsFix($customer['cs_whatsapp']) ?>" class="txt1 whatsapp" placeholder="Whatsapp 格式:区号+号码 如:+86 15012345678"/></td>
                 </tr>
                 <tr>
-                    <td><input type="text" id="cs_email" name="cs_email" value="<?= htmlspecialchars($customer['cs_email']) ?>" class="txt1 mail" placeholder="邮件" /></td>
+                    <td><input type="text" id="cs_email" name="cs_email" value="<?= htmlspecialcharsFix($customer['cs_email']) ?>" class="txt1 mail" placeholder="邮件" /></td>
                 </tr>
                 <tr>
-                    <td><input type="text" id="cs_linkedin" name="cs_linkedin" value="<?= htmlspecialchars($customer['cs_linkedin']) ?>" class="txt1 linkedin" placeholder="领英链接"/></td>
+                    <td><input type="text" id="cs_linkedin" name="cs_linkedin" value="<?= htmlspecialcharsFix($customer['cs_linkedin']) ?>" class="txt1 linkedin" placeholder="领英链接"/></td>
                 </tr>
                 <tr>
-                    <td><input type="text" id="cs_facebook" name="cs_facebook" value="<?= htmlspecialchars($customer['cs_facebook']) ?>" class="txt1 facebook" placeholder="Facebook" /></td>
+                    <td><input type="text" id="cs_facebook" name="cs_facebook" value="<?= htmlspecialcharsFix($customer['cs_facebook']) ?>" class="txt1 facebook" placeholder="Facebook" /></td>
                 </tr>
                 <tr>
-                    <td><input type="text" id="cs_alibaba" name="cs_alibaba" value="<?= htmlspecialchars($customer['cs_alibaba']) ?>" class="txt1 alibaba" placeholder="alibaba" /></td>
+                    <td><input type="text" id="cs_alibaba" name="cs_alibaba" value="<?= htmlspecialcharsFix($customer['cs_alibaba']) ?>" class="txt1 alibaba" placeholder="alibaba" /></td>
                 </tr>
                 <tr>
                     <th width="8%">地址</th>
-                    <td><input type="text" id="cs_address" name="cs_address" value="<?= htmlspecialchars($customer['cs_address']) ?>" class="txt1" /></td>
+                    <td><input type="text" id="cs_address" name="cs_address" value="<?= htmlspecialcharsFix($customer['cs_address']) ?>" class="txt1" /></td>
                 </tr>
                 <tr>
                     <th>业务类型</th>
@@ -242,7 +242,7 @@ if (!empty($id) && is_numeric($id)) {
                             $stmt->execute();
                             $result = $stmt->get_result();
                             while ($row = $result->fetch_assoc()) {
-                                echo "<span>" . htmlspecialchars($row['tagName']) . "</span>";
+                                echo "<span>" . htmlspecialcharsFix($row['tagName']) . "</span>";
                             }
                             ?>
                         </div>
@@ -259,7 +259,7 @@ if (!empty($id) && is_numeric($id)) {
                             $stmt->execute();
                             $result = $stmt->get_result();
                             while ($row = $result->fetch_assoc()) {
-                                echo "<i class=\"tag\">" . htmlspecialchars(textUncode($row['tagName'])) . "</i>,";
+                                echo "<i class=\"tag\">" . htmlspecialcharsFix(textUncode($row['tagName'])) . "</i>,";
                             }
                             ?>
                         </div>
@@ -269,7 +269,7 @@ if (!empty($id) && is_numeric($id)) {
                 </tr>
                 <tr>
                     <th width="8%">备注</th>
-                    <td><textarea name="cs_note" class="txt2"><?= htmlspecialchars($customer['cs_note']) ?></textarea></td>
+                    <td><textarea name="cs_note" class="txt2"><?= htmlspecialcharsFix($customer['cs_note']) ?></textarea></td>
                 </tr>
                 <tr>
                     <th></th>

customerView.php

@@ -62,15 +62,15 @@ if (!empty($id) && is_numeric($id)) {
         <tbody>
             <tr>
                 <th width="8%">客户编号</th>
-                <td><?= htmlspecialchars($cs_code) ?></td>
+                <td><?= htmlspecialcharsFix($cs_code) ?></td>
             </tr>
             <tr>
                 <th width="8%">公司名称</th>
-                <td><?= htmlspecialchars($cs_company) ?></td>
+                <td><?= htmlspecialcharsFix($cs_company) ?></td>
             </tr>
             <tr>
                 <th width="8%">联系人</th>
-                <td><?= htmlspecialchars($cs_name) ?></td>
+                <td><?= htmlspecialcharsFix($cs_name) ?></td>
             </tr>
             <tr>
                 <th width="8%">地区</th>
@@ -79,8 +79,8 @@ if (!empty($id) && is_numeric($id)) {
                     $countryResult = $conn->query("SELECT countryCode, countryName FROM country WHERE countryCode='" . 
                                                 $conn->real_escape_string($cs_country) . "'");
                     if ($countryRow = $countryResult->fetch_assoc()) {
-                        echo "(+" . htmlspecialchars($countryRow['countryCode']) . ")" . 
-                             htmlspecialchars($countryRow['countryName']);
+                        echo "(+" . htmlspecialcharsFix($countryRow['countryCode']) . ")" . 
+                             htmlspecialcharsFix($countryRow['countryName']);
                     }
                     ?>
                 </td>
@@ -91,36 +91,36 @@ if (!empty($id) && is_numeric($id)) {
                     <?php
                     $qudaoResult = $conn->query("SELECT id, ch_name FROM qudao WHERE id=" . (int)$cs_from);
                     if ($qudaoRow = $qudaoResult->fetch_assoc()) {
-                        echo htmlspecialchars($qudaoRow['ch_name']);
+                        echo htmlspecialcharsFix($qudaoRow['ch_name']);
                     }
                     ?>
                 </td>
             </tr>
             <tr>
                 <th rowspan="7">联系方式</th>
-                <td><?= htmlspecialchars($cs_tel) ?></td>
+                <td><?= htmlspecialcharsFix($cs_tel) ?></td>
             </tr>
             <tr>
-                <td><span class="wechat"><?= htmlspecialchars($cs_wechat) ?></span></td>
+                <td><span class="wechat"><?= htmlspecialcharsFix($cs_wechat) ?></span></td>
             </tr>
             <tr>
-                <td><span class="whatsapp"><?= htmlspecialchars($cs_whatsapp) ?></span></td>
+                <td><span class="whatsapp"><?= htmlspecialcharsFix($cs_whatsapp) ?></span></td>
             </tr>
             <tr>
-                <td><span class="mail"><?= htmlspecialchars($cs_email) ?></span></td>
+                <td><span class="mail"><?= htmlspecialcharsFix($cs_email) ?></span></td>
             </tr>
             <tr>
-                <td><span class="linkedin"><?= htmlspecialchars($cs_linkedin) ?></span></td>
+                <td><span class="linkedin"><?= htmlspecialcharsFix($cs_linkedin) ?></span></td>
             </tr>
             <tr>
-                <td><span class="facebook"><?= htmlspecialchars($cs_facebook) ?></span></td>
+                <td><span class="facebook"><?= htmlspecialcharsFix($cs_facebook) ?></span></td>
             </tr>
             <tr>
-                <td><span class="alibaba"><?= htmlspecialchars($cs_alibaba) ?></span></td>
+                <td><span class="alibaba"><?= htmlspecialcharsFix($cs_alibaba) ?></span></td>
             </tr>
             <tr>
                 <th width="8%">地址</th>
-                <td><?= htmlspecialchars($cs_address) ?></td>
+                <td><?= htmlspecialcharsFix($cs_address) ?></td>
             </tr>
             <tr>
                 <th>是否成交</th>

