fleat:update system

system/IP.php

@@ -1,21 +1,8 @@
 <?php
 include "conn.php";
 checkLogin("信息管理");
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<title>管理区域</title>
-<link rel="stylesheet" href="css/common.css" type="text/css" />
-<link rel="stylesheet" href="css/jquery.galpop.css" type="text/css" />
-<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
-<script type="text/javascript" src="js/js.js"></script>
-<script type="text/javascript" src="js/jquery.galpop.min.js"></script>
-</head>
-<body>
-<div id="man_zone">
-<?php
+
+// Move all header-modifying operations to the top
 $act = $_GET['act'] ?? '';
 
 if ($act == "save") {
@@ -29,16 +16,20 @@ if ($act == "save") {
     if ($isedit) {
         $sql = "SELECT * FROM allowIp WHERE id = ?";
         $stmt = $conn->prepare($sql);
-        $stmt->execute([$id]);
+        $stmt->bind_param("i", $id);
+        $stmt->execute();
+        $result = $stmt->get_result();
         
-        if ($stmt->rowCount() > 0) {
+        if ($result->num_rows > 0) {
             $sql = "UPDATE allowIp SET IPAddress = ? WHERE id = ?";
             $stmt = $conn->prepare($sql);
-            $stmt->execute([$IPAddress, $id]);
+            $stmt->bind_param("si", $IPAddress, $id);
+            $stmt->execute();
         } else {
             $sql = "INSERT INTO allowIp (IPAddress) VALUES (?)";
             $stmt = $conn->prepare($sql);
-            $stmt->execute([$IPAddress]);
+            $stmt->bind_param("s", $IPAddress);
+            $stmt->execute();
         }
 
         $page = $_GET['Page'] ?? '';
@@ -49,13 +40,47 @@ if ($act == "save") {
     } else {
         $sql = "INSERT INTO allowIp (IPAddress) VALUES (?)";
         $stmt = $conn->prepare($sql);
-        $stmt->execute([$IPAddress]);
+        $stmt->bind_param("s", $IPAddress);
+        $stmt->execute();
         
         header("Location: ?");
         exit;
     }
 }
 
+if ($act == "postchk") {
+    $keys = urlencode($_GET['Keys'] ?? '');
+    $ord = urlencode($_GET['Ord'] ?? '');
+    $page = $_GET['Page'] ?? '';
+    
+    if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
+        $ids = array_map('intval', $_POST['chkbox']);
+        $sql = "DELETE FROM allowIp WHERE id IN (" . implode(',', array_fill(0, count($ids), '?')) . ")";
+        $types = str_repeat('i', count($ids));
+        $stmt = $conn->prepare($sql);
+        $stmt->bind_param($types, ...$ids);
+        $stmt->execute();
+    }
+    
+    header("Location: ?Keys=$keys&Ord=$ord&Page=$page");
+    exit;
+}
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>管理区域</title>
+<link rel="stylesheet" href="css/common.css" type="text/css" />
+<link rel="stylesheet" href="css/jquery.galpop.css" type="text/css" />
+<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
+<script type="text/javascript" src="js/js.js"></script>
+<script type="text/javascript" src="js/jquery.galpop.min.js"></script>
+</head>
+<body>
+<div id="man_zone">
+<?php
 if ($act == "add" || $act == "edit") {
     $id = $_GET['id'] ?? '';
     $isedit = false;
@@ -65,9 +90,11 @@ if ($act == "add" || $act == "edit") {
         $isedit = true;
         $sql = "SELECT * FROM allowIp WHERE id = ?";
         $stmt = $conn->prepare($sql);
-        $stmt->execute([$id]);
+        $stmt->bind_param("i", $id);
+        $stmt->execute();
+        $result = $stmt->get_result();
         
-        if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+        if ($row = $result->fetch_assoc()) {
             $IPAddress = textUncode($row['IPAddress']);
         } else {
             $isedit = false;
@@ -100,33 +127,22 @@ if ($act == "add" || $act == "edit") {
     exit;
 }
 
-if ($act == "postchk") {
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $ord = urlencode($_GET['Ord'] ?? '');
-    $page = $_GET['Page'] ?? '';
-    
-    if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
-        $ids = array_map('intval', $_POST['chkbox']);
-        $sql = "DELETE FROM allowIp WHERE id IN (" . implode(',', array_fill(0, count($ids), '?')) . ")";
-        $stmt = $conn->prepare($sql);
-        $stmt->execute($ids);
-    }
-    
-    header("Location: ?Keys=$keys&Ord=$ord&Page=$page");
-    exit;
-}
-
 $keys = $_GET['Keys'] ?? '';
 $keyscode = textEncode($keys);
 $ord = $_GET['Ord'] ?? '';
 $page = $_GET['Page'] ?? '';
 
-$sql = "SELECT * FROM allowIp WHERE IPAddress LIKE ? ORDER BY id DESC";
+// Get total count first
+$sql = "SELECT COUNT(*) as total FROM allowIp WHERE IPAddress LIKE ?";
 $stmt = $conn->prepare($sql);
-$stmt->execute(['%' . $keyscode . '%']);
-$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
+$search = '%' . $keyscode . '%';
+$stmt->bind_param("s", $search);
+$stmt->execute();
+$result = $stmt->get_result();
+$row = $result->fetch_assoc();
+$total_records = $row['total'];
 
-$total_records = count($results);
+// Pagination settings
 $records_per_page = 10;
 $total_pages = ceil($total_records / $records_per_page);
 
@@ -137,7 +153,13 @@ $page = (int)$page;
 if ($page > $total_pages) $page = $total_pages;
 
 $start = ($page - 1) * $records_per_page;
-$results = array_slice($results, $start, $records_per_page);
+
+// Get paginated results
+$sql = "SELECT * FROM allowIp WHERE IPAddress LIKE ? ORDER BY id DESC LIMIT ?, ?";
+$stmt = $conn->prepare($sql);
+$stmt->bind_param("sii", $search, $start, $records_per_page);
+$stmt->execute();
+$results = $stmt->get_result();
 
 $keys = urlencode($keys);
 $ord = urlencode($ord);
@@ -155,9 +177,9 @@ $hrefstr = "?keys=$keys";
     </thead>
     <tbody>
     <?php
-    if (!empty($results)) {
+    if ($results->num_rows > 0) {
         $tempNum = ($page - 1) * $records_per_page;
-        foreach ($results as $row) {
+        while ($row = $results->fetch_assoc()) {
             $tempNum++;
             ?>
             <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">

system/SearchArea.php

@@ -7,7 +7,7 @@ $str = textEncode($_GET['str'] ?? '');
 $sql = "select id,countryCode,countryName from country where countryCode like '%" . $str . "%' or countryName like '%" . $str . "%'";
 $rs = $conn->query($sql);
 
-while ($row = $rs->fetch()) {
+while ($row = $rs->fetch_assoc()) {
 ?>
     <li data-id="<?php echo $row['id']; ?>">
         <div class="list-content">

system/Searchproduct.php

@@ -7,7 +7,7 @@ $str = textEncode($_GET['str'] ?? '');
 $sql = "select id,ProductImg,ProductName,unit from Products where productName like '%" . $str . "%'";
 $rs = $conn->query($sql);
 
-while ($row = $rs->fetch()) {
+while ($row = $rs->fetch_assoc()) {
 ?>
     <li data-id="<?php echo $row['id']; ?>" data-unit="<?php echo $row['unit']; ?>">
         <div class="list-content">

system/additional.php

@@ -1,6 +1,17 @@
 <?php
 require_once 'conn.php';
 checkLogin("信息管理");
+
+$qid = $_GET['qid'] ?? '';
+
+// Check qid and redirect if invalid - do this before any output
+if (empty($qid) || !is_numeric($qid)) {
+    $conn->close();
+    header("Location: /");
+    exit;
+}
+
+// Now start HTML output
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
@@ -20,13 +31,6 @@ $Keys = $_GET['Keys'] ?? '';
 $Keyscode = textEncode($Keys);
 $Ord = $_GET['Ord'] ?? '';
 $Page = $_GET['Page'] ?? '';
-$qid = $_GET['qid'] ?? '';
-
-if (empty($qid) || !is_numeric($qid)) {
-    $conn->close();
-    header("Location: /");
-    exit;
-}
 
 $OrdStr = !empty($Ord) ? $Ord . "," : "";
 

system/country.php

@@ -1,4 +1,5 @@
 <?php
+ob_start();
 require_once 'conn.php';
 checklogin("信息管理");
 ?>
@@ -41,10 +42,13 @@ if ($act == "save") {
         $conn->query("DELETE FROM price WHERE AreaId=$id");
         
         for ($i = 0; $i < count($productIds); $i++) {
-            $numVal = empty($nums[$i]) ? 0 : $nums[$i];
-            $priceVal = empty($prices[$i]) ? 0 : $prices[$i];
-            $sql = "INSERT INTO price (productId, AreaId, num, price) VALUES ($productIds[$i], $id, $numVal, '$priceVal')";
-            $conn->query($sql);
+            $numVal = empty($nums[$i]) ? 0 : intval($nums[$i]);
+            $priceVal = empty($prices[$i]) ? 0 : $conn->real_escape_string($prices[$i]);
+            $productId = intval($productIds[$i]);
+            if ($productId > 0) {
+                $sql = "INSERT INTO price (productId, AreaId, num, price) VALUES ($productId, $id, $numVal, '$priceVal')";
+                $conn->query($sql);
+            }
         }
 
         $page = $_GET['Page'] ?? '';
@@ -62,10 +66,13 @@ if ($act == "save") {
         $prices = explode(',', $price);
         
         for ($i = 0; $i < count($productIds); $i++) {
-            $numVal = empty($nums[$i]) ? 0 : $nums[$i];
-            $priceVal = empty($prices[$i]) ? 0 : $prices[$i];
-            $sql = "INSERT INTO price (productId, AreaId, num, price) VALUES ($productIds[$i], $id, $numVal, '$priceVal')";
-            $conn->query($sql);
+            $numVal = empty($nums[$i]) ? 0 : intval($nums[$i]);
+            $priceVal = empty($prices[$i]) ? 0 : $conn->real_escape_string($prices[$i]);
+            $productId = intval($productIds[$i]);
+            if ($productId > 0) {
+                $sql = "INSERT INTO price (productId, AreaId, num, price) VALUES ($productId, $id, $numVal, '$priceVal')";
+                $conn->query($sql);
+            }
         }
 
         header("Location: ?");

system/customers.php

@@ -1,59 +1,43 @@
 <?php
-require_once("conn.php");
-include("checklogin.php"); 
-
-// 辅助函数
-function textEncode($str) {
-    return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
-}
-
-function textDecode($str) {
-    return htmlspecialchars_decode($str, ENT_QUOTES);
-}
-
-function htmlEncode($str) {
-    return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
-}
-
-function htmlDecode($str) {
-    return htmlspecialchars_decode($str, ENT_QUOTES);
-}
+require_once('conn.php');
+checkLogin("信息管理");
 
+// Initialize variables
+$urlStr = "";
 $act = $_GET['act'] ?? '';
-$urlStr = '';
+$output = '';
 
-// 处理保存操作
+// Process all actions that might need headers
 if ($act == "save") {
-    $isedit = false;
+    $isEdit = false;
     $id = $_POST['id'] ?? '';
     if (!empty($id) && is_numeric($id)) {
-        $isedit = true;
+        $isEdit = true;
     }
-    
-    // 获取表单数据
-    $cs_code = textEncode($_POST['cs_code']);
-    $cs_company = textEncode($_POST['cs_company']);
-    $cs_name = textEncode($_POST['cs_name']);
-    $cs_belong = $_POST['cs_belong'];
-    $cs_country = $_POST['cs_country'];
-    $cs_from = $_POST['cs_from'];
-    $cs_tel = textEncode($_POST['cs_tel']);
-    $cs_email = textEncode($_POST['cs_email']);
-    $cs_whatsapp = textEncode($_POST['cs_whatsapp']);
-    $cs_wechat = textEncode($_POST['cs_wechat']);
-    $cs_linkedin = textEncode($_POST['cs_linkedin']);
-    $cs_facebook = textEncode($_POST['cs_facebook']);
-    $cs_alibaba = textEncode($_POST['cs_alibaba']);
-    $cs_state = $_POST['cs_state'];
-    $cs_deal = $_POST['cs_deal'];
-    $no_content = htmlEncode($_POST['no_content']);
+
+    $cs_code = textEncode($_POST['cs_code'] ?? '');
+    $cs_company = textEncode($_POST['cs_company'] ?? '');
+    $cs_name = textEncode($_POST['cs_name'] ?? '');
+    $cs_belong = intval($_POST['cs_belong'] ?? 0);
+    $cs_country = intval($_POST['cs_country'] ?? 0);
+    $cs_from = intval($_POST['cs_from'] ?? 0);
+    $cs_tel = textEncode($_POST['cs_tel'] ?? '');
+    $cs_email = textEncode($_POST['cs_email'] ?? '');
+    $cs_whatsapp = textEncode($_POST['cs_whatsapp'] ?? '');
+    $cs_wechat = textEncode($_POST['cs_wechat'] ?? '');
+    $cs_linkedin = textEncode($_POST['cs_linkedin'] ?? '');
+    $cs_facebook = textEncode($_POST['cs_facebook'] ?? '');
+    $cs_alibaba = textEncode($_POST['cs_alibaba'] ?? '');
+    $cs_state = intval($_POST['cs_state'] ?? 0);
+    $cs_deal = intval($_POST['cs_deal'] ?? 0);
+    $no_content = htmlEncode($_POST['no_content'] ?? '');
     $allowedit = isset($_POST['allowedit']) ? 1 : 0;
 
-    if ($isedit) {
-        // 更新现有记录
-        $sql = "SELECT cs_chain FROM customer WHERE id = $id";
-        $result = mysqli_query($conn, $sql);
-        if ($row = mysqli_fetch_assoc($result)) {
+    if ($isEdit) {
+        $sql = "SELECT cs_chain FROM customer WHERE id=" . $id;
+        $result = $conn->query($sql);
+        
+        if ($row = $result->fetch_assoc()) {
             $cs_chain = $row['cs_chain'];
             $chain_array = explode(',', $cs_chain);
             $last_item = end($chain_array);
@@ -63,330 +47,750 @@ if ($act == "save") {
             }
             
             $sql = "UPDATE customer SET 
-                    cs_code = '$cs_code',
-                    cs_company = '$cs_company',
-                    cs_name = '$cs_name',
-                    cs_belong = '$cs_belong',
-                    cs_country = '$cs_country',
-                    cs_from = '$cs_from',
-                    cs_tel = '$cs_tel',
-                    cs_email = '$cs_email',
-                    cs_whatsapp = '$cs_whatsapp',
-                    cs_wechat = '$cs_wechat',
-                    cs_linkedin = '$cs_linkedin',
-                    cs_facebook = '$cs_facebook',
-                    cs_alibaba = '$cs_alibaba',
-                    cs_state = '$cs_state',
-                    cs_deal = '$cs_deal',
-                    cs_note = '$no_content',
-                    allowedit = $allowedit,
-                    cs_chain = '$cs_chain',
-                    cs_updatetime = NOW()
-                    WHERE id = $id";
-                    
-            mysqli_query($conn, $sql);
-            
+                cs_code='$cs_code', 
+                cs_company='$cs_company', 
+                cs_name='$cs_name',
+                cs_belong=$cs_belong,
+                cs_country=$cs_country,
+                cs_from=$cs_from,
+                cs_tel='$cs_tel',
+                cs_email='$cs_email',
+                cs_whatsapp='$cs_whatsapp',
+                cs_wechat='$cs_wechat',
+                cs_linkedin='$cs_linkedin',
+                cs_facebook='$cs_facebook',
+                cs_alibaba='$cs_alibaba',
+                cs_state=$cs_state,
+                cs_deal=$cs_deal,
+                cs_note='$no_content',
+                allowedit=$allowedit,
+                cs_chain='$cs_chain',
+                cs_updatetime=NOW()
+                WHERE id=$id";
+
+            $conn->query($sql);
+
             $page = $_GET['Page'] ?? '';
             $keys = urlencode($_GET['Keys'] ?? '');
             header("Location: ?keys=$keys&Page=$page$urlStr");
             exit;
+        } else {
+            $output = "<script>alert('不存在该客户');history.back();</script>";
         }
+    } else {
+        $sql = "INSERT INTO customer (
+            cs_code, cs_company, cs_name, cs_belong, cs_country, cs_from,
+            cs_tel, cs_email, cs_whatsapp, cs_wechat, cs_linkedin,
+            cs_facebook, cs_alibaba, cs_state, cs_deal, cs_note,
+            allowedit, cs_chain, cs_addtime, cs_updatetime
+        ) VALUES (
+            '$cs_code', '$cs_company', '$cs_name', $cs_belong, $cs_country, $cs_from,
+            '$cs_tel', '$cs_email', '$cs_whatsapp', '$cs_wechat', '$cs_linkedin',
+            '$cs_facebook', '$cs_alibaba', $cs_state, $cs_deal, '$no_content',
+            $allowedit, '$cs_belong', NOW(), NOW()
+        )";
+        
+        $conn->query($sql);
+        header("Location: ?");
+        exit;
     }
 }
 
-// 处理编辑操作
-if ($act == "edit") {
+// If we have output from processing, we'll show it instead of the normal page
+if (!empty($output)) {
+    echo $output;
+    exit;
+}
+?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>管理区域</title>
+<link rel="stylesheet" href="css/common.css" type="text/css" />
+<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
+<script type="text/javascript" src="js/js.js"></script>
+<script type="text/javascript" src="xheditor-1.1.9/xheditor-1.1.9-zh-cn.min.js"></script>
+<script>
+$(document).ready(function(){
+    $('.txt2').xheditor({
+        tools:'full',
+        hoverExecDelay:-1,
+        urlBase:'system/',
+        upLinkUrl:"upload.php",
+        upLinkExt:"zip,rar,txt,pdf",
+        upImgUrl:"upload.php",
+        upImgExt:"jpg,jpeg,gif,png",
+        upFlashUrl:"upload.php",
+        upFlashExt:"swf",
+        upMediaUrl:"upload.php",
+        upMediaExt:"wmv,avi,wma,mp3,mid"
+    });
+});
+</script>
+</head>
+<body>
+<div id="man_zone">
+<?php
+
+// 编辑操作
+if ($act == "edit" || $act == "add") {
     $id = $_GET['id'] ?? '';
-    $isedit = false;
-    if (!empty($id) && is_numeric($id)) {
-        $isedit = true;
-    }
+    $isEdit = false;
     
-    if ($isedit) {
-        $sql = "SELECT c.*, n.c_code FROM customer c 
+    // 初始化变量
+    $cs_code = $cs_company = $cs_name = $cs_tel = $cs_telBu = '';
+    $cs_wechat = $cs_wechatBu = $cs_whatsapp = $cs_whatsappBu = '';
+    $cs_email = $cs_emailBu = $cs_linkedin = $cs_linkedinBu = '';
+    $cs_facebook = $cs_facebookBu = $cs_alibaba = $cs_alibabaBu = '';
+    $cs_address = $cs_addtime = $cs_updatetime = $cs_note = '';
+    $cs_belong = $cs_country = $cs_from = $cs_state = $cs_deal = $allowedit = 0;
+
+    if (!empty($id) && is_numeric($id)) {
+        $isEdit = true;
+        
+        $sql = "SELECT c.*, n.c_code 
+                FROM customer c 
                 LEFT JOIN myNote n ON c.cs_code = n.c_code 
-                WHERE c.id = $id";
-        $result = mysqli_query($conn, $sql);
-        if ($row = mysqli_fetch_assoc($result)) {
-            $cs_code = textDecode($row['cs_code']);
-            $cs_company = textDecode($row['cs_company']);
-            $cs_name = textDecode($row['cs_name']);
+                WHERE c.id=$id";
+        $result = $conn->query($sql);
+        
+        if ($row = $result->fetch_assoc()) {
+            $cs_code = textUncode($row['cs_code']);
+            $cs_company = textUncode($row['cs_company']);
+            $cs_name = textUncode($row['cs_name']);
             $cs_country = $row['cs_country'];
             $cs_from = $row['cs_from'];
-            $cs_tel = textDecode($row['cs_tel']);
-            $cs_telBu = textDecode($row['cs_telBu']);
-            $cs_email = textDecode($row['cs_email']);
-            $cs_emailBu = textDecode($row['cs_emailBu']);
-            $cs_whatsapp = textDecode($row['cs_whatsapp']);
-            $cs_whatsappBu = textDecode($row['cs_whatsappBu']);
-            $cs_wechat = textDecode($row['cs_wechat']);
-            $cs_wechatBu = textDecode($row['cs_wechatBu']);
-            $cs_linkedin = textDecode($row['cs_linkedin']);
-            $cs_linkedinBu = textDecode($row['cs_linkedinBu']);
-            $cs_facebook = textDecode($row['cs_facebook']);
-            $cs_facebookBu = textDecode($row['cs_facebookBu']);
-            $cs_alibaba = textDecode($row['cs_alibaba']);
-            $cs_alibabaBu = textDecode($row['cs_alibabaBu']);
-            $cs_address = textDecode($row['cs_address']);
+            $cs_tel = textUncode($row['cs_tel']);
+            $cs_telBu = textUncode($row['cs_telBu']);
+            $cs_wechat = textUncode($row['cs_wechat']);
+            $cs_wechatBu = textUncode($row['cs_wechatBu']);
+            $cs_whatsapp = textUncode($row['cs_whatsapp']);
+            $cs_whatsappBu = textUncode($row['cs_whatsappBu']);
+            $cs_email = textUncode($row['cs_email']);
+            $cs_emailBu = textUncode($row['cs_emailBu']);
+            $cs_linkedin = textUncode($row['cs_linkedin']);
+            $cs_linkedinBu = textUncode($row['cs_linkedinBu']);
+            $cs_facebook = textUncode($row['cs_facebook']);
+            $cs_facebookBu = textUncode($row['cs_facebookBu']);
+            $cs_alibaba = textUncode($row['cs_alibaba']);
+            $cs_alibabaBu = textUncode($row['cs_alibabaBu']);
+            $cs_address = textUncode($row['cs_address']);
             $cs_addtime = $row['cs_addtime'];
             $cs_updatetime = $row['cs_updatetime'];
             $cs_belong = $row['cs_belong'];
             $cs_state = $row['cs_state'];
             $cs_deal = $row['cs_deal'];
-            $cs_note = htmlDecode($row['cs_note']);
+            $cs_note = htmlUncode($row['cs_note']);
             $allowedit = $row['allowedit'];
         }
     }
+
+    $page = $_GET['Page'] ?? '';
+    $keys = urlencode($_GET['Keys'] ?? '');
+    $ord = urlencode($_GET['Ord'] ?? '');
+    $hrefstr = "?keys=$keys&Page=$page&Ord=$ord";
+    ?>
+    <form name="form1" method="post" action="<?php echo $hrefstr; ?>&act=save">
+    <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
+        <tbody>
+            <tr>
+                <th width="8%">客户编号</th>
+                <td><input type="text" id="cs_code" name="cs_code" value="<?php echo $cs_code; ?>" class="txt1" />
+                    <input type="hidden" name="id" value="<?php echo $id; ?>" /></td>
+            </tr>
+            <tr>
+                <th width="8%">公司名称</th>
+                <td><input type="text" id="cs_company" name="cs_company" value="<?php echo $cs_company; ?>" class="txt1" /></td>
+            </tr>
+            <tr>
+                <th width="8%">联系人</th>
+                <td><input type="text" id="cs_name" name="cs_name" value="<?php echo $cs_name; ?>" class="txt1" /></td>
+            </tr>        
+            <tr>
+                <th width="8%">所属业务</th>
+                <td>
+                    <select name="cs_belong">
+                        <option value="0">请选择</option>
+                        <?php
+                        $sql = "SELECT id,em_user FROM employee";
+                        $result = $conn->query($sql);
+                        while($row = $result->fetch_assoc()) {
+                            $selected = ($row['id'] == $cs_belong) ? ' selected="selected"' : '';
+                            echo "<option value=\"{$row['id']}\"$selected>{$row['em_user']}</option>";
+                        }
+                        ?>
+                    </select>
+                </td>
+            </tr>
+            <tr>
+                <th width="8%">国家</th>
+                <td>
+                    <select name="cs_country">
+                        <option value="0">请选择</option>
+                        <?php
+                        $sql = "SELECT id,countryCode,countryName FROM country";
+                        $result = $conn->query($sql);
+                        while($row = $result->fetch_assoc()) {
+                            $selected = ($row['id'] == $cs_country) ? ' selected="selected"' : '';
+                            echo "<option value=\"{$row['id']}\"$selected>{$row['countryName']}</option>";
+                        }
+                        ?>
+                    </select>
+                </td>
+            </tr>
+            <tr>
+                <th width="8%">来源</th>
+                <td>
+                    <select name="cs_from">
+                        <option value="0">请选择</option>
+                        <?php
+                        $sql = "SELECT id,ch_name FROM qudao";
+                        $result = $conn->query($sql);
+                        while($row = $result->fetch_assoc()) {
+                            $selected = ($row['id'] == $cs_from) ? ' selected="selected"' : '';
+                            echo "<option value=\"{$row['id']}\"$selected>{$row['ch_name']}</option>";
+                        }
+                        ?>
+                    </select>
+                </td>
+            </tr>                
+            <tr>
+                <th width="8%">录入时间</th>
+                <td><?php echo $cs_addtime; ?></td>
+            </tr>
+            <tr>
+                <th width="8%">更新时间</th>
+                <td><?php echo $cs_updatetime; ?></td>
+            </tr>
+            <tr>
+                <th width="8%" rowspan="7">联系方式</th>
+                <td><input type="text" id="cs_tel" name="cs_tel" value="<?php echo $cs_tel ?? ''; ?>" class="txt5 tel" />备份:<?php echo $cs_telBu ?? ''; ?></td>
+            </tr>
+            <tr>
+                <td><input type="text" id="cs_email" name="cs_email" value="<?php echo $cs_email ?? ''; ?>" class="txt5 mail" />备份:<?php echo $cs_emailBu ?? ''; ?></td>
+            </tr>    
+            <tr>
+                <td><input type="text" id="cs_whatsapp" name="cs_whatsapp" value="<?php echo $cs_whatsapp ?? ''; ?>" class="txt5 whatsapp" />备份：<?php echo $cs_whatsappBu ?? ''; ?></td>        
+            </tr>    
+            <tr>
+                <td><input type="text" id="cs_wechat" name="cs_wechat" value="<?php echo $cs_wechat ?? ''; ?>" class="txt5 wechat" />备份：<?php echo $cs_wechatBu ?? ''; ?></td>    
+            </tr>
+            <tr>
+                <td><input type="text" id="cs_linkedin" name="cs_linkedin" value="<?php echo $cs_linkedin ?? ''; ?>" class="txt5 linkedin" />备份：<?php echo $cs_linkedinBu ?? ''; ?></td>
+            </tr>    
+            <tr>
+                <td><input type="text" id="cs_facebook" name="cs_facebook" value="<?php echo $cs_facebook ?? ''; ?>" class="txt5 facebook" />备份：<?php echo $cs_facebookBu ?? ''; ?></td>        
+            </tr>    
+            <tr>
+                <td><input type="text" id="cs_alibaba" name="cs_alibaba" value="<?php echo $cs_alibaba ?? ''; ?>" class="txt5 alibaba" />备份：<?php echo $cs_alibabaBu ?? ''; ?></td>    
+            </tr>        
+            <tr>
+                <th width="8%">地址</th>
+                <td><input type="text" id="cs_address" name="cs_address" value="<?php echo $cs_address ?? ''; ?>" class="txt1" /></td>
+            </tr>        
+            <tr>
+                <th width="8%">标签</th>
+                <td>
+                    <?php
+                    if($isEdit ?? false) {
+                        $sql = "SELECT id,tagName FROM tagTable WHERE customerId = ?";
+                        $stmt = $conn->prepare($sql);
+                        $stmt->bind_param("i", $id);
+                        $stmt->execute();
+                        $result = $stmt->get_result();
+                        while($row = $result->fetch_assoc()) {
+                            echo htmlspecialchars($row['tagName'] ?? '') . ',';
+                        }
+                        $stmt->close();
+                    }
+                    ?>                
+                </td>
+            </tr>                        
+            <tr>
+                <th width="8%">状态</th>
+                <td>
+                    <label><input type="radio" name="cs_state" value="1" <?php if(($cs_state ?? 0)==1) echo 'checked="checked"'; ?> />有效</label> 
+                    <label><input type="radio" name="cs_state" value="0" <?php if(($cs_state ?? 0)!=1) echo 'checked="checked"'; ?> />不再跟进</label>
+                </td>
+            </tr>
+            <tr>
+                <th width="8%">是否误报</th>
+                <td>
+                    <label><input type="radio" name="allowedit" value="1" <?php if(($allowedit ?? 0)==1) echo 'checked="checked"'; ?> />审核通过</label> 
+                    <label><input type="radio" name="allowedit" value="0" <?php if(($allowedit ?? 0)!=1) echo 'checked="checked"'; ?> />一般处理</label>
+                </td>
+            </tr>            
+            <tr>
+                <th width="8%">是否成交</th>
+                <td>
+                    <label><input type="radio" name="cs_deal" value="3" <?php if(($cs_deal ?? 0)==3) echo 'checked="checked"'; ?> />成交</label> 
+                    <label><input type="radio" name="cs_deal" value="2" <?php if(($cs_deal ?? 0)==2) echo 'checked="checked"'; ?> />明确需求</label>
+                    <label><input type="radio" name="cs_deal" value="1" <?php if(($cs_deal ?? 0)==1) echo 'checked="checked"'; ?> />背景调查</label>                    
+                    <label><input type="radio" name="cs_deal" value="0" <?php if(($cs_deal ?? 0)==0) echo 'checked="checked"'; ?> />无响应</label>
+                </td>
+            </tr>
+            <tr>
+                <th>内容</th>
+                <td><textarea id="no_content" name="no_content" class="txt2"><?php echo $cs_note ?? ''; ?></textarea></td>
+            </tr>
+            <tr>
+                <th></th>
+                <td>
+                    <input type="submit" name="save" id="save" value="确定" class="btn1" /> 
+                    <input type="reset" name="save" id="save" value="重置" class="btn1" /> 
+                    <input type="button" value="返回" class="btn1" onClick="location.href='<?php echo $hrefstr; ?>'" />
+                </td>
+            </tr>
+        </tbody>
+    </table>
+    </form>
+    <?php
+    exit;
 }
 