customers.php

@@ -508,7 +508,7 @@ $hrefstr = "?keys=" . $keys;
                 echo '<tr><div align="center" colspan="9">Sorry，当前暂无信息</div></tr>';
             } else {
                 echo '<tr><div align="center" colspan="9"><a href="?">Sorry，没有找到"' . 
-                     htmlspecialchars($keyscode) . '"相关的信息，点击返回</a></div></tr>';
+                     htmlspecialcharsFix($keyscode) . '"相关的信息，点击返回</a></div></tr>';
             }
         }
         ?>

customersFollow.php

@@ -234,23 +234,23 @@ if ($result && $result->num_rows > 0) {
         <div class="tline color<?= $row['colortag'] ?>">
             <div class="col1" align="center"><input type="checkbox" name="chkbox[]" value="<?= $row['id'] ?>" /></div>
             <div class="col2"><?= $tempNum ?></div>
-            <div class="col3 slidepanel"><?= htmlspecialchars($row['cs_code']) ?></div>
+            <div class="col3 slidepanel"><?= htmlspecialcharsFix($row['cs_code']) ?></div>
             <div class="col4">
                 <?php
                 $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未填写';
+                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未填写';
                 ?>
             </div>
             <div class="col5">
                 <?php
                 $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未填写';
+                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未填写';
                 ?>
             </div>
             <div class="col6">
                 <?php
                 $typeResult = $conn->query("SELECT businessType FROM clientType WHERE id=" . (int)$row['cs_type']);
-                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialchars($typeRow['businessType']) : '未填写';
+                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialcharsFix($typeRow['businessType']) : '未填写';
                 ?>
             </div>
             <div class="col6">
@@ -282,17 +282,17 @@ if ($result && $result->num_rows > 0) {
         <div class="notepanel clear">
             <div class="noteItem">联系方式</div>
             <div class="lx">
-                <div class="tel"><?= htmlspecialchars($row['cs_tel']) ?></div>
+                <div class="tel"><?= htmlspecialcharsFix($row['cs_tel']) ?></div>
                 <div class="mail">
-                    <a href="mailto:<?= htmlspecialchars($row['cs_email']) ?>">
-                        <?= htmlspecialchars($row['cs_email']) ?>
+                    <a href="mailto:<?= htmlspecialcharsFix($row['cs_email']) ?>">
+                        <?= htmlspecialcharsFix($row['cs_email']) ?>
                     </a>
                 </div>
-                <div class="whatapp"><?= htmlspecialchars($row['cs_whatsapp']) ?></div>
-                <div class="wechat"><?= htmlspecialchars($row['cs_wechat']) ?></div>
-                <div class="linkedin"><?= htmlspecialchars($row['cs_linkedin']) ?></div>
-                <div class="facebook"><?= htmlspecialchars($row['cs_facebook']) ?></div>
-                <div class="alibaba"><?= htmlspecialchars($row['cs_alibaba']) ?></div>
+                <div class="whatapp"><?= htmlspecialcharsFix($row['cs_whatsapp']) ?></div>
+                <div class="wechat"><?= htmlspecialcharsFix($row['cs_wechat']) ?></div>
+                <div class="linkedin"><?= htmlspecialcharsFix($row['cs_linkedin']) ?></div>
+                <div class="facebook"><?= htmlspecialcharsFix($row['cs_facebook']) ?></div>
+                <div class="alibaba"><?= htmlspecialcharsFix($row['cs_alibaba']) ?></div>
             </div>
             <div class="noteItem2">备注</div>
             <div class="notecontent"><?= htmlUnCode($row['cs_note']) ?></div>
@@ -310,7 +310,7 @@ if ($result && $result->num_rows > 0) {
 ?>
         <tr>
             <div align="center" colspan="9">
-                <a href="?">Sorry，没有找到"<?= htmlspecialchars($keyscode) ?>"相关的信息，点击返回</a>
+                <a href="?">Sorry，没有找到"<?= htmlspecialcharsFix($keyscode) ?>"相关的信息，点击返回</a>
             </div>
         </tr>
 <?php

customersNew.php

@@ -236,23 +236,23 @@ if ($result && $result->num_rows > 0) {
         <div class="tline color<?= $row['colorTag'] ?>">
             <div class="col1" align="center"><input type="checkbox" name="chkbox[]" value="<?= $row['id'] ?>" /></div>
             <div class="col2"><?= $tempNum ?></div>
-            <div class="col3 slidepanel"><?= htmlspecialchars($row['cs_code']) ?></div>
+            <div class="col3 slidepanel"><?= htmlspecialcharsFix($row['cs_code']) ?></div>
             <div class="col4">
                 <?php
                 $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未填写';
+                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未填写';
                 ?>
             </div>
             <div class="col5">
                 <?php
                 $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未填写';
+                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未填写';
                 ?>
             </div>
             <div class="col6">
                 <?php
                 $typeResult = $conn->query("SELECT businessType FROM clientType WHERE id=" . (int)$row['cs_type']);
-                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialchars($typeRow['businessType']) : '未填写';
+                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialcharsFix($typeRow['businessType']) : '未填写';
                 ?>
             </div>
             <div class="col6">
@@ -286,17 +286,17 @@ if ($result && $result->num_rows > 0) {
         <div class="notepanel clear">
             <div class="noteItem">联系方式</div>
             <div class="lx">
-                <div class="tel"><?= htmlspecialchars($row['cs_tel']) ?></div>
+                <div class="tel"><?= htmlspecialcharsFix($row['cs_tel']) ?></div>
                 <div class="mail">
-                    <a href="mailto:<?= htmlspecialchars($row['cs_email']) ?>">
-                        <?= htmlspecialchars($row['cs_email']) ?>
+                    <a href="mailto:<?= htmlspecialcharsFix($row['cs_email']) ?>">
+                        <?= htmlspecialcharsFix($row['cs_email']) ?>
                     </a>
                 </div>
-                <div class="whatsapp"><?= htmlspecialchars($row['cs_whatsapp']) ?></div>
-                <div class="wechat"><?= htmlspecialchars($row['cs_wechat']) ?></div>
-                <div class="linkedin"><?= htmlspecialchars($row['cs_linkedin']) ?></div>
-                <div class="facebook"><?= htmlspecialchars($row['cs_facebook']) ?></div>
-                <div class="alibaba"><?= htmlspecialchars($row['cs_alibaba']) ?></div>
+                <div class="whatsapp"><?= htmlspecialcharsFix($row['cs_whatsapp']) ?></div>
+                <div class="wechat"><?= htmlspecialcharsFix($row['cs_wechat']) ?></div>
+                <div class="linkedin"><?= htmlspecialcharsFix($row['cs_linkedin']) ?></div>
+                <div class="facebook"><?= htmlspecialcharsFix($row['cs_facebook']) ?></div>
+                <div class="alibaba"><?= htmlspecialcharsFix($row['cs_alibaba']) ?></div>
             </div>
             <div class="noteItem2">备注</div>
             <div class="notecontent"><?= htmlUnCode($row['cs_note']) ?></div>
@@ -314,7 +314,7 @@ if ($result && $result->num_rows > 0) {
 ?>
         <tr>
             <div align="center" colspan="9">
-                <a href="?">Sorry，没有找到"<?= htmlspecialchars($keyscode) ?>"相关的信息，点击返回</a>
+                <a href="?">Sorry，没有找到"<?= htmlspecialcharsFix($keyscode) ?>"相关的信息，点击返回</a>
             </div>
         </tr>
 <?php