-// 处理批量操作
+// 批量操作
 if ($act == "postchk") {
-    if (isset($_POST['chkbox']) && isset($_POST['chkact'])) {
-        $chkact = $_POST['chkact'];
-        $ids = implode(',', array_map('intval', $_POST['chkbox']));
-        
-        switch($chkact) {
-            case "0":
-            case "1":
-                $sql = "UPDATE customer SET cs_state = $chkact WHERE id IN ($ids)";
-                break;
-            case "-1":
-                $sql = "DELETE FROM customer WHERE id IN ($ids)";
-                break;
-        }
+    $keys = urlencode($_GET['Keys'] ?? '');
+    $page = $_GET['Page'] ?? '';
+    $chkact = $_POST['chkact'] ?? '';
+    
+    if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
+        $ids = array_map('intval', $_POST['chkbox']);
+        $idList = implode(',', $ids);
         
-        if (isset($sql)) {
-            mysqli_query($conn, $sql);
+        if (!empty($idList)) {
+            switch($chkact) {
+                case "0":
+                case "1":
+                    $sql = "UPDATE customer SET cs_state=$chkact WHERE id IN ($idList)";
+                    break;
+                default:
+                    $sql = "DELETE FROM customer WHERE id IN ($idList)";
+            }
+            $conn->query($sql);
         }
-        
-        $keys = urlencode($_GET['Keys'] ?? '');
-        $page = $_GET['Page'] ?? '';
-        header("Location: ?keys=$keys&Page=$page$urlStr");
-        exit;
     }
+    
+    header("Location: ?Keys=$keys&Page=$page");
+    exit;
 }
 
-// ... (第一部分代码续)
-
-// 处理筛选条件
+// 主列表页面
 $fliterQudao = $_GET['fliterQudao'] ?? '';
 $fliterDeal = $_GET['fliterDeal'] ?? '';
 $fliterTeam = $_GET['fliterTeam'] ?? '';
 $fliterContact = $_GET['fliterContact'] ?? '';
 $fliterEmployee = $_GET['fliterEmployee'] ?? '';
 
-$fliterStr = "";
+$filterStr = "";
+$urlStr = "";
 
 if (!empty($fliterQudao)) {
-    $fliterStr .= " AND cs_from = " . intval($fliterQudao);
-    $urlStr .= "&fliterQudao=" . $fliterQudao;
+    $filterStr .= " AND cs_from=" . intval($fliterQudao);
+    $urlStr .= "&fliterQudao=$fliterQudao";
 }
 
 if (!empty($fliterDeal)) {
-    $fliterStr .= " AND cs_deal = " . intval($fliterDeal);
-    $urlStr .= "&fliterDeal=" . $fliterDeal;
+    $filterStr .= " AND cs_deal=" . intval($fliterDeal);
+    $urlStr .= "&fliterDeal=$fliterDeal";
 }
 
 if (!empty($fliterTeam)) {
-    $fliterStr .= " AND (cs_belong = " . intval($fliterTeam) . 
-                  " OR cs_belong IN (SELECT id FROM employee WHERE em_role = " . intval($fliterTeam) . "))";
-    $urlStr .= "&fliterTeam=" . $fliterTeam;
+    $filterStr .= " AND (cs_belong=" . intval($fliterTeam) . 
+                 " OR cs_belong IN (SELECT id FROM employee WHERE em_role=" . intval($fliterTeam) . "))";
+    $urlStr .= "&fliterTeam=$fliterTeam";
 }
 
 if (!empty($fliterEmployee)) {
-    $fliterStr .= " AND cs_belong = " . intval($fliterEmployee);
-    $urlStr .= "&fliterEmployee=" . $fliterEmployee;
+    $filterStr .= " AND cs_belong=" . intval($fliterEmployee);
+    $urlStr .= "&fliterEmployee=$fliterEmployee";
 }
 
 if (!empty($fliterContact)) {
     switch($fliterContact) {
-        case "1": $fliterStr .= " AND cs_tel != ''"; break;
-        case "2": $fliterStr .= " AND cs_wechat != ''"; break;
-        case "3": $fliterStr .= " AND cs_whatsapp != ''"; break;
-        case "4": $fliterStr .= " AND cs_email != ''"; break;
-        case "5": $fliterStr .= " AND cs_linkedin != ''"; break;
-        case "6": $fliterStr .= " AND cs_facebook != ''"; break;
-        case "7": $fliterStr .= " AND cs_alibaba != ''"; break;
+        case "1": $filterStr .= " AND cs_tel<>''"; break;
+        case "2": $filterStr .= " AND cs_wechat<>''"; break;
+        case "3": $filterStr .= " AND cs_whatsapp<>''"; break;
+        case "4": $filterStr .= " AND cs_email<>''"; break;
+        case "5": $filterStr .= " AND cs_linkedin<>''"; break;
+        case "6": $filterStr .= " AND cs_facebook<>''"; break;
+        default: $filterStr .= " AND cs_alibaba<>''";
     }
-    $urlStr .= "&fliterContact=" . $fliterContact;
+    $urlStr .= "&fliterContact=$fliterContact";
 }
 
-// 搜索和排序
 $keys = $_GET['Keys'] ?? '';
 $keyscode = textEncode($keys);
-$page = $_GET['Page'] ?? 1;
+$page = $_GET['Page'] ?? '';
 $ord = $_GET['Ord'] ?? '';
 
-$ordStr = !empty($ord) ? "$ord," : "";
-
-// 构建查询SQL
-$sqlStr = "SELECT id, cs_code, cs_name, cs_country, cs_address, cs_tel, cs_email, 
-           cs_whatsapp, cs_wechat, cs_linkedin, cs_facebook, cs_addtime, cs_alibaba,
-           cs_from, cs_deal, cs_updatetime, cs_belong, cs_note, cs_claimFrom, cs_chain, 
-           cs_dealdate 
-           FROM customer 
-           WHERE (cs_code LIKE '%$keyscode%' 
-           OR cs_name LIKE '%$keyscode%' 
-           OR cs_wechat LIKE '%$keyscode%' 
-           OR cs_alibaba LIKE '%$keyscode%' 
-           OR cs_telformat LIKE '%$keyscode%' 
-           OR cs_whatsappformat LIKE '%$keyscode%' 
-           OR cs_email LIKE '%$keyscode%') 
-           $fliterStr 
-           ORDER BY {$ordStr}cs_updatetime DESC";
+$sql = "SELECT id, cs_code, cs_name, cs_country, cs_address, cs_tel, cs_email, 
+        cs_whatsapp, cs_wechat, cs_linkedin, cs_facebook, cs_addtime, 
+        cs_alibaba, cs_from, cs_deal, cs_updatetime, cs_belong, cs_note, 
+        cs_claimFrom, cs_chain, cs_dealdate 
+        FROM customer 
+        WHERE (cs_code LIKE '%$keyscode%' 
+        OR cs_name LIKE '%$keyscode%' 
+        OR cs_wechat LIKE '%$keyscode%'
+        OR cs_alibaba LIKE '%$keyscode%' 
+        OR cs_telformat LIKE '%$keyscode%' 
+        OR cs_whatsappformat LIKE '%$keyscode%'
+        OR cs_email LIKE '%$keyscode%') 
+        $filterStr 
+        ORDER BY cs_updatetime DESC";
 
+$result = $conn->query($sql);
 ?>
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>管理区域</title>
-    <link rel="stylesheet" href="css/common.css" type="text/css" />
-    <script language="javascript" src="js/jquery-1.7.2.min.js"></script>
-    <script type="text/javascript" src="js/js.js"></script>
-    <script type="text/javascript" src="xheditor-1.1.9/xheditor-1.1.9-zh-cn.min.js"></script>
-    <script>
-    $(document).ready(function(){
-        $('.txt2').xheditor({
-            tools:'full',
-            hoverExecDelay:-1,
-            urlBase:'system/',
-            upLinkUrl:"upload.php",
-            upLinkExt:"zip,rar,txt,pdf",
-            upImgUrl:"upload.php",
-            upImgExt:"jpg,jpeg,gif,png",
-            upFlashUrl:"upload.php",
-            upFlashExt:"swf",
-            upMediaUrl:"upload.php",
-            upMediaExt:"wmv,avi,wma,mp3,mid"
-        });
-    });
-    </script>
-</head>
 
-<body>
-<div id="man_zone">
-<?php if ($act == "edit"): ?>
-    <form name="form1" method="post" action="<?php echo "?keys=" . urlencode($keys) . "&Page=" . ($page ?? '') . "&act=save" . $urlStr; ?>">
-        <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
-            <tbody>
-                <tr>
-                    <th width="8%">客户编号</th>
-                    <td><input type="text" id="cs_code" name="cs_code" value="<?php echo $cs_code ?? ''; ?>" class="txt1" />
-                    <input type="hidden" name="id" value="<?php echo $id ?? ''; ?>" /></td>
+<form id="form1" method="post" action="?act=postchk&Keys=<?php echo $keys; ?>&Page=<?php echo $page; ?>" onSubmit="return false">
+    <div class="fastSelect clear">
+        <H1>搜索条件</H1>
+        <div class="selectItem">        
+        <label>来源渠道</label>
+            <select name="fliterQudao" class="filterSearch">
+                <option value="">请选择渠道</option>
+                <?php 
+                $sql_temp = "SELECT id,ch_name FROM qudao";
+                $qudaoResult = $conn->query($sql_temp);
+                while($row = $qudaoResult->fetch_assoc()) {
+                    $selected = ($fliterQudao == $row['id']) ? ' selected="selected"' : '';
+                    echo "<option value=\"{$row['id']}\"$selected>{$row['ch_name']}</option>";
+                }
+                ?>
+            </select>    
+        </div>
+        <div class="selectItem">        
+        <label>是否成交</label>
+            <select name="fliterDeal" class="filterSearch">
+                <option value="">请选择</option>
+                <option value="3" <?php if($fliterDeal=="3") echo 'selected="selected"'; ?>>已成交</option>                    
+                <option value="2" <?php if($fliterDeal=="2") echo 'selected="selected"'; ?>>明确需求</option>                    
+                <option value="1" <?php if($fliterDeal=="1") echo 'selected="selected"'; ?>>背景调查</option>    
+                <option value="0" <?php if($fliterDeal=="0") echo 'selected="selected"'; ?>>无响应</option>            
+            </select>
+        </div>
+        <div class="selectItem">        
+        <label>按组</label>
+            <select name="fliterTeam" class="filterSearch">
+                <option value="">请选择</option>
+                <?php
+                $sql_temp = "SELECT id,em_user FROM employee WHERE em_role=0";
+                $teamResult = $conn->query($sql_temp);
+                while($row = $teamResult->fetch_assoc()) {
+                    $selected = ($fliterTeam == $row['id']) ? ' selected="selected"' : '';
+                    echo "<option value=\"{$row['id']}\"$selected>{$row['em_user']}组</option>";
+                }
+                ?>            
+            </select>
+        </div>
+        
+        <div class="selectItem">        
+        <label>业务</label>
+            <select name="fliterEmployee" class="filterSearch">
+                <option value="">请选择</option>
+                <?php
+                $sql_temp = "SELECT id,em_user FROM employee";
+                $empResult = $conn->query($sql_temp);
+                while($row = $empResult->fetch_assoc()) {
+                    $selected = ($fliterEmployee == $row['id']) ? ' selected="selected"' : '';
+                    echo "<option value=\"{$row['id']}\"$selected>{$row['em_user']}</option>";
+                }
+                ?>            
+            </select>
+        </div>
+        
+        <div class="selectItem">        
+        <label>联系方式</label>
+            <select name="fliterContact" class="filterSearch">
+                <option value="">请选择</option>
+                <option value="1" <?php if($fliterContact=="1") echo 'selected="selected"'; ?>>电话</option>        
+                <option value="2" <?php if($fliterContact=="2") echo 'selected="selected"'; ?>>微信</option>    
+                <option value="3" <?php if($fliterContact=="3") echo 'selected="selected"'; ?>>WhatsApp</option>        
+                <option value="4" <?php if($fliterContact=="4") echo 'selected="selected"'; ?>>邮箱</option>            
+                <option value="5" <?php if($fliterContact=="5") echo 'selected="selected"'; ?>>领英</option>        
+                <option value="6" <?php if($fliterContact=="6") echo 'selected="selected"'; ?>>Facebook</option>            
+                <option value="7" <?php if($fliterContact=="7") echo 'selected="selected"'; ?>>阿里巴巴</option>            
+            </select>
+        </div>
+        <div class="inputSearch">
+            <input type="text" id="keys" class="inputTxt" value="<?php echo empty($keyscode) ? '请输入搜索关键词' : $keyscode; ?>" 
+                   onFocus="if(this.value == '<?php echo empty($keyscode) ? '请输入搜索关键词' : $keyscode; ?>'){this.value='';}" 
+                   onBlur="if(this.value == ''){this.value='<?php echo empty($keyscode) ? '请输入搜索关键词' : $keyscode; ?>';}" 
+                   onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)+'<?php echo $urlStr; ?>'}" />
+            <input type="button" id="searchgo" class="searchgo" value="go" 
+                   onClick="location.href='?Keys='+escape(document.getElementById('keys').value)+'<?php echo $urlStr; ?>'" />
+        </div>
+    </div>
+    
+    <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
+        <thead>
+            <tr>
+                <th width="4%"><input type="checkbox" name="chkall" id="chkall" onClick="chkboxall(this,'chkbox')" /></th>
+                <th width="6%">序号</th>
+                <th width="20%">客户编码</th>
+                <th width="10%">联系人</th>
+                <th width="10%">国家地区</th>    
+                <th width="7.5%">来源</th>                        
+                <th width="7.5%">是否成交</th>        
+                <th width="10%">业务员</th>                    
+                <th width="10%">操作</th>
+            </tr>
+        </thead>
+        <tbody>
+        <?php
+        if ($result->num_rows > 0) {
+            $pageSize = 18;
+            $totalPages = ceil($result->num_rows / $pageSize);
+            
+            if (empty($page)) $page = 1;
+            if ($page == 'end') $page = $totalPages;
+            if (!is_numeric($page) || $page < 1) $page = 1;
+            $page = (int)$page;
+            if ($page > $totalPages) $page = $totalPages;
+            
+            $offset = ($page - 1) * $pageSize;
+            $sql .= " LIMIT $offset, $pageSize";
+
+
+            $result = $conn->query($sql);
+            
+            $tempNum = $pageSize * ($page - 1);
+            
+            while ($row = $result->fetch_assoc()) {
+
+
+
+                $tempNum++;
+                ?>
+                <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
+                    <td align="center"><input type="checkbox" name="chkbox" value="<?php echo $row['id'] ?? ''; ?>" /></td>
+                    <td align="center"><?php echo $tempNum; ?></td>
+                    <td align="center" class="code" data-id="<?php echo $row['id'] ?? ''; ?>">
+                        <?php
+
+                        echo $row['cs_code'] ?? ''; ?>
+                        <?php if(($row['cs_claimFrom'] ?? 0) > 0): ?>
+                            <img src="../images/yijiao.png" class="handover">
+                        <?php endif; ?>
+                    </td>
+                    <td align="center"><?php echo $row['cs_name'] ?? ''; ?></td>
+                    <td align="center">
+                        <?php
+                        $countryId = intval($row['cs_country'] ?? 0);
+                        $sql = "SELECT countryName FROM country WHERE id = ?";
+                        $stmt = $conn->prepare($sql);
+                        $stmt->bind_param("i", $countryId);
+                        $stmt->execute();
+                        $countryResult = $stmt->get_result();
+                        if ($countryRow = $countryResult->fetch_assoc()) {
+                            echo htmlspecialchars($countryRow['countryName']);
+                        } else {
+                            echo "未选择";
+                        }
+                        $stmt->close();
+                        ?>
+                    </td>
+                    <td align="center">
+                        <?php
+                        $fromId = intval($row['cs_from'] ?? 0);
+                        $sql = "SELECT ch_name FROM qudao WHERE id = ?";
+                        $stmt = $conn->prepare($sql);
+                        $stmt->bind_param("i", $fromId);
+                        $stmt->execute();
+                        $qudaoResult = $stmt->get_result();
+                        if ($qudaoRow = $qudaoResult->fetch_assoc()) {
+                            echo htmlspecialchars($qudaoRow['ch_name']);
+                        } else {
+                            echo "未选择";
+                        }
+                        $stmt->close();
+                        ?>
+                    </td>                
+                    <td align="center">
+                        <?php 
+                        $cs_deal = intval($row['cs_deal'] ?? 0);
+                        if ($cs_deal == 3) {
+                            echo "<span style='color:red;font-size:10px;'>" . htmlspecialchars($row['cs_dealdate'] ?? '') . "成交</span>";
+                        } elseif ($cs_deal == 2) {
+                            echo "明确需求";
+                        } elseif ($cs_deal == 1) {
+                            echo "背景调查";
+                        } else {
+                            echo "无响应";
+                        }
+                        ?>
+                    </td>
+                    <td align="center">
+                        <?php
+                        $belongId = intval($row['cs_belong'] ?? 0);
+                        $sql = "SELECT em_user FROM employee WHERE id = ?";
+                        $stmt = $conn->prepare($sql);
+                        $stmt->bind_param("i", $belongId);
+                        $stmt->execute();
+                        $empResult = $stmt->get_result();
+                        if ($empRow = $empResult->fetch_assoc()) {
+                            echo htmlspecialchars($empRow['em_user']);
+                        } else {
+                            echo "未选择";
+                        }
+                        $stmt->close();
+                        ?>
+                    </td>                
+                    <td align="center">
+                        <a href="?Keys=<?php echo urlencode($keys ?? ''); ?>&Page=<?php echo urlencode($page ?? '') . $urlStr; ?>&act=edit&id=<?php echo $row['id'] ?? ''; ?>" class="ico_edit ico">修改</a>
+                    </td>
                 </tr>
+                <tr class="detail_panel code<?php echo $row['id'] ?? ''; ?>__panel">
+                    <td colspan="2"></td>
+                    <td colspan="7" class="cs_detail">                    
+                        <ul>                
+                            <li class="cs_detail_addtime">录入时间:<?php echo htmlspecialchars($row['cs_addtime'] ?? ''); ?></li>
+                            <li class="cs_detail_addtime">更新时间:<?php echo htmlspecialchars($row['cs_updatetime'] ?? ''); ?></li>
+                            <li class="cs_detail_addtime">
+                                流转记录：
+                                <?php                                
+                                $chain = $row['cs_chain'] ?? '';
+                                if(!empty($chain)) {
+                                    $chain_array = explode(',', $chain);
+                                    $chain_ids = array_filter(array_map('intval', $chain_array));
+                                    
+                                    if(!empty($chain_ids)) {
+                                        $placeholders = str_repeat('?,', count($chain_ids) - 1) . '?';
+                                        $sql = "SELECT em_user FROM employee WHERE id IN ($placeholders)";
+                                        $stmt = $conn->prepare($sql);
+                                        $stmt->bind_param(str_repeat('i', count($chain_ids)), ...$chain_ids);
+                                        $stmt->execute();
+                                        $chainResult = $stmt->get_result();
+                                        $chain_users = [];
+                                        while($chainRow = $chainResult->fetch_assoc()) {
+                                            $chain_users[] = htmlspecialchars($chainRow['em_user']);
+                                        }
+                                        echo implode(' > ', $chain_users);
+                                        $stmt->close();
+                                    }
+                                }
+                                ?>             
+                            </li>                            
+                            <?php if(!empty($row['cs_tel'] ?? '')): ?>
+                                <li class="tel"><?php echo htmlspecialchars($row['cs_tel']); ?></li>
+                            <?php endif; ?>
+                            <?php if(!empty($row['cs_email'] ?? '')): ?>
+                                <li class="mail"><?php echo htmlspecialchars($row['cs_email']); ?></li>
+                            <?php endif; ?>
+                            <?php if(!empty($row['cs_whatsapp'] ?? '')): ?>
+                                <li class="whatsapp"><?php echo htmlspecialchars($row['cs_whatsapp']); ?></li>
+                            <?php endif; ?>
+                            <?php if(!empty($row['cs_wechat'] ?? '')): ?>
+                                <li class="wechat"><?php echo htmlspecialchars($row['cs_wechat']); ?></li>
+                            <?php endif; ?>
+                            <?php if(!empty($row['cs_linkedin'] ?? '')): ?>
+                                <li class="linkedin"><?php echo htmlspecialchars($row['cs_linkedin']); ?></li>
+                            <?php endif; ?>
+                            <?php if(!empty($row['cs_facebook'] ?? '')): ?>
+                                <li class="facebook"><?php echo htmlspecialchars($row['cs_facebook']); ?></li>
+                            <?php endif; ?>
+                            <?php if(!empty($row['cs_alibaba'] ?? '')): ?>
+                                <li class="alibaba"><?php echo htmlspecialchars($row['cs_alibaba']); ?></li>
+                            <?php endif; ?>
+                            <?php if(!empty($row['cs_address'] ?? '')): ?>
+                                <li class="address"><?php echo htmlspecialchars($row['cs_address']); ?></li>
+                            <?php endif; ?>
+                        </ul>
+                        <div class="cs_detail_note"><?php echo htmlspecialchars($row['cs_note'] ?? ''); ?></div>
+                    </td>                
+                </tr>
+                <?php
+            }
+        } else {
+            if (empty($keys)) {
+                ?>
                 <tr>
-                    <th width="8%">公司名称</th>
-                    <td><input type="text" id="cs_company" name="cs_company" value="<?php echo $cs_company ?? ''; ?>" class="txt1" /></td>
+                    <td align="center" colspan="9">Sorry，当前暂无信息</td>
                 </tr>
-                <!-- 其他表单字段 -->
+                <?php
+            } else {
+                ?>
                 <tr>
-                    <th width="8%">所属业务</th>
-                    <td>
-                        <select name="cs_belong">
-                            <option value="0">请选择</option>
-                            <?php
-                            $sql = "SELECT id, em_user FROM employee";
-                            $result = mysqli_query($conn, $sql);
-                            while ($row = mysqli_fetch_assoc($result)) {
-                                $selected = ($row['id'] == ($cs_belong ?? '')) ? ' selected="selected"' : '';
-                                echo "<option value=\"{$row['id']}\"$selected>{$row['em_user']}</option>";
-                            }
-                            ?>
-                        </select>
-                    </td>
+                    <td align="center" colspan="9"><a href="?">Sorry，没有找到"<?php echo $keyscode; ?>"相关的信息，点击返回</a></td>
                 </tr>
-                <!-- 更多表单字段 -->
-            </tbody>
-        </table>
-    </form>
-<?php else: ?>
-    <form id="form1" method="post" action="?act=postchk&keys=<?php echo urlencode($keys); ?>&Page=<?php echo $page; ?>" onSubmit="return false;">
-        <div class="fastSelect clear">
-            <H1>搜索条件</H1>
-            <!-- 筛选条件 -->
-            <div class="selectItem">
-                <label>来源渠道</label>
-                <select name="fliterQudao" class="filterSearch">
-                    <option value="">请选择渠道</option>
+                <?php
+            }
+        }
+        ?>
+        </tbody>
+        <tfoot>
+            <tr>
+                <td colspan="9">
+                    <div class="showpagebox">
                     <?php
-                    $sql = "SELECT id, ch_name FROM qudao";
-                    $result = mysqli_query($conn, $sql);
-                    while ($row = mysqli_fetch_assoc($result)) {
-                        $selected = ($fliterQudao == $row['id']) ? ' selected="selected"' : '';
-                        echo "<option value=\"{$row['id']}\"$selected>{$row['ch_name']}</option>";
+                    if ($totalPages > 1) {
+                        $pageName = "?Keys=$keys&Ord=$ord$urlStr&";
+                        $pageLen = 3;
+                        
+                        if ($page > 1) {
+                            echo "<a href=\"{$pageName}Page=1\">首页</a>";
+                            echo "<a href=\"{$pageName}Page=" . ($page-1) . "\">上一页</a>";
+                        }
+                        
+                        if ($pageLen * 2 + 1 >= $totalPages) {
+                            $startPage = 1;
+                            $endPage = $totalPages;
+                        } else {
+                            if ($page <= $pageLen + 1) {
+                                $startPage = 1;
+                                $endPage = $pageLen * 2 + 1;
+                            } else {
+                                $startPage = $page - $pageLen;
+                                $endPage = $page + $pageLen;
+                            }
+                            if ($page + $pageLen > $totalPages) {
+                                $startPage = $totalPages - $pageLen * 2;
+                                $endPage = $totalPages;
+                            }
+                        }
+                        
+                        for ($i = $startPage; $i <= $endPage; $i++) {
+                            if ($i == $page) {
+                                echo "<a class=\"current\">$i</a>";
+                            } else {
+                                echo "<a href=\"{$pageName}Page=$i\">$i</a>";
+                            }
+                        }
+                        
+                        if ($page < $totalPages) {
+                            if ($totalPages - $page > $pageLen) {
+                                echo "<a href=\"{$pageName}Page=$totalPages\">...$totalPages</a>";
+                            }
+                            echo "<a href=\"{$pageName}Page=" . ($page+1) . "\">下一页</a>";
+                            echo "<a href=\"{$pageName}Page=$totalPages\">尾页</a>";
+                        }
+                        
+                        echo "<input type=\"text\" id=\"Pagego\" value=\"$page\" 
+                              onFocus=\"if(this.value == '$page'){this.value='';}\" 
+                              onBlur=\"if(this.value == ''){this.value='$page';}\" 
+                              onKeyUp=\"this.value=this.value.replace(/\D/g,'')\" 
+                              onKeyDown=\"if(event.keyCode==13){location.href='{$pageName}Page='+document.getElementById('Pagego').value}\" />";
                     }
                     ?>
-                </select>
-            </div>
-            <!-- 其他筛选条件 -->
-        </div>
-
-        <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
-            <!-- 表头 -->
-            <thead>
-                <tr>
-                    <th width="4%"><input type="checkbox" name="chkall" id="chkall" onClick="chkboxall(this,'chkbox')" /></th>
-                    <th width="6%">序号</th>
-                    <th width="20%">客户编码</th>
-                    <th width="10%">联系人</th>
-                    <th width="10%">国家地区</th>
-                    <th width="7.5%">来源</th>
-                    <th width="7.5%">
-                        <a href="?keys=<?php echo urlencode($keys); ?>&Ord=<?php echo ($ord == 'cs_dealdate') ? 'cs_dealdate DESC' : 'cs_dealdate'; ?>">
-                            是否成交
-                        </a>
-                    </th>
-                    <th width="10%">业务员</th>
-                    <th width="10%">操作</th>
-                </tr>
-            </thead>
-            <tbody>
-            <?php
-            $result = mysqli_query($conn, $sqlStr);
-            if (mysqli_num_rows($result) > 0) {
-                $page_size = 18;
-                $total_records = mysqli_num_rows($result);
-                $total_pages = ceil($total_records / $page_size);
-                
-                if ($page > $total_pages) $page = $total_pages;
-                $start = ($page - 1) * $page_size;
-                
-                mysqli_data_seek($result, $start);
-                $counter = $start;
-                
-                for ($i = 0; $i < $page_size && $row = mysqli_fetch_assoc($result); $i++) {
-                    $counter++;
-                    // 显示数据行
-                    include('customer_row.php'); // 建议将行模板分离到单独文件
-                }
-            } else {
-                echo "<tr><td colspan='9' align='center'>没有找到相关记录</td></tr>";
-            }
-            ?>
-            </tbody>
-            <!-- 分页控件 -->
-            <tfoot>
-                <tr>
-                    <td colspan="9">
-                        <div class="showpagebox">
-                            <?php include('pagination.php'); // 建议将分页逻辑分离到单独文件 ?>
-                        </div>
-                        <div class="postchkbox">
-                            <select id="chkact" name="chkact">
-                                <option value="1">显示</option>
-                                <option value="0">隐藏</option>
-                                <option value="-1">删除</option>
-                            </select>
-                            <input type="button" value="执行" onClick="postchk(1)" class="btn1" />
-                            <input type="button" value="新增" onClick="location.href='?act=add'" class="btn1" />
-                        </div>
-                    </td>
-                </tr>
-            </tfoot>
-        </table>
-    </form>
-<?php endif; ?>
+                    </div>
+                    <div class="postchkbox">
+                        <select id="chkact" name="chkact">
+                            <option value="1">显示</option>
+                            <option value="0">隐藏</option>
+                            <option value="-1">删除</option>
+                        </select>
+                        <input type="button" value="执行" onClick="postchk(1)" class="btn1" />
+                        <input type="button" value="新增" onClick="location.href='?act=add'" class="btn1" />
+                    </div>
+                </td>
+            </tr>
+        </tfoot>
+    </table>
+</form>
 </div>
 </body>
-</html>
+</html>
+<?php
+$conn->close();
+?>

system/employee.php

@@ -1,23 +1,10 @@
 <?php
 include "conn.php";
 checkLogin("信息管理");
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<title>管理区域</title>
-<link rel="stylesheet" href="css/common.css" type="text/css" />
-<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
-<script type="text/javascript" src="js/js.js"></script>
-<script type="text/javascript" src="xheditor-1.1.9/xheditor-1.1.9-zh-cn.min.js"></script>
-</head>
 