highSeas.php

@@ -189,23 +189,23 @@ if ($result && $result->num_rows > 0) {
 ?>
         <div class="tline">
             <div class="col9"><?= $tempNum ?></div>
-            <div class="col3 slidepanel"><?= htmlspecialchars($row['cs_code']) ?></div>
+            <div class="col3 slidepanel"><?= htmlspecialcharsFix($row['cs_code']) ?></div>
             <div class="col4">
                 <?php
                 $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未填写';
+                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未填写';
                 ?>
             </div>
             <div class="col5">
                 <?php
                 $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未填写';
+                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未填写';
                 ?>
             </div>
             <div class="col6">
                 <?php
                 $typeResult = $conn->query("SELECT businessType FROM clientType WHERE id=" . (int)$row['cs_type']);
-                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialchars($typeRow['businessType']) : '未填写';
+                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialcharsFix($typeRow['businessType']) : '未填写';
                 ?>
             </div>
             <div class="col6">
@@ -237,7 +237,7 @@ if ($result && $result->num_rows > 0) {
 ?>
         <tr>
             <div align="center" colspan="8">
-                <a href="?">Sorry，没有找到"<?= htmlspecialchars($keyscode) ?>"相关的信息，点击返回</a>
+                <a href="?">Sorry，没有找到"<?= htmlspecialcharsFix($keyscode) ?>"相关的信息，点击返回</a>
             </div>
         </tr>
 <?php

nullTag.php

@@ -5,7 +5,7 @@ checkLogin();
 $tagStr = "";
 $result = $conn->query("SELECT DISTINCT tagName FROM tagTable WHERE employeeId=" . $_SESSION['employee_id']);
 while ($row = $result->fetch_assoc()) {
-    $tagStr .= "<span>" . htmlspecialchars($row['tagName']) . "</span>,";
+    $tagStr .= "<span>" . htmlspecialcharsFix($row['tagName']) . "</span>,";
 }
 ?>
 <!DOCTYPE html>
@@ -62,23 +62,23 @@ while ($row = $result->fetch_assoc()) {
 ?>
         <div class="tline">
             <div class="col2"><?= $tempNum ?></div>
-            <div class="col3 slidepanel"><?= htmlspecialchars($row['cs_code']) ?></div>
+            <div class="col3 slidepanel"><?= htmlspecialcharsFix($row['cs_code']) ?></div>
             <div class="col4">
                 <?php
                 $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未填写';
+                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未填写';
                 ?>
             </div>
             <div class="col5">
                 <?php
                 $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未填写';
+                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未填写';
                 ?>
             </div>
             <div class="col6">
                 <?php
                 $typeResult = $conn->query("SELECT businessType FROM clientType WHERE id=" . (int)$row['cs_type']);
-                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialchars($typeRow['businessType']) : '未填写';
+                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialcharsFix($typeRow['businessType']) : '未填写';
                 ?>
             </div>
             <div class="col7">
@@ -100,13 +100,13 @@ while ($row = $result->fetch_assoc()) {
         <div class="notepanel clear">
             <div class="noteItem">联系方式</div>
             <div class="lx">
-                <div class="tel"><?= htmlspecialchars($row['cs_tel']) ?></div>
-                <div class="mail"><a href="mailto:<?= htmlspecialchars($row['cs_email']) ?>"><?= htmlspecialchars($row['cs_email']) ?></a></div>
-                <div class="whatsapp"><?= htmlspecialchars($row['cs_whatsapp']) ?></div>
-                <div class="wechat"><?= htmlspecialchars($row['cs_wechat']) ?></div>
-                <div class="linkedin"><?= htmlspecialchars($row['cs_linkedin']) ?></div>
-                <div class="facebook"><?= htmlspecialchars($row['cs_facebook']) ?></div>
-                <div class="alibaba"><?= htmlspecialchars($row['cs_alibaba']) ?></div>
+                <div class="tel"><?= htmlspecialcharsFix($row['cs_tel']) ?></div>
+                <div class="mail"><a href="mailto:<?= htmlspecialcharsFix($row['cs_email']) ?>"><?= htmlspecialcharsFix($row['cs_email']) ?></a></div>
+                <div class="whatsapp"><?= htmlspecialcharsFix($row['cs_whatsapp']) ?></div>
+                <div class="wechat"><?= htmlspecialcharsFix($row['cs_wechat']) ?></div>
+                <div class="linkedin"><?= htmlspecialcharsFix($row['cs_linkedin']) ?></div>
+                <div class="facebook"><?= htmlspecialcharsFix($row['cs_facebook']) ?></div>
+                <div class="alibaba"><?= htmlspecialcharsFix($row['cs_alibaba']) ?></div>
             </div>
             <div class="noteItem2">备注</div>
             <div class="notecontent"><?= htmlUnCode($row['cs_note']) ?></div>

pwdEdit.php

@@ -95,11 +95,11 @@ $em_email = $row['em_email'] ?? '';
             <tbody>
                 <tr>
                     <th width="8%">电话：</th>
-                    <td><input type="text" id="em_tel" name="em_tel" value="<?= htmlspecialchars($em_tel) ?>" class="txt1" /></td>
+                    <td><input type="text" id="em_tel" name="em_tel" value="<?= htmlspecialcharsFix($em_tel) ?>" class="txt1" /></td>
                 </tr>
                 <tr>
                     <th width="8%">邮箱：</th>
-                    <td><input type="text" id="em_email" name="em_email" value="<?= htmlspecialchars($em_email) ?>" class="txt1" /></td>
+                    <td><input type="text" id="em_email" name="em_email" value="<?= htmlspecialcharsFix($em_email) ?>" class="txt1" /></td>
                 </tr>
                 <tr>
                     <th width="8%">原始密码：</th>

quantitySearch.php

@@ -14,7 +14,7 @@ if ($row = $result->fetch_assoc()) {
     $moq = $row['moq'] ?? '无数量限制';
     $tips = textUnCode($row['tips']);
     