-<body>
-<div id="man_zone">
-<?php
 $act = $_GET['act'] ?? '';
 
+// Handle all actions that might need header redirects first
 if($act == "save") {
     $isEdit = false;
     $id = $_POST['id'] ?? '';
@@ -71,6 +58,37 @@ if($act == "save") {
     }
 }
 
+if($act == "postchk") {
+    $keys = urlencode($_GET['Keys'] ?? '');
+    $ord = urlencode($_GET['Ord'] ?? '');
+    $page = $_GET['Page'] ?? '';
+    $chkact = $_POST['chkact'] ?? '';
+    
+    if(isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
+        $sqlStr = "DELETE FROM employee WHERE id IN (" . implode(',', $_POST['chkbox']) . ")";
+        $conn->query($sqlStr);
+    }
+    
+    header("Location: ?Keys=$keys&Ord=$ord&Page=$page");
+    exit;
+}
+
+// Now start HTML output
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>管理区域</title>
+<link rel="stylesheet" href="css/common.css" type="text/css" />
+<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
+<script type="text/javascript" src="js/js.js"></script>
+<script type="text/javascript" src="xheditor-1.1.9/xheditor-1.1.9-zh-cn.min.js"></script>
+</head>
+
+<body>
+<div id="man_zone">
+<?php
 if($act == "add" || $act == "edit") {
     $id = $_GET['id'] ?? '';
     $isEdit = false;
@@ -160,21 +178,6 @@ if($act == "add" || $act == "edit") {
     exit;
 }
 
-if($act == "postchk") {
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $ord = urlencode($_GET['Ord'] ?? '');
-    $page = $_GET['Page'] ?? '';
-    $chkact = $_POST['chkact'] ?? '';
-    
-    if(isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
-        $sqlStr = "DELETE FROM employee WHERE id IN (" . implode(',', $_POST['chkbox']) . ")";
-        $conn->query($sqlStr);
-    }
-    
-    header("Location: ?Keys=$keys&Ord=$ord&Page=$page");
-    exit;
-}
-
 $keys = $_GET['Keys'] ?? '';
 $keyscode = textEncode($keys);
 $ord = $_GET['Ord'] ?? '';

system/index.php

@@ -1,39 +1,36 @@
 <?php
-include "conn.php";
+require_once('conn.php');
 checkLogin("");
 
 $iframe = $_GET['iframe'] ?? '';
 
-// 处理不同的框架页面
+// Common HTML header
+$html_header = <<<HTML
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<link rel="stylesheet" href="css/common.css" type="text/css" />
+HTML;
+
 switch($iframe) {
     case 'top':
-        // 顶部框架
+        echo $html_header;
         ?>
-        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
-        <html xmlns="http://www.w3.org/1999/xhtml">
-        <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-        <link rel="stylesheet" href="css/common.css" type="text/css" />
         <title><?php echo $webname; ?> - 网站后台管理</title>
         </head>
         <body>
         <h1 style="padding:0;margin:0;height:50px;line-height:50px;text-indent:20px;font-size:20px;font-family:Arial;color:#0099CC"><?php echo $webname; ?></h1>
         </body>
-        </html>
         <?php
         break;
 
     case 'left':
-        // 左侧导航栏
+        echo $html_header;
         ?>
-        <!DOCTYPE html>
-        <html>
-        <head>
         <title>左侧导航栏</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-        <link rel="stylesheet" href="css/common.css" type="text/css" />
+        </head>
         <script type="text/javascript">
-        // 保持原有的 JavaScript 代码不变
         var preClassName = ""; 
         function list_sub_detail(Id, item) 
         { 
@@ -47,9 +44,153 @@ switch($iframe) {
                 outlookbar.getbyitem(item); 
                 preClassName = Id 
             } 
+        } 
+
+        function getObject(objectId) 
+        { 
+            if(document.getElementById && document.getElementById(objectId)) 
+            { 
+                return document.getElementById(objectId) 
+            } 
+            else if(document.all && document.all(objectId)) 
+            { 
+                return document.all(objectId) 
+            } 
+            else if(document.layers && document.layers[objectId]) 
+            { 
+                return document.layers[objectId] 
+            } 
+            else 
+            { 
+                return false 
+            } 
+        } 
+
+        function outlook() 
+        { 
+            this.titlelist = new Array(); 
+            this.itemlist = new Array(); 
+            this.addtitle = addtitle; 
+            this.additem = additem; 
+            this.getbytitle = getbytitle; 
+            this.getbyitem = getbyitem; 
+            this.getdefaultnav = getdefaultnav 
+        } 
+
+        function theitem(intitle, insort, inkey, inisdefault) 
+        { 
+            this.sortname = insort; 
+            this.key = inkey; 
+            this.title = intitle; 
+            this.isdefault = inisdefault 
+        } 
+
+        function addtitle(intitle, sortname, inisdefault) 
+        { 
+            outlookbar.itemlist[outlookbar.titlelist.length] = new Array(); 
+            outlookbar.titlelist[outlookbar.titlelist.length] = new theitem(intitle, sortname, 0, inisdefault); 
+            return(outlookbar.titlelist.length - 1) 
+        } 
+
+        function additem(intitle, parentid, inkey) 
+        { 
+            if(parentid >= 0 && parentid <= outlookbar.titlelist.length) 
+            { 
+                insort = "item_" + parentid; 
+                outlookbar.itemlist[parentid][outlookbar.itemlist[parentid].length] = new theitem(intitle, insort, inkey, 0); 
+                return(outlookbar.itemlist[parentid].length - 1) 
+            } 
+            else additem = - 1 
+        } 
+
+        function getdefaultnav(sortname) 
+        { 
+            var output = ""; 
+            for(i = 0; i < outlookbar.titlelist.length; i ++ ) 
+            { 
+                if(outlookbar.titlelist[i].isdefault == 1 && outlookbar.titlelist[i].sortname == sortname) 
+                { 
+                    output += "<div class=list_tilte id=sub_sort_" + i + " onclick=\"hideorshow('sub_detail_"+i+"')\">"; 
+                    output += "<span>" + outlookbar.titlelist[i].title + "</span>"; 
+                    output += "</div>"; 
+                    output += "<div class=list_detail id=sub_detail_" + i + "><ul>"; 
+                    for(j = 0; j < outlookbar.itemlist[i].length; j ++ ) 
+                    { 
+                        output += "<li id=" + outlookbar.itemlist[i][j].sortname + j + " onclick=\"changeframe('"+outlookbar.itemlist[i][j].title+"', '"+outlookbar.titlelist[i].title+"', '"+outlookbar.itemlist[i][j].key+"')\"><a href=#>" + outlookbar.itemlist[i][j].title + "</a></li>" 
+                    } 
+                    output += "</ul></div>" 
+                } 
+            } 
+            getObject('right_main_nav').innerHTML = output 
+        } 
+
+        function getbytitle(sortname) 
+        { 
+            var output = "<ul>"; 
+            for(i = 0; i < outlookbar.titlelist.length; i ++ ) 
+            { 
+                if(outlookbar.titlelist[i].sortname == sortname) 
+                { 
+                    output += "<li id=left_nav_" + i + " onclick=\"list_sub_detail(id, '"+outlookbar.titlelist[i].title+"')\" class=left_back>" + outlookbar.titlelist[i].title + "</li>" 
+                } 
+            } 
+            output += "</ul>"; 
+            getObject('left_main_nav').innerHTML = output 
+        } 
+
+        function getbyitem(item) 
+        { 
+            var output = ""; 
+            for(i = 0; i < outlookbar.titlelist.length; i ++ ) 
+            { 
+                if(outlookbar.titlelist[i].title == item) 
+                { 
+                    output = "<div class=list_tilte id=sub_sort_" + i + " onclick=\"hideorshow('sub_detail_"+i+"')\">"; 
+                    output += "<span>" + outlookbar.titlelist[i].title + "</span>"; 
+                    output += "</div>"; 
+                    output += "<div class=list_detail id=sub_detail_" + i + " style='display:block;'><ul>"; 
+                    for(j = 0; j < outlookbar.itemlist[i].length; j ++ ) 
+                    { 
+                        output += "<li id=" + outlookbar.itemlist[i][j].sortname + "_" + j + " onclick=\"changeframe('"+outlookbar.itemlist[i][j].title+"', '"+outlookbar.titlelist[i].title+"', '"+outlookbar.itemlist[i][j].key+"')\"><a href=#>" + outlookbar.itemlist[i][j].title + "</a></li>" 
+                    } 
+                    output += "</ul></div>" 
+                } 
+            } 
+            getObject('right_main_nav').innerHTML = output 
+        } 
+
+        function changeframe(item, sortname, src) 
+        { 
+            if(item != "" && sortname != "") 
+            { 
+                window.top.frames['mainFrame'].getObject('show_text').innerHTML = sortname + "  <img src=images/slide.gif broder=0 />  " + item 
+            } 
+            if(src != "") 
+            { 
+                window.top.frames['manFrame'].location = src 
+            } 
+        } 
+
+        function hideorshow(divid) 
+        { 
+            subsortid = "sub_sort_" + divid.substring(11); 
+            if(getObject(divid).style.display == "none") 
+            { 
+                getObject(divid).style.display = "block"; 
+                getObject(subsortid).className = "list_tilte" 
+            } 
+            else 
+            { 
+                getObject(divid).style.display = "none"; 
+                getObject(subsortid).className = "list_tilte_onclick" 
+            } 
+        } 
+
+        function initinav(sortname) 
+        { 
+            outlookbar.getdefaultnav(sortname); 
+            outlookbar.getbytitle(sortname); 
         }
-        
-        // ... [保持其他 JavaScript 函数不变]
 
         var outlookbar = new outlook();
         var t;
@@ -78,31 +219,23 @@ switch($iframe) {
         outlookbar.additem('员工管理',t,'employee.php');
         <?php endif; ?>
         </script>
-        </head>
         <body onload="initinav('信息管理')">
         <div id="left_content">
-            <div id="user_info">欢迎您，<strong><?php echo loadSession("loginname"); ?></strong><br />
-            [<a href="pwd.php" target="manFrame">个人中心</a>，
-            <a href="login.php?act=logout" target="_top" onClick="if(!confirm('确认要退出吗？'))return false;">退出管理</a>]</div>
+            <div id="user_info">欢迎您，<strong><?php echo loadSession("loginname"); ?></strong><br />[<a href="pwd.php" target="manFrame">个人中心</a>，<a href="login.php?act=logout" target="_top" onClick="if(!confirm('确认要退出吗？'))return false;">退出管理</a>]</div>
             <div id="main_nav">
                 <div id="left_main_nav"></div>
                 <div id="right_main_nav"></div>
             </div>
         </div>
         </body>
-        </html>
         <?php
         break;
 
     case 'switch':
-        // 切换按钮框架
+        echo $html_header;
         ?>
-        <!DOCTYPE html>
-        <html>
-        <head>
         <title>显示/隐藏左侧导航栏</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-        <link rel="stylesheet" href="css/common.css" type="text/css" />
+        </head>
         <script language="JavaScript">
         function Submit_onclick(){
             if(parent.myFrame.cols == "199,7,*") {
@@ -122,27 +255,19 @@ switch($iframe) {
             }
         }
         </script>
-        </head>
         <body onload="MyLoad()">
         <div id="switchpic"><a href="javascript:Submit_onclick()"><img src="images/switch_left.gif" alt="隐藏左侧导航栏" id="ImgArrow" /></a></div>
         </body>
-        </html>
         <?php
         break;
 
     case 'main':
-        // 主导航区域
+        echo $html_header;
         ?>
-        <!DOCTYPE html>
-        <html>
-        <head>
         <title>管理导航区域</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-        <link rel="stylesheet" href="css/common.css" type="text/css" />
         <script type="text/javascript">
-        // 保持原有的 JavaScript 代码
         var preClassName = "man_nav_1";
-        
+
         function list_sub_nav(Id,sortname){
             if(preClassName != ""){
                 getObject(preClassName).className="bg_image";
@@ -155,7 +280,32 @@ switch($iframe) {
                 window.top.frames['leftFrame'].outlookbar.getdefaultnav(sortname);
             }
         }
-        // ... [其他 JavaScript 函数保持不变]
+
+        function showInnerText(Id){
+            var switchId = parseInt(Id.substring(8));
+            var showText = "对不起没有信息！";
+            switch(switchId){
+                case 1:
+                    showText =  "请点击左侧菜单进行网站信息管理";
+                    break;
+                case 2:
+                    showText =  "请点击左侧菜单进行其它信息管理";
+                    break;
+            }
+            getObject('show_text').innerHTML = showText;
+        }
+
+        function getObject(objectId) {
+            if(document.getElementById && document.getElementById(objectId)) {
+                return document.getElementById(objectId);
+            } else if (document.all && document.all(objectId)) {
+                return document.all(objectId);
+            } else if (document.layers && document.layers[objectId]) {
+                return document.layers[objectId];
+            } else {
+                return false;
+            }
+        }
         </script>
         </head>
         <body>
@@ -169,52 +319,57 @@ switch($iframe) {
         </div>
         <div id="sub_info">&nbsp;&nbsp;<img src="images/hi.gif" />&nbsp;<span id="show_text">请点击左侧或下面菜单进行网站信息管理</span></div>
         </body>
-        </html>
         <?php
         break;
 