-    $str = "<td>" . htmlspecialchars($productname) . "</td><td><img src=\"" . htmlspecialchars($productImg) . "\"></td><td>" . htmlspecialchars($moq) . "</td>";
+    $str = "<td>" . htmlspecialcharsFix($productname) . "</td><td><img src=\"" . htmlspecialcharsFix($productImg) . "\"></td><td>" . htmlspecialcharsFix($moq) . "</td>";
 }
 
 // Check if product can be sold in the region
@@ -34,11 +34,11 @@ if ($row = $result->fetch_assoc()) {
     if ($result->num_rows > 0) {
         $str .= "<td><ul>";
         while ($row = $result->fetch_assoc()) {
-            $str .= "<li>订单数量:≥" . htmlspecialchars($row['num']) . 
-                   "<span class=\"unit\">" . htmlspecialchars($unit) . "</span>" .
-                   "<span class=\"price\">" . htmlspecialchars($row['price']) . "</span>RMB</li>";
+            $str .= "<li>订单数量:≥" . htmlspecialcharsFix($row['num']) . 
+                   "<span class=\"unit\">" . htmlspecialcharsFix($unit) . "</span>" .
+                   "<span class=\"price\">" . htmlspecialcharsFix($row['price']) . "</span>RMB</li>";
         }
-        $str .= "</ul></td><td>" . htmlspecialchars($tips) . "</td>";
+        $str .= "</ul></td><td>" . htmlspecialcharsFix($tips) . "</td>";
     } else {
         // Get default price information
         $result = $conn->query("SELECT DISTINCT num, price FROM price 
@@ -46,11 +46,11 @@ if ($row = $result->fetch_assoc()) {
                                ORDER BY num ASC");
         $str .= "<td><ul>";
         while ($row = $result->fetch_assoc()) {
-            $str .= "<li>订单数量:≥" . htmlspecialchars($row['num']) . 
-                   "<span class=\"unit\">" . htmlspecialchars($unit) . "</span>" .
-                   "<span class=\"price\">" . htmlspecialchars($row['price']) . "</span>RMB</li>";
+            $str .= "<li>订单数量:≥" . htmlspecialcharsFix($row['num']) . 
+                   "<span class=\"unit\">" . htmlspecialcharsFix($unit) . "</span>" .
+                   "<span class=\"price\">" . htmlspecialcharsFix($row['price']) . "</span>RMB</li>";
         }
-        $str .= "</ul></td><td>" . htmlspecialchars($tips) . "</td>";
+        $str .= "</ul></td><td>" . htmlspecialcharsFix($tips) . "</td>";
     }
 }
 

searchResult.php

@@ -52,7 +52,7 @@ $searchStr = "SELECT cs_code, cs_name, cs_country, cs_tel, cs_email, cs_whatsapp
 <div id="man_zone">
     <div class="searchForm resultSearch">
         <form method="post" action="searchResult.php" accept-charset="UTF-8">
-            <input class="keywords" name="keywords" id="keyword" placeholder="请输入电话/邮箱/微信/WhatsApp.." value="<?= htmlspecialchars($keywordsNative) ?>">
+            <input class="keywords" name="keywords" id="keyword" placeholder="请输入电话/邮箱/微信/WhatsApp.." value="<?= htmlspecialcharsFix($keywordsNative) ?>">
             <input class="searchSubmit" type="submit" value="客户检索">
         </form>
     </div>
@@ -75,18 +75,18 @@ if ($result && $result->num_rows > 0) {
 ?>
         <tr>
             <td align="center" rowspan="2"><?= $i ?></td>
-            <td align="center"><?= htmlspecialchars($row['cs_code']) ?></td>
-            <td align="center"><?= htmlspecialchars($row['cs_name']) ?></td>
+            <td align="center"><?= htmlspecialcharsFix($row['cs_code']) ?></td>
+            <td align="center"><?= htmlspecialcharsFix($row['cs_name']) ?></td>
             <td align="center">
                 <?php
                 $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未选择';
+                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未选择';
                 ?>
             </td>
             <td align="center">
                 <?php
                 $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未选择';
+                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未选择';
                 ?>
             </td>
             <td align="center">
@@ -96,19 +96,19 @@ if ($result && $result->num_rows > 0) {
             <td align="center" rowspan="2">
                 <?php
                 $employeeResult = $conn->query("SELECT em_user FROM employee WHERE id=" . (int)$row['cs_belong']);
-                echo ($employeeRow = $employeeResult->fetch_assoc()) ? htmlspecialchars($employeeRow['em_user']) : '系统出错';
+                echo ($employeeRow = $employeeResult->fetch_assoc()) ? htmlspecialcharsFix($employeeRow['em_user']) : '系统出错';
                 ?>
             </td>
         </tr>
         <tr>
             <td colspan="6" class="contacts">
-                <div class="tel"><?= htmlspecialchars($row['cs_tel']) ?></div>
-                <div class="mail"><?= htmlspecialchars($row['cs_email']) ?></div>
-                <div class="whatsapp"><?= htmlspecialchars($row['cs_whatsapp']) ?></div>
-                <div class="wechat"><?= htmlspecialchars($row['cs_wechat']) ?></div>
-                <div class="linkedin"><?= htmlspecialchars($row['cs_linkedin']) ?></div>
-                <div class="facebook"><?= htmlspecialchars($row['cs_facebook']) ?></div>
-                <div class="alibaba"><?= htmlspecialchars($row['cs_alibaba']) ?></div>
+                <div class="tel"><?= htmlspecialcharsFix($row['cs_tel']) ?></div>
+                <div class="mail"><?= htmlspecialcharsFix($row['cs_email']) ?></div>
+                <div class="whatsapp"><?= htmlspecialcharsFix($row['cs_whatsapp']) ?></div>
+                <div class="wechat"><?= htmlspecialcharsFix($row['cs_wechat']) ?></div>
+                <div class="linkedin"><?= htmlspecialcharsFix($row['cs_linkedin']) ?></div>
+                <div class="facebook"><?= htmlspecialcharsFix($row['cs_facebook']) ?></div>
+                <div class="alibaba"><?= htmlspecialcharsFix($row['cs_alibaba']) ?></div>
             </td>
         </tr>
 <?php
@@ -125,7 +125,7 @@ if ($result && $result->num_rows > 0) {
 ?>
         <tr>
             <td colspan="8" align="center">
-                <a href="?">Sorry，没有找到"<?= htmlspecialchars($keywords) ?>"相关的信息，点击返回</a>
+                <a href="?">Sorry，没有找到"<?= htmlspecialcharsFix($keywords) ?>"相关的信息，点击返回</a>
             </td>
         </tr>
 <?php

silentCustomer.php

@@ -172,9 +172,9 @@ $hrefstr = "?keys=" . $keys;
             </div>
             <div class="inputSearch">
                 <input type="text" id="keys" class="inputTxt" 
-                       value="<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialchars($keyscode) ?>" 
-                       onFocus="if(this.value == '<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialchars($keyscode) ?>'){this.value='';}" 
-                       onBlur="if(this.value == ''){this.value='<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialchars($keyscode) ?>';}" 
+                       value="<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>" 
+                       onFocus="if(this.value == '<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>'){this.value='';}" 
+                       onBlur="if(this.value == ''){this.value='<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>';}" 
                        onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
                 <input type="button" id="searchgo" class="searchgo" value="go" 
                        onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
@@ -233,7 +233,7 @@ if ($result && $result->num_rows > 0) {
         <div class="tline color<?= $row['colortag'] ?>">
             <div class="col2"><?= $tempNum ?></div>
             <div class="col3 slidepanel">
-                <?= htmlspecialchars($row['cs_code']) ?>
+                <?= htmlspecialcharsFix($row['cs_code']) ?>
                 <?php if ($row['cs_claimFrom'] > 0): ?>
                     <img src="../images/yijiao.png" class="handover" title="来自认领">
                 <?php endif; ?>
@@ -241,19 +241,19 @@ if ($result && $result->num_rows > 0) {
             <div class="col10">
                 <?php
                 $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未填写';
+                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未填写';
                 ?>
             </div>
             <div class="col10">
                 <?php
                 $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未填写';
+                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未填写';
                 ?>
             </div>
             <div class="col10">
                 <?php
                 $typeResult = $conn->query("SELECT businessType FROM clientType WHERE id=" . (int)$row['cs_type']);
-                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialchars($typeRow['businessType']) : '未填写';
+                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialcharsFix($typeRow['businessType']) : '未填写';
                 ?>
             </div>
             <div class="col10">
@@ -279,13 +279,13 @@ if ($result && $result->num_rows > 0) {
         <div class="notepanel clear">
             <div class="noteItem">联系方式</div>
             <div class="lx">
-                <div class="tel"><?= htmlspecialchars($row['cs_tel']) ?></div>
-                <div class="mail"><a href="mailto:<?= htmlspecialchars($row['cs_email']) ?>"><?= htmlspecialchars($row['cs_email']) ?></a></div>
-                <div class="whatsapp"><?= htmlspecialchars($row['cs_whatsapp']) ?></div>
-                <div class="wechat"><?= htmlspecialchars($row['cs_wechat']) ?></div>
-                <div class="linkedin"><?= htmlspecialchars($row['cs_linkedin']) ?></div>
-                <div class="facebook"><?= htmlspecialchars($row['cs_facebook']) ?></div>
-                <div class="alibaba"><?= htmlspecialchars($row['cs_alibaba']) ?></div>
+                <div class="tel"><?= htmlspecialcharsFix($row['cs_tel']) ?></div>
+                <div class="mail"><a href="mailto:<?= htmlspecialcharsFix($row['cs_email']) ?>"><?= htmlspecialcharsFix($row['cs_email']) ?></a></div>
+                <div class="whatsapp"><?= htmlspecialcharsFix($row['cs_whatsapp']) ?></div>
+                <div class="wechat"><?= htmlspecialcharsFix($row['cs_wechat']) ?></div>
+                <div class="linkedin"><?= htmlspecialcharsFix($row['cs_linkedin']) ?></div>
+                <div class="facebook"><?= htmlspecialcharsFix($row['cs_facebook']) ?></div>
+                <div class="alibaba"><?= htmlspecialcharsFix($row['cs_alibaba']) ?></div>
             </div>
             <div class="noteItem2">备注</div>
             <div class="notecontent">
@@ -300,7 +300,7 @@ if ($result && $result->num_rows > 0) {
                         }
                         $chainResult = $conn->query($sqlStr);
                         while ($chainRow = $chainResult->fetch_assoc()) {
-                            echo htmlspecialchars($chainRow['em_user']) . " > ";
+                            echo htmlspecialcharsFix($chainRow['em_user']) . " > ";
                         }
                     }
                     ?>
@@ -320,7 +320,7 @@ if ($result && $result->num_rows > 0) {
     } else {
 ?>
         <tr>
-            <div align="center"><a href="?">Sorry，没有找到"<?= htmlspecialchars($keyscode) ?>"相关的信息，点击返回</a></div>
+            <div align="center"><a href="?">Sorry，没有找到"<?= htmlspecialcharsFix($keyscode) ?>"相关的信息，点击返回</a></div>
         </tr>
 <?php
     }

subCustomers.php

@@ -171,9 +171,9 @@ $hrefstr = "?keys=" . $keys;
             </div>
             <div class="inputSearch">
                 <input type="text" id="keys" class="inputTxt" 
-                       value="<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialchars($keyscode) ?>" 
-                       onFocus="if(this.value == '<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialchars($keyscode) ?>'){this.value='';}" 
-                       onBlur="if(this.value == ''){this.value='<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialchars($keyscode) ?>';}" 
+                       value="<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>" 
+                       onFocus="if(this.value == '<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>'){this.value='';}" 
+                       onBlur="if(this.value == ''){this.value='<?= empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode) ?>';}" 
                        onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
                 <input type="button" id="searchgo" class="searchgo" value="go" 
                        onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
@@ -232,7 +232,7 @@ if ($result && $result->num_rows > 0) {
             <div class="col1" align="center"><input type="checkbox" name="chkbox[]" value="<?= $row['id'] ?>" /></div>
             <div class="col2"><?= $tempNum ?></div>
             <div class="col3 slidepanel">
-                <?= htmlspecialchars($row['cs_code']) ?>
+                <?= htmlspecialcharsFix($row['cs_code']) ?>
                 <?php if ($row['cs_claimFrom'] > 0): ?>
                     <img src="../images/yijiao.png" class="handover">
                 <?php endif; ?>
@@ -240,19 +240,19 @@ if ($result && $result->num_rows > 0) {
             <div class="col4">
                 <?php
                 $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未填写';
+                echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未填写';
                 ?>
             </div>
             <div class="col5">
                 <?php
                 $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未填写';
+                echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未填写';
                 ?>
             </div>
             <div class="col6">
                 <?php
                 $typeResult = $conn->query("SELECT businessType FROM clientType WHERE id=" . (int)$row['cs_type']);
-                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialchars($typeRow['businessType']) : '未填写';
+                echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialcharsFix($typeRow['businessType']) : '未填写';
                 ?>
             </div>
             <div class="col7">
@@ -272,20 +272,20 @@ if ($result && $result->num_rows > 0) {
             <div class="col9">
                 <?php
                 $employeeResult = $conn->query("SELECT em_user FROM employee WHERE id=" . (int)$row['cs_belong']);
-                echo ($employeeRow = $employeeResult->fetch_assoc()) ? htmlspecialchars($employeeRow['em_user']) : '未填写';
+                echo ($employeeRow = $employeeResult->fetch_assoc()) ? htmlspecialcharsFix($employeeRow['em_user']) : '未填写';
                 ?>
             </div>
         </div>
         <div class="notepanel clear">
             <div class="noteItem">联系方式</div>
             <div class="lx">
-                <div class="tel"><?= htmlspecialchars($row['cs_tel']) ?></div>
-                <div class="mail"><a href="mailto:<?= htmlspecialchars($row['cs_email']) ?>"><?= htmlspecialchars($row['cs_email']) ?></a></div>
-                <div class="whatsapp"><?= htmlspecialchars($row['cs_whatsapp']) ?></div>
-                <div class="wechat"><?= htmlspecialchars($row['cs_wechat']) ?></div>
-                <div class="linkedin"><?= htmlspecialchars($row['cs_linkedin']) ?></div>
-                <div class="facebook"><?= htmlspecialchars($row['cs_facebook']) ?></div>
-                <div class="alibaba"><?= htmlspecialchars($row['cs_alibaba']) ?></div>
+                <div class="tel"><?= htmlspecialcharsFix($row['cs_tel']) ?></div>
+                <div class="mail"><a href="mailto:<?= htmlspecialcharsFix($row['cs_email']) ?>"><?= htmlspecialcharsFix($row['cs_email']) ?></a></div>
+                <div class="whatsapp"><?= htmlspecialcharsFix($row['cs_whatsapp']) ?></div>
+                <div class="wechat"><?= htmlspecialcharsFix($row['cs_wechat']) ?></div>
+                <div class="linkedin"><?= htmlspecialcharsFix($row['cs_linkedin']) ?></div>
+                <div class="facebook"><?= htmlspecialcharsFix($row['cs_facebook']) ?></div>
+                <div class="alibaba"><?= htmlspecialcharsFix($row['cs_alibaba']) ?></div>
             </div>
             <div class="noteItem2">备注</div>
             <div class="notecontent"><?= htmlUnCode($row['cs_note']) ?></div>
@@ -302,7 +302,7 @@ if ($result && $result->num_rows > 0) {
     } else {
 ?>
         <tr>
-            <div align="center" colspan="9"><a href="?">Sorry，没有找到"<?= htmlspecialchars($keyscode) ?>"相关的信息，点击返回</a></div>
+            <div align="center" colspan="9"><a href="?">Sorry，没有找到"<?= htmlspecialcharsFix($keyscode) ?>"相关的信息，点击返回</a></div>
         </tr>
 <?php
     }
@@ -360,7 +360,7 @@ if (isset($totalPages) && $totalPages > 1) {
                         <?php
                         $result = $conn->query("SELECT id, em_user FROM employee WHERE em_role=" . $_SESSION['employee_id']);
                         while ($row = $result->fetch_assoc()) {
-                            echo "<option value=\"t{$row['id']}\">转给" . htmlspecialchars($row['em_user']) . "</option>";
+                            echo "<option value=\"t{$row['id']}\">转给" . htmlspecialcharsFix($row['em_user']) . "</option>";
                         }
                         ?>
                     </select>