     case 'man':
-        // 管理区域
+        echo $html_header;
         ?>
-        <!DOCTYPE html>
-        <html>
-        <head>
         <title>管理区域</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-        <link rel="stylesheet" href="css/common.css" type="text/css" />
         <script type="text/javascript">
         function golink(t){
             window.top.frames['mainFrame'].getObject('show_text').innerHTML = t;
         }
-        // ... [其他 JavaScript 函数保持不变]
+
+        function getObject(objectId) {
+            if(document.getElementById && document.getElementById(objectId)) {
+                return document.getElementById(objectId);
+            } else if (document.all && document.all(objectId)) {
+                return document.all(objectId);
+            } else if (document.layers && document.layers[objectId]) {
+                return document.layers[objectId);
+            } else {
+                return false;
+            }
+        }
         </script>
         <style>
         .menulist li{float:left;width:92px;height:132px;}
         .menulist li a{display:block;padding:10px 0;padding-top:50px;width:80px;height:15px;color:#A1B5B3;border:1px solid #B4C9C6;margin:5px;text-align:center}
+        .menulist li a img{margin-bottom:5px}
         .menulist li a:hover{border:2px solid #B4C9C6;width:78px;height:13px;color:#A1B5B3}
+
         .png01{background:url(menu/01.png) center 8px no-repeat}
         .png02{background:url(menu/02.png) center 8px no-repeat}
         .png03{background:url(menu/03.png) center 8px no-repeat}
+        .png04{background:url(menu/04.png) center 8px no-repeat}
+        .png05{background:url(menu/05.png) center 8px no-repeat}
+        .png06{background:url(menu/06.png) center 8px no-repeat}
         </style>
         </head>
         <body>
         <div id="man_zone">
         <ul class="menulist">
-        <li><a href="customers.php" onClick="golink('打开信息列表')" class="png03">客户管理</a></li>
+            <li><a href="customers.php" onClick="golink('打开信息列表')" class="png03">客户管理</a></li>
         </ul>
         </div>
         </body>
-        </html>
         <?php
         break;
 
     default:
-        // 主框架页
+        echo $html_header;
         ?>
-        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
-        <html xmlns="http://www.w3.org/1999/xhtml">
-        <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
         <title><?php echo $webname; ?> - 网站后台管理</title>
         </head>
         <frameset rows="50,*" cols="*" frameborder="no" border="0" framespacing="0">
@@ -229,7 +384,6 @@ switch($iframe) {
             </frameset>
         </frameset>
         <noframes><body></body></noframes>
-        </html>
         <?php
 }
 ?>

system/log.php

@@ -1,137 +1,152 @@
 <?php
-include "conn.php";
+require_once('conn.php');
+
+// Check login status (assuming you have a similar function in PHP)
 checkLogin("信息管理");
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<title>管理区域</title>
-<link rel="stylesheet" href="css/common.css" type="text/css" />
-<link rel="stylesheet" href="css/jquery.galpop.css" type="text/css" />
-<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
-<script type="text/javascript" src="js/js.js"></script>
-<script type="text/javascript" src="xheditor-1.1.9/xheditor-1.1.9-zh-cn.min.js"></script>
-<script type="text/javascript" src="js/jquery.galpop.min.js"></script>
-</head>
-<body>
-<div id="man_zone">
-<?php
-$page = $_GET['Page'] ?? '';
-$keys = urlencode($_GET['Keys'] ?? '');
-$keyscode = textEncode($_GET['Keys'] ?? '');
 
-$sql = "SELECT * FROM logRecord WHERE loginAct LIKE ? ORDER BY id DESC";
-$stmt = $conn->prepare($sql);
-$stmt->execute(['%' . $keyscode . '%']);
-$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
+// Initialize variables to avoid undefined warnings
+$page = isset($_GET['Page']) ? $_GET['Page'] : 1;
+$keys = isset($_GET['Keys']) ? urlencode($_GET['Keys']) : '';
+$keyscode = isset($_GET['Keys']) ? htmlspecialcharsFix($_GET['Keys']) : '';
+
+// Prepare the SQL query with proper escaping
+$search_term = mysqli_real_escape_string($conn, $keyscode);
+$sql = "SELECT * FROM logRecord WHERE loginAct LIKE '%$search_term%' ORDER BY id DESC";
+$result = mysqli_query($conn, $sql);
 
+// Get total records for pagination
+$total_records = mysqli_num_rows($result);
 $records_per_page = 20;
-$total_records = count($results);
 $total_pages = ceil($total_records / $records_per_page);
 
-if ($page == "") $page = 1;
-if ($page == "end") $page = $total_pages;
-if (!is_numeric($page) || $page < 1) $page = 1;
-$page = (int)$page;
-if ($page > $total_pages) $page = $total_pages;
+// Validate page number
+if ($page === 'end') {
+    $page = $total_pages;
+}
+if (!is_numeric($page) || $page < 1) {
+    $page = 1;
+}
+if ($page > $total_pages) {
+    $page = $total_pages;
+}
 
-$start = ($page - 1) * $records_per_page;
-$results = array_slice($results, $start, $records_per_page);
+// Calculate offset for pagination
+$offset = ($page - 1) * $records_per_page;
+$sql .= " LIMIT $offset, $records_per_page";
+$result = mysqli_query($conn, $sql);
 ?>
-<table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
-    <thead>
-        <tr>
-            <th width="10%">序号</th>
-            <th width="20%">时间</th>
-            <th width="70%">日志</th>
-        </tr>
-    </thead>
-    <tbody>
-    <?php
-    if (!empty($results)) {
-        $tempNum = ($page - 1) * $records_per_page;
-        foreach ($results as $row) {
-            $tempNum++;
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>管理区域</title>
+    <link rel="stylesheet" href="css/common.css" type="text/css" />
+    <link rel="stylesheet" href="css/jquery.galpop.css" type="text/css" />
+    <script language="javascript" src="js/jquery-1.7.2.min.js"></script>
+    <script type="text/javascript" src="js/js.js"></script>
+    <script type="text/javascript" src="xheditor-1.1.9/xheditor-1.1.9-zh-cn.min.js"></script>
+    <script type="text/javascript" src="js/jquery.galpop.min.js"></script>
+</head>
+<body>
+<div id="man_zone">
+    <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
+        <thead>
+            <tr>
+                <th width="10%">序号</th>
+                <th width="20%">时间</th>
+                <th width="70%">日志</th>
+            </tr>
+        </thead>
+        <tbody>
+        <?php
+        if (mysqli_num_rows($result) > 0) {
+            $temp_num = $offset;
+            while ($row = mysqli_fetch_assoc($result)) {
+                $temp_num++;
+                ?>
+                <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
+                    <td align="center"><?php echo $temp_num; ?></td>
+                    <td align="center"><?php echo htmlspecialcharsFix($row['loginTime']); ?></td>
+                    <td align="center"><?php echo htmlspecialcharsFix($row['loginAct']); ?></td>
+                </tr>
+                <?php
+            }
+        } else {
             ?>
-            <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
-                <td align="center"><?php echo $tempNum; ?></td>
-                <td align="center"><?php echo $row['loginTime']; ?></td>
-                <td align="center"><?php echo $row['loginAct']; ?></td>
+            <tr>
+                <td colspan="4">暂无相关记录</td>
             </tr>
             <?php
         }
-    } else {
         ?>
-        <tr>
-            <td colspan="4">暂无相关记录</td>
-        </tr>
-        <?php
-    }
-    ?>
-    </tbody>
-    <tfoot>
-        <tr>
-            <td colspan="4">
-                <div class="showpagebox">
-                <?php
-                if ($total_pages > 1) {
-                    $pageName = "?Keys=$keys&Ord=&";
-                    $pagelen = 3;
+        </tbody>
+        <tfoot>
+            <tr>
+                <td colspan="4">
+                    <div class="showpagebox">
+                    <?php
+                    if ($total_pages > 1) {
+                        $page_name = "?Keys=" . $keys . "&";
+                        $page_len = 3;
 
-                    if ($page > 1) {
-                        echo "<a href=\"{$pageName}Page=1\">首页</a>";
-                        echo "<a href=\"{$pageName}Page=" . ($page-1) . "\">上一页</a>";
-                    }
+                        // Previous page links
+                        if ($page > 1) {
+                            echo "<a href=\"{$page_name}Page=1\">首页</a>";
+                            echo "<a href=\"{$page_name}Page=" . ($page - 1) . "\">上一页</a>";
+                        }
 
-                    if ($pagelen * 2 + 1 >= $total_pages) {
-                        $startPage = 1;
-                        $endPage = $total_pages;
-                    } else {
-                        if ($page <= $pagelen + 1) {
-                            $startPage = 1;
-                            $endPage = $pagelen * 2 + 1;
+                        // Calculate page range
+                        if ($page_len * 2 + 1 >= $total_pages) {
+                            $start_page = 1;
+                            $end_page = $total_pages;
                         } else {
-                            $startPage = $page - $pagelen;
-                            $endPage = $page + $pagelen;
-                        }
-                        if ($page + $pagelen > $total_pages) {
-                            $startPage = $total_pages - $pagelen * 2;
-                            $endPage = $total_pages;
+                            if ($page <= $page_len + 1) {
+                                $start_page = 1;
+                                $end_page = $page_len * 2 + 1;
+                            } else {
+                                $start_page = $page - $page_len;
+                                $end_page = $page + $page_len;
+                            }
+                            if ($page + $page_len > $total_pages) {
+                                $start_page = $total_pages - $page_len * 2;
+                                $end_page = $total_pages;
+                            }
                         }
-                    }
 
-                    for ($i = $startPage; $i <= $endPage; $i++) {
-                        if ($i == $page) {
-                            echo "<a class=\"current\">$i</a>";
-                        } else {
-                            echo "<a href=\"{$pageName}Page=$i\">$i</a>";
+                        // Page numbers
+                        for ($i = $start_page; $i <= $end_page; $i++) {
+                            if ($i == $page) {
+                                echo "<a class=\"current\">{$i}</a>";
+                            } else {
+                                echo "<a href=\"{$page_name}Page={$i}\">{$i}</a>";
+                            }
                         }
-                    }
 
-                    if ($page < $total_pages) {
-                        if ($total_pages - $page > $pagelen) {
-                            echo "<a href=\"{$pageName}Page=$total_pages\">...$total_pages</a>";
+                        // Next page links
+                        if ($page < $total_pages) {
+                            if ($total_pages - $page > $page_len) {
+                                echo "<a href=\"{$page_name}Page={$total_pages}\">...{$total_pages}</a>";
+                            }
+                            echo "<a href=\"{$page_name}Page=" . ($page + 1) . "\">下一页</a>";
+                            echo "<a href=\"{$page_name}Page={$total_pages}\">尾页</a>";
                         }
-                        echo "<a href=\"{$pageName}Page=" . ($page+1) . "\">下一页</a>";
-                        echo "<a href=\"{$pageName}Page=$total_pages\">尾页</a>";
                     }
-                }
-                ?>
-                </div>
-                <div class="searchbox">
-                    <input type="text" id="keys" class="inputTxt" 
-                           value="<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>" 
-                           onFocus="if(this.value == '<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>'){this.value='';}" 
-                           onBlur="if(this.value == ''){this.value='<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>';}" 
-                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)+'&Page=<?php echo $page; ?>'}" />
-                    <input type="button" id="searchgo" class="searchgo" value="go" 
-                           onClick="location.href='?Keys='+escape(document.getElementById('keys').value)+'&Page=<?php echo $page; ?>'" />
-                </div>
-            </td>
-        </tr>
-    </tfoot>
-</table>
+                    ?>
+                    </div>
+                    <div class="searchbox">
+                        <input type="text" id="keys" class="inputTxt" 
+                            value="<?php echo empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode); ?>" 
+                            onFocus="if(this.value == '<?php echo empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode); ?>'){this.value='';}" 
+                            onBlur="if(this.value == ''){this.value='<?php echo empty($keyscode) ? '请输入搜索关键词' : htmlspecialcharsFix($keyscode); ?>';}" 
+                            onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)+'&Page=<?php echo $page; ?>'}" />
+                        <input type="button" id="searchgo" class="searchgo" value="go" 
+                            onClick="location.href='?Keys='+escape(document.getElementById('keys').value)+'&Page=<?php echo $page; ?>'" />
+                    </div>
+                </td>
+            </tr>
+        </tfoot>
+    </table>
 </div>
+<?php mysqli_close($conn); ?>
 </body>
 </html> 

system/pic.php

@@ -1,46 +1,34 @@
 <?php
 include "conn.php";
 checkLogin("");
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<title>管理区域</title>
-<link rel="stylesheet" href="css/common.css" type="text/css" />
-<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
-<script type="text/javascript" src="js/js.js"></script>
-</head>
 
-<body>
-<div id="man_zone">
-<?php
+// Move all header operations to the top
 $act = $_GET['act'] ?? '';
+$cpid = $_GET['cpid'] ?? '';
+$page = $_GET['Page'] ?? '';
+$keys = urlencode($_GET['Keys'] ?? '');
+$ord = urlencode($_GET['Ord'] ?? '');
 
+// Check cpid validity before any output
+if ($cpid == "" || !is_numeric($cpid)) {
+    header("Location: protector.php");
+    exit;
+}
+
+// Handle postchk action
 if ($act == "postchk") {
-    $cpid = $_GET['cpid'] ?? '';
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $ord = urlencode($_GET['Ord'] ?? '');
-    $page = $_GET['Page'] ?? '';
-    
     if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
         foreach ($_POST['chkbox'] as $id) {
-            $sql = "SELECT picurl FROM pic WHERE id = ?";
-            $stmt = $conn->prepare($sql);
-            $stmt->execute([$id]);
-            $row = $stmt->fetch(PDO::FETCH_ASSOC);
-            
-            if ($row) {
+            $id = (int)$id;
+            $result = $conn->query("SELECT picurl FROM pic WHERE id = " . $id);
+            if ($row = $result->fetch_assoc()) {
                 if (strpos($row['picurl'], '/System/') === 0) {
                     $delfile = $_SERVER['DOCUMENT_ROOT'] . $row['picurl'];
                     if (file_exists($delfile)) {
                         unlink($delfile);
                     }
                 }
-                
-                $sql = "DELETE FROM pic WHERE id = ?";
-                $stmt = $conn->prepare($sql);
-                $stmt->execute([$id]);
+                $conn->query("DELETE FROM pic WHERE id = " . $id);
             }
         }
     }
@@ -49,20 +37,23 @@ if ($act == "postchk") {
     exit;
 }
 