subTag.php

@@ -30,13 +30,13 @@ checkLogin();
     while ($row = $result->fetch_assoc()) {
     ?>
     <div class="tagclound">
-        <h1 class="tagCloundHead2"><?= htmlspecialchars($row['em_user']) ?>的客户画像：</h1>
+        <h1 class="tagCloundHead2"><?= htmlspecialcharsFix($row['em_user']) ?>的客户画像：</h1>
         <div class="tagArea">
         <?php
         $tagResult = $conn->query("SELECT tagName, COUNT(id) as count FROM tagTable WHERE employeeId=" . (int)$row['id'] . " GROUP BY tagName");
         while ($tagRow = $tagResult->fetch_assoc()) {
         ?>
-            <a href="subTag.php?employeeId=<?= $row['id'] ?>&tagName=<?= urlencode($tagRow['tagName']) ?>"><?= htmlspecialchars($tagRow['tagName']) ?>(<?= $tagRow['count'] ?>)</a>
+            <a href="subTag.php?employeeId=<?= $row['id'] ?>&tagName=<?= urlencode($tagRow['tagName']) ?>"><?= htmlspecialcharsFix($tagRow['tagName']) ?>(<?= $tagRow['count'] ?>)</a>
         <?php
         }
         ?>

subTagClound.php

@@ -38,7 +38,7 @@ checkLogin();
         while ($row = $result->fetch_assoc()) {
         ?>
             <a href="tag.php?tagName=<?= urlencode($row['tagName']) ?>" style="font-size:16px;">
-                <?= htmlspecialchars($row['tagName']) ?>(<?= $row['count'] ?>)
+                <?= htmlspecialcharsFix($row['tagName']) ?>(<?= $row['count'] ?>)
             </a>
         <?php
         }

system/conn.php

@@ -349,4 +349,8 @@ function isValidEmail($email) {
     
     return true;
 }
-?> 
+//处理特殊字符
+function htmlspecialcharsFix($input_str)
+{
+    return $input_str;
+}

system/country.php

@@ -105,11 +105,11 @@ if ($act == "add" || $act == "edit") {
         <tbody>
             <tr>
                 <th width="8%">国家</th>
-                <td><input type="text" id="countryName" name="countryName" readonly value="<?= htmlspecialchars($countryName) ?>" class="txt1" /><input type="hidden" name="id" value="<?= $id ?>" /></td>
+                <td><input type="text" id="countryName" name="countryName" readonly value="<?= htmlspecialcharsFix($countryName) ?>" class="txt1" /><input type="hidden" name="id" value="<?= $id ?>" /></td>
             </tr>
             <tr>
                 <th width="8%">区号</th>
-                <td><input type="text" id="countryCode" name="countryCode" readonly value="<?= htmlspecialchars($countryCode) ?>" class="txt1" /></td>
+                <td><input type="text" id="countryCode" name="countryCode" readonly value="<?= htmlspecialcharsFix($countryCode) ?>" class="txt1" /></td>
             </tr>
             <tr>
                 <th width="8%">更新日期</th>
@@ -126,8 +126,8 @@ if ($act == "add" || $act == "edit") {
                     ?>
                         <div class="proitem">
                             <div class="prodelet"></div>
-                            <div class="proname"><?= htmlspecialchars($row['ProductName']) ?></div>
-                            <div class="propic"><img src="<?= htmlspecialchars($row['ProductImg']) ?>"></div>      
+                            <div class="proname"><?= htmlspecialcharsFix($row['ProductName']) ?></div>
+                            <div class="propic"><img src="<?= htmlspecialcharsFix($row['ProductImg']) ?>"></div>      
                             <div class="proprice">
                                 <?php
                                 $sql2 = "SELECT num, price FROM Price WHERE productId = {$row['id']} AND AreaId = $id ORDER BY num ASC";
@@ -138,7 +138,7 @@ if ($act == "add" || $act == "edit") {
                                         <input type="hidden" name="productId" value="<?= $row['id'] ?>">
                                         <label>≥</label>
                                         <input type="number" autocomplete="off" class="txt3 num" name="num" value="<?= $row2['num'] ?>">
-                                        <label class='unit'><?= htmlspecialchars($row['unit']) ?></label>
+                                        <label class='unit'><?= htmlspecialcharsFix($row['unit']) ?></label>
                                         <label>售价</label>
                                         <input type="text" class="txt3 price" autocomplete="off" name="price" value="<?= $row2['price'] ?>">
                                         <label>RMB</label>
@@ -249,8 +249,8 @@ $hrefstr = "?keys=$keys";
             <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
                 <td align="center"><input type="checkbox" name="chkbox[]" value="<?= $row['id'] ?>" /></td>
                 <td align="center"><?= $tempNum ?></td>
-                <td align="center"><?= htmlspecialchars($row['countryName']) ?></td>
-                <td align="center"><?= htmlspecialchars($row['countryCode']) ?></td>
+                <td align="center"><?= htmlspecialcharsFix($row['countryName']) ?></td>
+                <td align="center"><?= htmlspecialcharsFix($row['countryCode']) ?></td>
                 <td align="center">
                     <a href="?Keys=<?= $keys ?>&Ord=<?= $ord ?>&Page=<?= $page ?>&act=edit&id=<?= $row['id'] ?>" class="ico_edit ico">修改</a>
                 </td>
@@ -267,7 +267,7 @@ $hrefstr = "?keys=$keys";
             } else {
         ?>
             <tr>
-                <td align="center" colspan="5"><a href="?">Sorry，没有找到"<?= htmlspecialchars($keyscode) ?>"相关的信息，点击返回</a></td>
+                <td align="center" colspan="5"><a href="?">Sorry，没有找到"<?= htmlspecialcharsFix($keyscode) ?>"相关的信息，点击返回</a></td>
             </tr>
         <?php
             }
@@ -329,9 +329,9 @@ $hrefstr = "?keys=$keys";
                     ?>
                     </div>
                     <div class="searchbox">
-                        <input type="text" id="keys" value="<?= $keyscode == "" ? "请输入搜索关键词" : htmlspecialchars($keyscode) ?>"
-                            onFocus="if(this.value == '<?= $keyscode == "" ? "请输入搜索关键词" : htmlspecialchars($keyscode) ?>'){this.value='';}"
-                            onBlur="if(this.value == ''){this.value='<?= $keyscode == "" ? "请输入搜索关键词" : htmlspecialchars($keyscode) ?>';}"
+                        <input type="text" id="keys" value="<?= $keyscode == "" ? "请输入搜索关键词" : htmlspecialcharsFix($keyscode) ?>"
+                            onFocus="if(this.value == '<?= $keyscode == "" ? "请输入搜索关键词" : htmlspecialcharsFix($keyscode) ?>'){this.value='';}"
+                            onBlur="if(this.value == ''){this.value='<?= $keyscode == "" ? "请输入搜索关键词" : htmlspecialcharsFix($keyscode) ?>';}"
                             onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
                         <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
                     </div>

tag.php

@@ -36,7 +36,7 @@ if ($act == 'postchk') {
 $tagStr = '';
 $result = $conn->query("SELECT DISTINCT tagName FROM tagTable WHERE employeeId=" . $_SESSION['employee_id']);
 while ($row = $result->fetch_assoc()) {
-    $tagStr .= "<span>" . htmlspecialchars($row['tagName']) . "</span>,";
+    $tagStr .= "<span>" . htmlspecialcharsFix($row['tagName']) . "</span>,";
 }
 ?>
 <!DOCTYPE html>
@@ -63,7 +63,7 @@ while ($row = $result->fetch_assoc()) {
 <?php // require_once 'panel.php'; ?>
 <div id="man_zone">
     <div class="fastSelect clear">
-        <H1 class="taghead" contenteditable="true" data-originaltag="<?= htmlspecialchars($tagName) ?>" data-em="<?= $_SESSION['employee_id'] ?>"><?= htmlspecialchars($tagName) ?></H1>
+        <H1 class="taghead" contenteditable="true" data-originaltag="<?= htmlspecialcharsFix($tagName) ?>" data-em="<?= $_SESSION['employee_id'] ?>"><?= htmlspecialcharsFix($tagName) ?></H1>
     </div>
     <form id="form1" method="post" action="?act=postchk&tagName=<?= urlencode($tagName) ?>" onsubmit="return false">
         <div width="100%" border="0" cellpadding="3" cellspacing="1" class="table2">
@@ -94,17 +94,17 @@ while ($row = $result->fetch_assoc()) {
                 <div class="tline">
                     <div class="col1" align="center"><input type="checkbox" name="chkbox[]" value="<?= $row['id'] ?>"></div>
                     <div class="col2"><?= $tempNum ?></div>
-                    <div class="col3 slidepanel"><?= htmlspecialchars($row['cs_code']) ?></div>
+                    <div class="col3 slidepanel"><?= htmlspecialcharsFix($row['cs_code']) ?></div>
                     <div class="col4">
                         <?php
                         $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                        echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未填写';
+                        echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未填写';
                         ?>
                     </div>
                     <div class="col5">
                         <?php
                         $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                        echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未填写';
+                        echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未填写';
                         ?>
                     </div>
                     <div class="col7">
@@ -126,13 +126,13 @@ while ($row = $result->fetch_assoc()) {
                 <div class="notepanel clear">
                     <div class="noteItem">联系方式</div>
                     <div class="lx">
-                        <div class="tel"><?= htmlspecialchars($row['cs_tel']) ?></div>
-                        <div class="mail"><a href="mailto:<?= htmlspecialchars($row['cs_email']) ?>"><?= htmlspecialchars($row['cs_email']) ?></a></div>
-                        <div class="whatsapp"><?= htmlspecialchars($row['cs_whatsapp']) ?></div>
-                        <div class="wechat"><?= htmlspecialchars($row['cs_wechat']) ?></div>
-                        <div class="linkedin"><?= htmlspecialchars($row['cs_linkedin']) ?></div>
-                        <div class="facebook"><?= htmlspecialchars($row['cs_facebook']) ?></div>
-                        <div class="alibaba"><?= htmlspecialchars($row['cs_alibaba']) ?></div>
+                        <div class="tel"><?= htmlspecialcharsFix($row['cs_tel']) ?></div>
+                        <div class="mail"><a href="mailto:<?= htmlspecialcharsFix($row['cs_email']) ?>"><?= htmlspecialcharsFix($row['cs_email']) ?></a></div>
+                        <div class="whatsapp"><?= htmlspecialcharsFix($row['cs_whatsapp']) ?></div>
+                        <div class="wechat"><?= htmlspecialcharsFix($row['cs_wechat']) ?></div>
+                        <div class="linkedin"><?= htmlspecialcharsFix($row['cs_linkedin']) ?></div>
+                        <div class="facebook"><?= htmlspecialcharsFix($row['cs_facebook']) ?></div>
+                        <div class="alibaba"><?= htmlspecialcharsFix($row['cs_alibaba']) ?></div>
                     </div>
                     <div class="noteItem2">备注</div>
                     <div class="notecontent"><?= htmlUnCode($row['cs_note']) ?></div>
@@ -142,8 +142,8 @@ while ($row = $result->fetch_assoc()) {
                         $tagResult = $conn->query("SELECT tagName FROM tagTable WHERE customerId=" . $row['id']);
                         while ($tagRow = $tagResult->fetch_assoc()) {
                             $tagStr1 = str_replace(
-                                "<span>" . htmlspecialchars($tagRow['tagName']) . "</span>",
-                                "<span class=\"active\">" . htmlspecialchars($tagRow['tagName']) . "</span>",
+                                "<span>" . htmlspecialcharsFix($tagRow['tagName']) . "</span>",
+                                "<span class=\"active\">" . htmlspecialcharsFix($tagRow['tagName']) . "</span>",
                                 $tagStr1
                             );
                         }
@@ -162,7 +162,7 @@ while ($row = $result->fetch_assoc()) {
                         <?php
                         $result = $conn->query("SELECT id, em_code, em_user FROM employee ORDER BY em_code ASC");
                         while ($row = $result->fetch_assoc()) {
-                            echo "<option value=\"t{$row['id']}\">转给" . htmlspecialchars($row['em_user']) . "(" . htmlspecialchars($row['em_code']) . ")</option>";
+                            echo "<option value=\"t{$row['id']}\">转给" . htmlspecialcharsFix($row['em_user']) . "(" . htmlspecialcharsFix($row['em_code']) . ")</option>";
                         }
                         ?>
                     </select>