-$cpid = $_GET['cpid'] ?? '';
-$page = $_GET['Page'] ?? '';
-$keys = urlencode($_GET['Keys'] ?? '');
-$ord = urlencode($_GET['Ord'] ?? '');
-
-if ($cpid == "" || !is_numeric($cpid)) {
-    header("Location: protector.php");
-    exit;
-}
+// Now start HTML output
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>管理区域</title>
+<link rel="stylesheet" href="css/common.css" type="text/css" />
+<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
+<script type="text/javascript" src="js/js.js"></script>
+</head>
 
-$sql = "SELECT id, picurl FROM pic WHERE cpid = ? ORDER BY id DESC";
-$stmt = $conn->prepare($sql);
-$stmt->execute([$cpid]);
-$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
+<body>
+<div id="man_zone">
+<?php
+// Get pictures for display
+$result = $conn->query("SELECT id, picurl FROM pic WHERE cpid = " . (int)$cpid . " ORDER BY id DESC");
 ?>
 
 <form method="post" name="form2" style="padding:5px;" action="picupload.php?cpid=<?php echo $cpid; ?>&Page=<?php echo $page; ?>&Keys=<?php echo $keys; ?>&Ord=<?php echo $ord; ?>" 
@@ -82,9 +73,9 @@ $results = $stmt->fetchAll(PDO::FETCH_ASSOC);
         </thead>
         <tbody>
         <?php
-        if (!empty($results)) {
+        if ($result->num_rows > 0) {
             $tempNum = 0;
-            foreach ($results as $row) {
+            while ($row = $result->fetch_assoc()) {
                 $tempNum++;
                 ?>
                 <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">    

system/picupload.php

@@ -9,7 +9,7 @@ checkLogin("");
 // @licence LGPL(http://www.opensource.org/licenses/lgpl-license.php)
 // Converted to PHP8 with improved security and functionality
 
-header('Content-Type: text/html; charset=UTF-8');
+
 
 $inputname = 'filedata'; // Form file field name
 $attachdir = 'u'; // Upload directory, no trailing slash
@@ -114,6 +114,7 @@ if (!isset($_FILES[$inputname])) {
     }
 }
 
+header('Content-Type: text/html; charset=UTF-8');
 // If there was an error, output it
 if ($err !== '') {
     echo "<script>alert('$err');</script>";

system/power.php

@@ -1,22 +1,14 @@
 <?php
 include "conn.php";
 checkLogin("权限管理");
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<title>管理区域</title>
-<link rel="stylesheet" href="css/common.css" type="text/css" />
-<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
-<script type="text/javascript" src="js/js.js"></script>
-</head>
 
-<body>
-<div id="man_zone">
-<?php
+// Move all header operations to the top
 $act = $_GET['act'] ?? '';
+$page = $_GET['Page'] ?? '';
+$keys = urlencode($_GET['Keys'] ?? '');
+$ord = urlencode($_GET['Ord'] ?? '');
 
+// Handle save action
 if ($act == "save") {
     $isedit = false;
     $id = $_POST['id'] ?? '';
@@ -28,39 +20,72 @@ if ($act == "save") {
 
     if ($isedit) {
         // Check if power name exists
-        $sql = "SELECT COUNT(id) as count FROM power WHERE powername = ? AND id != ?";
-        $stmt = $conn->prepare($sql);
-        $stmt->execute([$powername, $id]);
-        if ($stmt->fetch(PDO::FETCH_ASSOC)['count'] > 0) {
+        $id = (int)$id;
+        $sql = "SELECT COUNT(id) as count FROM power WHERE powername = '" . $conn->real_escape_string($powername) . "' AND id != " . $id;
+        $result = $conn->query($sql);
+        if ($result->fetch_assoc()['count'] > 0) {
             echo "<script>alert('Sorry，该权限名称已经存在，请检查更换');history.back()</script>";
             exit;
         }
 
-        $sql = "UPDATE power SET powername = ?, powercontent = ? WHERE id = ?";
-        $stmt = $conn->prepare($sql);
-        $stmt->execute([$powername, $powercontent, $id]);
+        $sql = "UPDATE power SET powername = '" . $conn->real_escape_string($powername) . "', 
+                powercontent = '" . $conn->real_escape_string($powercontent) . "' 
+                WHERE id = " . $id;
+        $conn->query($sql);
     } else {
         // Check if power name exists
-        $sql = "SELECT COUNT(id) as count FROM power WHERE powername = ?";
-        $stmt = $conn->prepare($sql);
-        $stmt->execute([$powername]);
-        if ($stmt->fetch(PDO::FETCH_ASSOC)['count'] > 0) {
+        $sql = "SELECT COUNT(id) as count FROM power WHERE powername = '" . $conn->real_escape_string($powername) . "'";
+        $result = $conn->query($sql);
+        if ($result->fetch_assoc()['count'] > 0) {
             echo "<script>alert('Sorry，该权限名称已经存在，请检查更换');history.back()</script>";
             exit;
         }
 
-        $sql = "INSERT INTO power (powername, powercontent, powerstate) VALUES (?, ?, 1)";
-        $stmt = $conn->prepare($sql);
-        $stmt->execute([$powername, $powercontent]);
+        $sql = "INSERT INTO power (powername, powercontent, powerstate) 
+                VALUES ('" . $conn->real_escape_string($powername) . "', 
+                        '" . $conn->real_escape_string($powercontent) . "', 1)";
+        $conn->query($sql);
     }
 
-    $page = $_GET['Page'] ?? '';
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $ord = urlencode($_GET['Ord'] ?? '');
     header("Location: ?keys=$keys&Ord=$ord&Page=$page");
     exit;
 }
 
+// Handle postchk action
+if ($act == "postchk") {
+    if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
+        $ids = array_map('intval', $_POST['chkbox']);
+        $idList = implode(',', $ids);
+        $chkact = $_POST['chkact'] ?? '';
+        
+        if ($chkact == "0" || $chkact == "1") {
+            $sql = "UPDATE power SET powerstate = " . (int)$chkact . " WHERE id IN (" . $idList . ")";
+        } else {
+            $sql = "DELETE FROM power WHERE id IN (" . $idList . ")";
+        }
+        
+        $conn->query($sql);
+    }
+    
+    header("Location: ?Keys=$keys&Ord=$ord&Page=$page");
+    exit;
+}
+
+// Now start HTML output
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>管理区域</title>
+<link rel="stylesheet" href="css/common.css" type="text/css" />
+<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
+<script type="text/javascript" src="js/js.js"></script>
+</head>
+
+<body>
+<div id="man_zone">
+<?php
 if ($act == "add" || $act == "edit") {
     $id = $_GET['id'] ?? '';
     $isedit = false;
@@ -69,10 +94,10 @@ if ($act == "add" || $act == "edit") {
 
     if ($id != "" && is_numeric($id)) {
         $isedit = true;
-        $sql = "SELECT powername, powercontent FROM power WHERE id = ?";
-        $stmt = $conn->prepare($sql);
-        $stmt->execute([$id]);
-        if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+        $id = (int)$id;
+        $sql = "SELECT powername, powercontent FROM power WHERE id = " . $id;
+        $result = $conn->query($sql);
+        if ($row = $result->fetch_assoc()) {
             $powername = textUncode($row['powername']);
             $powercontent = $row['powercontent'];
         } else {
@@ -80,9 +105,6 @@ if ($act == "add" || $act == "edit") {
         }
     }
 
-    $page = $_GET['Page'] ?? '';
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $ord = urlencode($_GET['Ord'] ?? '');
     $hrefstr = "?keys=$keys&Ord=$ord&Page=$page";
     ?>
     <form name="form1" method="post" action="<?php echo $hrefstr; ?>&act=save">
@@ -121,53 +143,19 @@ if ($act == "add" || $act == "edit") {
     exit;
 }
 
-if ($act == "postchk") {
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $ord = urlencode($_GET['Ord'] ?? '');
-    $page = $_GET['Page'] ?? '';
-    $chkact = $_POST['chkact'] ?? '';
-
-    if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
-        $ids = array_map('intval', $_POST['chkbox']);
-        $placeholders = str_repeat('?,', count($ids) - 1) . '?';
-        
-        switch ($chkact) {
-            case "0":
-            case "1":
-                $sql = "UPDATE power SET powerstate = ? WHERE id IN ($placeholders)";
-                array_unshift($ids, $chkact);
-                break;
-            default:
-                $sql = "DELETE FROM power WHERE id IN ($placeholders)";
-                break;
-        }
-        
-        $stmt = $conn->prepare($sql);
-        $stmt->execute($ids);
-    }
-    
-    header("Location: ?Keys=$keys&Ord=$ord&Page=$page");
-    exit;
-}
-
-$keys = $_GET['Keys'] ?? '';
 $keyscode = textEncode($keys);
-$ord = $_GET['Ord'] ?? '';
-$page = $_GET['Page'] ?? '';
-
 $orderby = "id DESC";
 if (in_array($ord, ['powername', 'powername Desc', 'powerstate', 'powerstate Desc', 'powercontent', 'powercontent Desc'])) {
     $orderby = "$ord, id DESC";
 }
 
 $sql = "SELECT id, powername, powercontent, powerstate FROM power 
-        WHERE id <> 1 AND (powername LIKE ? OR powercontent LIKE ?) 
+        WHERE id <> 1 AND (powername LIKE '%" . $conn->real_escape_string($keyscode) . "%' 
+        OR powercontent LIKE '%" . $conn->real_escape_string($keyscode) . "%') 
         ORDER BY $orderby";
-$stmt = $conn->prepare($sql);
-$stmt->execute(["%$keyscode%", "%$keyscode%"]);
-$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
+$result = $conn->query($sql);
 
-$total_records = count($results);
+$total_records = $result->num_rows;
 $records_per_page = 10;
 $total_pages = ceil($total_records / $records_per_page);
 
@@ -178,10 +166,9 @@ $page = (int)$page;
 if ($page > $total_pages) $page = $total_pages;
 
 $start = ($page - 1) * $records_per_page;
-$results = array_slice($results, $start, $records_per_page);
+$sql .= " LIMIT $start, $records_per_page";
+$result = $conn->query($sql);
 
-$keys = urlencode($keys);
-$ord = urlencode($ord);
 $hrefstr = "?keys=$keys";
 ?>
 <form id="form1" method="post" action="?act=postchk&Keys=<?php echo $keys; ?>&Ord=<?php echo $ord; ?>&Page=<?php echo $page; ?>" onSubmit="return false">
@@ -198,9 +185,9 @@ $hrefstr = "?keys=$keys";
     </thead>
     <tbody>
     <?php
-    if (!empty($results)) {
+    if ($result->num_rows > 0) {
         $tempNum = ($page - 1) * $records_per_page;
-        foreach ($results as $row) {
+        while ($row = $result->fetch_assoc()) {
             $tempNum++;
             ?>
             <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">