tagClound.php

@@ -38,7 +38,7 @@ checkLogin();
         while ($row = $result->fetch_assoc()) {
         ?>
             <a href="tag.php?tagName=<?= urlencode($row['tagName']) ?>" style="font-size:16px;">
-                <?= htmlspecialchars($row['tagName']) ?>(<?= $row['count'] ?>)
+                <?= htmlspecialcharsFix($row['tagName']) ?>(<?= $row['count'] ?>)
             </a>
         <?php
         }

team.php

@@ -115,8 +115,8 @@ if (empty($dateend) || !strtotime($dateend)) {
                 $c5 = $c5Row['c5'];
             ?>
             <tr>
-                <td rowspan="<?= 1 + $c5 ?>"><?= htmlspecialchars($row['em_user']) ?></td>
-                <td><?= htmlspecialchars($row['em_user']) ?></td>
+                <td rowspan="<?= 1 + $c5 ?>"><?= htmlspecialcharsFix($row['em_user']) ?></td>
+                <td><?= htmlspecialcharsFix($row['em_user']) ?></td>
                 <td><?= $c1 ?></td>
                 <td><?= $clstr ?></td>
                 <td><?= $c2 ?></td>
@@ -160,7 +160,7 @@ if (empty($dateend) || !strtotime($dateend)) {
                     $mc4 = $mc4Row['c4'];
             ?>
                 <tr>
-                    <td><?= htmlspecialchars($memberRow['em_user']) ?></td>
+                    <td><?= htmlspecialcharsFix($memberRow['em_user']) ?></td>
                     <td><?= $mc1 ?></td>
                     <td><?= $clstr ?></td>
                     <td><?= $mc2 ?></td>

teamSeas.php

@@ -84,7 +84,7 @@ if ($_SESSION['em_role'] == 0) {
                     $result = $conn->query("SELECT id, countryName FROM country");
                     while ($row = $result->fetch_assoc()) {
                         $selected = ($filterCountry == $row['id']) ? ' selected="selected"' : '';
-                        echo "<option value=\"{$row['id']}\"{$selected}>" . htmlspecialchars($row['countryName']) . "</option>";
+                        echo "<option value=\"{$row['id']}\"{$selected}>" . htmlspecialcharsFix($row['countryName']) . "</option>";
                     }
                     ?>
                 </select>
@@ -97,7 +97,7 @@ if ($_SESSION['em_role'] == 0) {
                     $result = $conn->query("SELECT id, ch_name FROM qudao");
                     while ($row = $result->fetch_assoc()) {
                         $selected = ($filterQudao == $row['id']) ? ' selected="selected"' : '';
-                        echo "<option value=\"{$row['id']}\"{$selected}>" . htmlspecialchars($row['ch_name']) . "</option>";
+                        echo "<option value=\"{$row['id']}\"{$selected}>" . htmlspecialcharsFix($row['ch_name']) . "</option>";
                     }
                     ?>
                 </select>
@@ -119,7 +119,7 @@ if ($_SESSION['em_role'] == 0) {
                     $result = $conn->query("SELECT id, businessType FROM clientType");
                     while ($row = $result->fetch_assoc()) {
                         $selected = ($filterBusiness == $row['id']) ? ' selected="selected"' : '';
-                        echo "<option value=\"{$row['id']}\"{$selected}>" . htmlspecialchars($row['businessType']) . "</option>";
+                        echo "<option value=\"{$row['id']}\"{$selected}>" . htmlspecialcharsFix($row['businessType']) . "</option>";
                     }
                     ?>
                 </select>
@@ -132,7 +132,7 @@ if ($_SESSION['em_role'] == 0) {
                     $result = $conn->query("SELECT id, em_user FROM employee WHERE id IN (" . $memberStr . ")");
                     while ($row = $result->fetch_assoc()) {
                         $selected = ($filterBelong == $row['id']) ? ' selected="selected"' : '';
-                        echo "<option value=\"{$row['id']}\"{$selected}>" . htmlspecialchars($row['em_user']) . "</option>";
+                        echo "<option value=\"{$row['id']}\"{$selected}>" . htmlspecialcharsFix($row['em_user']) . "</option>";
                     }
                     ?>
                 </select>
@@ -192,7 +192,7 @@ if ($_SESSION['em_role'] == 0) {
                     <div class="tline">
                         <div class="col9"><?= $tempNum ?></div>
                         <div class="col3 slidepanel">
-                            <?= htmlspecialchars($row['cs_code']) ?>
+                            <?= htmlspecialcharsFix($row['cs_code']) ?>
                             <?php if ($row['cs_claimFrom'] > 0): ?>
                                 <img src="../images/yijiao.png" class="handover">
                             <?php endif; ?>
@@ -200,19 +200,19 @@ if ($_SESSION['em_role'] == 0) {
                         <div class="col4">
                             <?php
                             $qudaoResult = $conn->query("SELECT ch_name FROM qudao WHERE id=" . (int)$row['cs_from']);
-                            echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialchars($qudaoRow['ch_name']) : '未填写';
+                            echo ($qudaoRow = $qudaoResult->fetch_assoc()) ? htmlspecialcharsFix($qudaoRow['ch_name']) : '未填写';
                             ?>
                         </div>
                         <div class="col5">
                             <?php
                             $countryResult = $conn->query("SELECT countryName FROM country WHERE id=" . (int)$row['cs_country']);
-                            echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialchars($countryRow['countryName']) : '未填写';
+                            echo ($countryRow = $countryResult->fetch_assoc()) ? htmlspecialcharsFix($countryRow['countryName']) : '未填写';
                             ?>
                         </div>
                         <div class="col6">
                             <?php
                             $typeResult = $conn->query("SELECT businessType FROM clientType WHERE id=" . (int)$row['cs_type']);
-                            echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialchars($typeRow['businessType']) : '未填写';
+                            echo ($typeRow = $typeResult->fetch_assoc()) ? htmlspecialcharsFix($typeRow['businessType']) : '未填写';
                             ?>
                         </div>
                         <div class="col6">
@@ -245,7 +245,7 @@ if ($_SESSION['em_role'] == 0) {
                 } else {
             ?>
                     <tr>
-                        <div align="center" colspan="8"><a href="?">Sorry，没有找到"<?= htmlspecialchars($keyscode) ?>"相关的信息，点击返回</a></div>
+                        <div align="center" colspan="8"><a href="?">Sorry，没有找到"<?= htmlspecialcharsFix($keyscode) ?>"相关的信息，点击返回</a></div>
                     </tr>
             <?php
                 }