system/products.php

@@ -1,6 +1,128 @@
 <?php
-include "conn.php";
+require_once('conn.php');
+
+
+// Check login status (assuming you have a similar function in PHP)
 checkLogin("信息管理");
+
+// Initialize all variables to avoid undefined warnings
+$act = isset($_GET['act']) ? $_GET['act'] : '';
+$product_name = isset($_POST['ProductName']) ? htmlspecialchars($_POST['ProductName']) : '';
+$product_img = isset($_POST['ProductImg']) ? htmlspecialchars($_POST['ProductImg']) : '';
+$unit = isset($_POST['unit']) ? htmlspecialchars($_POST['unit']) : '';
+$moq = isset($_POST['moq']) ? htmlspecialchars($_POST['moq']) : '';
+$nosale = isset($_POST['nosale']) ? $_POST['nosale'] : array();
+$num = isset($_POST['num']) ? $_POST['num'] : array();
+$price = isset($_POST['price']) ? $_POST['price'] : array();
+$note = isset($_POST['note']) ? htmlspecialchars($_POST['note']) : '';
+$tips = isset($_POST['tips']) ? htmlspecialchars($_POST['tips']) : '';
+$page = isset($_GET['Page']) ? $_GET['Page'] : 1;
+$keys = isset($_GET['Keys']) ? urlencode($_GET['Keys']) : '';
+$keyscode = isset($_GET['Keys']) ? htmlspecialchars($_GET['Keys']) : '';
+
+// Handle form submissions and redirects before any output
+if ($act == 'save') {
+    $id = isset($_POST['id']) ? $_POST['id'] : '';
+    $is_edit = (!empty($id) && is_numeric($id));
+    
+    // Process nosale array into comma-separated string
+    $nosale_str = '';
+    if (is_array($nosale) && !empty($nosale)) {
+        $nosale_clean = array_map('intval', $nosale); // Ensure all values are integers
+        $nosale_str = implode(',', $nosale_clean);
+    }
+    
+    if ($is_edit) {
+        // Update existing product
+        $sql = "UPDATE Products SET 
+                ProductName = '" . mysqli_real_escape_string($conn, $product_name) . "',
+                ProductImg = '" . mysqli_real_escape_string($conn, $product_img) . "',
+                Addtime = NOW(),
+                moq = '" . mysqli_real_escape_string($conn, $moq) . "',
+                unit = '" . mysqli_real_escape_string($conn, $unit) . "',
+                nosale = '" . $nosale_str . "',
+                note = '" . mysqli_real_escape_string($conn, $note) . "',
+                tips = '" . mysqli_real_escape_string($conn, $tips) . "'
+                WHERE id = " . (int)$id;
+        mysqli_query($conn, $sql);
+        
+        // Handle price updates
+        mysqli_query($conn, "DELETE FROM price WHERE productId = " . (int)$id . " AND AreaId = 0");
+        
+        if (is_array($num) && is_array($price)) {
+            foreach ($num as $key => $num_value) {
+                if (isset($price[$key])) { // Only process if we have both num and price
+                    $num_value = empty($num_value) ? 0 : (float)$num_value;
+                    $price_value = empty($price[$key]) ? 0 : (float)$price[$key];
+                    $sql = "INSERT INTO price (productId, AreaId, num, price) VALUES 
+                            (" . (int)$id . ", 0, " . $num_value . ", '" . $price_value . "')";
+                    mysqli_query($conn, $sql);
+                }
+            }
+        }
+    } else {
+        // Insert new product
+        $sql = "INSERT INTO Products (ProductName, ProductImg, Addtime, unit, moq, nosale, note, tips) 
+                VALUES (
+                    '" . mysqli_real_escape_string($conn, $product_name) . "',
+                    '" . mysqli_real_escape_string($conn, $product_img) . "',
+                    NOW(),
+                    '" . mysqli_real_escape_string($conn, $unit) . "',
+                    '" . mysqli_real_escape_string($conn, $moq) . "',
+                    '" . $nosale_str . "',
+                    '" . mysqli_real_escape_string($conn, $note) . "',
+                    '" . mysqli_real_escape_string($conn, $tips) . "'
+                )";
+        mysqli_query($conn, $sql);
+        $id = mysqli_insert_id($conn);
+        
+        // Handle price insertions
+        if (is_array($num) && is_array($price)) {
+            foreach ($num as $key => $num_value) {
+                if (isset($price[$key])) { // Only process if we have both num and price
+                    $num_value = empty($num_value) ? 0 : (float)$num_value;
+                    $price_value = empty($price[$key]) ? 0 : (float)$price[$key];
+                    $sql = "INSERT INTO price (productId, AreaId, num, price) VALUES 
+                            (" . (int)$id . ", 0, " . $num_value . ", '" . $price_value . "')";
+                    mysqli_query($conn, $sql);
+                }
+            }
+        }
+    }
+    
+    // Redirect after save
+    header("Location: ?keys=" . $keys . "&Page=" . $page);
+    exit();
+}
+
+// Handle bulk actions
+if ($act == 'postchk') {
+    if (isset($_POST['chkbox']) && isset($_POST['chkact'])) {
+        $chk_ids = array_map('intval', $_POST['chkbox']);
+        $chk_act = (int)$_POST['chkact'];
+        
+        if (!empty($chk_ids)) {
+            $ids_str = implode(',', $chk_ids);
+            
+            switch ($chk_act) {
+                case 0:
+                case 1:
+                    $sql = "UPDATE customer SET cs_state = " . $chk_act . " WHERE id IN (" . $ids_str . ")";
+                    break;
+                case -1:
+                    $sql = "DELETE FROM products WHERE id IN (" . $ids_str . ")";
+                    break;
+            }
+            
+            if (isset($sql)) {
+                mysqli_query($conn, $sql);
+            }
+        }
+        
+        header("Location: ?Keys=" . $keys . "&Page=" . $page);
+        exit();
+    }
+}
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
@@ -17,400 +139,273 @@ checkLogin("信息管理");
 <body>
 <div id="man_zone">
 <?php
-$act = $_GET['act'] ?? '';
-$productName = textEncode($_POST['ProductName'] ?? '');
-$productImg = textEncode($_POST['ProductImg'] ?? '');
-$unit = textEncode($_POST['unit'] ?? '');
-$moq = textEncode($_POST['moq'] ?? '');
-$nosale = $_POST['nosale'] ?? '';
-$num = $_POST['num'] ?? '';
-$price = $_POST['price'] ?? '';
-$note = textEncode($_POST['note'] ?? '');
-$tips = textEncode($_POST['tips'] ?? '');
-
-if ($act == "save") {
-    $isedit = false;
-    $id = $_POST['id'] ?? '';
-    if ($id != "" && is_numeric($id)) {
-        $isedit = true;
-    }
-
-    if ($isedit) {
-        $sql = "Select * From Products Where id=" . $id;
-        $rs = $conn->query($sql);
-        if ($row = $rs->fetch()) {
-            $sql = "Update Products Set 
-                    ProductName='" . $productName . "',
-                    ProductImg='" . $productImg . "',
-                    Addtime=NOW(),
-                    moq='" . $moq . "',
-                    unit='" . $unit . "',
-                    nosale='" . $nosale . "',
-                    note='" . $note . "',
-                    tips='" . $tips . "'
-                    Where id=" . $id;
-            $conn->query($sql);
-            
-            $conn->query("delete from price where productId=" . $id . " and AreaId=0");
-            
-            $numarr = explode(",", $num);
-            $pricearr = explode(",", $price);
-            
-            for ($i = 0; $i < count($numarr); $i++) {
-                if ($numarr[$i] == "") $numarr[$i] = 0;
-                if ($pricearr[$i] == "") $pricearr[$i] = 0;
-                $conn->query("insert into price (productId,AreaId,num,price) values(" . $id . ",0," . $numarr[$i] . ",'" . $pricearr[$i] . "')");
-            }
-        }
-    } else {
-        $sql = "Insert Into Products(ProductName,ProductImg,Addtime,unit,moq,nosale,note,tips) values(
-                '" . $productName . "',
-                '" . $productImg . "',
-                NOW(),
-                '" . $unit . "',
-                '" . $moq . "',
-                '" . $nosale . "',
-                '" . $note . "',
-                '" . $tips . "'
-                )";
-        $conn->query($sql);
-        
-        $sql = "select top 1 id from Products order by id desc";
-        $rs = $conn->query($sql);
-        $id = $rs->fetch()['id'];
-        
-        $numarr = explode(",", $num);
-        $pricearr = explode(",", $price);
-        
-        for ($i = 0; $i < count($numarr); $i++) {
-            if ($numarr[$i] == "") $numarr[$i] = 0;
-            if ($pricearr[$i] == "") $pricearr[$i] = 0;
-            $conn->query("insert into price (productId,AreaId,num,price) values(" . $id . ",0," . $numarr[$i] . ",'" . $pricearr[$i] . "')");
-        }
-    }
-
-    $page = $_GET['Page'] ?? '';
-    $keys = urlencode($_GET['Keys'] ?? '');
-    header("Location: ?keys=" . $keys . "&Page=" . $page . $urlStr);
-    exit;
-}
-
-if ($act == "add" || $act == "edit") {
-    $id = $_GET['id'] ?? '';
-    $isedit = false;
-    if ($id != "" && is_numeric($id)) {
-        $isedit = true;
-        $sql = "Select ProductName,ProductImg,unit,moq,nosale,note,tips from Products Where id=" . $id;
-        $rs = $conn->query($sql);
-        if ($row = $rs->fetch()) {
-            $productName = textUncode($row['ProductName']);
-            $productImg = textUncode($row['ProductImg']);
-            $unit = $row['unit'];
-            $moq = textUncode($row['moq']);
+// Handle add/edit form display
+if ($act == 'add' || $act == 'edit') {
+    $id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
+    $is_edit = ($id > 0);
+    
+    if ($is_edit) {
+        $sql = "SELECT ProductName, ProductImg, unit, moq, nosale, note, tips 
+                FROM Products WHERE id = " . $id;
+        $result = mysqli_query($conn, $sql);
+        if ($row = mysqli_fetch_assoc($result)) {
+            $product_name = htmlspecialchars($row['ProductName']);
+            $product_img = htmlspecialchars($row['ProductImg']);
+            $unit = htmlspecialchars($row['unit']);
+            $moq = htmlspecialchars($row['moq']);
             $nosale = $row['nosale'];
-            $note = textUncode($row['note']);
-            $tips = textUncode($row['tips']);
-        } else {
-            $isedit = false;
+            $note = htmlspecialchars($row['note']);
+            $tips = htmlspecialchars($row['tips']);
         }
     }
-
-    $page = $_GET['Page'] ?? '';
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $hrefstr = "?keys=" . $keys . "&Page=" . $page;
-?>
-    <form name="form1" method="post" action="<?php echo $hrefstr; ?>&act=save">
-    <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
-        <tbody>
-            <tr>
-                <th width="8%">产品名称</th>
-                <td><input type="text" id="ProductName" name="ProductName" value="<?php echo $productName; ?>" class="txt1" />
+    
+    $href_str = "?keys=" . $keys . "&Page=" . $page;
+    ?>
+    <form name="form1" method="post" action="<?php echo $href_str; ?>&act=save">
+        <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
+            <tbody>
+                <tr>
+                    <th width="8%">产品名称</th>
+                    <td><input type="text" id="ProductName" name="ProductName" value="<?php echo $product_name; ?>" class="txt1" />
                     <input type="hidden" name="id" value="<?php echo $id; ?>" /></td>
-            </tr>
-            <tr>
-                <th width="8%">产品图片</th>
-                <td><input type="text" id="ProductImg" name="ProductImg" placeholder="186x*186px" value="<?php echo $productImg; ?>" class="txt1" style="width:390px;float:left;" />
+                </tr>
+                <tr>
+                    <th width="8%">产品图片</th>
+                    <td><input type="text" id="ProductImg" name="ProductImg" placeholder="186x*186px" value="<?php echo $product_img; ?>" class="txt1" style="width:390px;float:left;" />
                     <iframe src="uploadfile.php" frameborder="0" scrolling="no" style="width:400px;height:22px;float:left;margin-left:10px;"></iframe></td>
-            </tr>
-            <tr>
-                <th width="8%">计价单位</th>
-                <td><input type="text" id="unit" name="unit" value="<?php echo $unit; ?>" class="txt1"/></td>
-            </tr>
-            <tr>
-                <th width="8%">起订数量</th>
-                <td><input type="text" id="moq" name="moq" value="<?php echo $moq; ?>" class="txt1"/></td>
-            </tr>
-            <tr>
-                <th width="8%">默认售价</th>
-                <td>
-                    <div class="Price">
-                    <?php 
-                    if ($isedit) {
-                        $rs = $conn->query("Select num,price from price where AreaId=0 and productId=" . $id . " order by num asc");
-                        if ($rs->rowCount() > 0) {
-                            while ($row = $rs->fetch()) {
-                    ?>
-                        <div class="priceitem">
-                            <label>≥</label>
-                            <input type="number" class="txt3 num" name="num" value="<?php echo $row['num']; ?>">
-                            <label class="unit"><?php echo $unit; ?></label>
-                            <label>售价</label>
-                            <input type="text" class="txt3 price" name="price" value="<?php echo $row['price']; ?>">
-                            <label>RMB</label>
-                            <span class="additem"></span>
-                            <span class="delitem"></span>
-                            <span class="note"></span>
-                        </div>
-                    <?php
+                </tr>
+                <tr>
+                    <th width="8%">计价单位</th>
+                    <td><input type="text" id="unit" name="unit" value="<?php echo $unit; ?>" class="txt1"/></td>
+                </tr>
+                <tr>
+                    <th width="8%">起订数量</th>
+                    <td><input type="text" id="moq" name="moq" value="<?php echo $moq; ?>" class="txt1"/></td>
+                </tr>
+                <tr>
+                    <th width="8%">默认售价</th>
+                    <td>
+                        <div class="Price">
+                        <?php
+                        if ($is_edit) {
+                            $price_sql = "SELECT num, price FROM price WHERE AreaId = 0 AND productId = " . $id . " ORDER BY num ASC";
+                            $price_result = mysqli_query($conn, $price_sql);
+                            if (mysqli_num_rows($price_result) > 0) {
+                                while ($price_row = mysqli_fetch_assoc($price_result)) {
+                                    ?>
+                                    <div class="priceitem">
+                                        <label>≥</label>
+                                        <input type="number" class="txt3 num" name="num[]" value="<?php echo $price_row['num']; ?>">
+                                        <label class="unit"><?php echo $unit; ?></label>
+                                        <label>售价</label>
+                                        <input type="text" class="txt3 price" name="price[]" value="<?php echo $price_row['price']; ?>">
+                                        <label>RMB</label>
+                                        <span class="additem"></span>
+                                        <span class="delitem"></span>
+                                        <span class="note"></span>
+                                    </div>
+                                    <?php
+                                }
                             }
-                        } else {
-                    ?>
-                        <div class="priceitem">
-                            <label>≥</label>
-                            <input type="number" class="txt3 num" name="num">
-                            <label class="unit"><?php echo $unit; ?></label>
-                            <label>售价</label>
-                            <input type="text" class="txt3 price" name="price">
-                            <label>RMB</label>
-                            <span class="additem"></span>
-                            <span class="delitem"></span>
-                            <span class="note"></span>
-                        </div>
-                    <?php
                         }
-                    } else {
-                    ?>
-                        <div class="priceitem">
-                            <label>≥</label>
-                            <input type="number" class="txt3 num" name="num">
-                            <label class="unit"><?php echo $unit; ?></label>
-                            <label>售价</label>
-                            <input type="text" class="txt3 price" name="price">
-                            <label>RMB</label>
-                            <span class="additem"></span>
-                            <span class="delitem"></span>
-                            <span class="note"></span>
+                        if (!$is_edit || mysqli_num_rows($price_result) == 0) {
+                            ?>
+                            <div class="priceitem">
+                                <label>≥</label>
+                                <input type="number" class="txt3 num" name="num[]">
+                                <label class="unit"><?php echo $unit; ?></label>
+                                <label>售价</label>
+                                <input type="text" class="txt3 price" name="price[]">
+                                <label>RMB</label>
+                                <span class="additem"></span>
+                                <span class="delitem"></span>
+                                <span class="note"></span>
+                            </div>
+                            <?php
+                        }
+                        ?>
                         </div>
-                    <?php
-                    }
-                    ?>
-                    </div>
-                </td>
-            </tr>
-            <tr>
-                <th width="8%">不报价地区</th>
-                <td>
-                    <ul class="areadd">
-                    <?php
-                    if ($nosale != "") {
-                        $rs = $conn->query("select id,countryName from country where id in(" . $nosale . ")");
-                        while ($row = $rs->fetch()) {
-                    ?>
-                        <li>
-                            <input type="hidden" name="nosale" value="<?php echo $row['id']; ?>">
-                            <span class="cname"><?php echo $row['countryName']; ?></span>
-                            <span class="close"></span>
-                        </li>
-                    <?php
+                    </td>
+                </tr>
+                <tr>
+                    <th width="8%">不报价地区</th>
+                    <td>
+                        <ul class="areadd">
+                        <?php
+                        if (!empty($nosale)) {
+                            $area_sql = "SELECT id, countryName FROM country WHERE id IN(" . $nosale . ")";
+                            $area_result = mysqli_query($conn, $area_sql);
+                            while ($area_row = mysqli_fetch_assoc($area_result)) {
+                                ?>
+                                <li>
+                                    <input type="hidden" name="nosale[]" value="<?php echo $area_row['id']; ?>">
+                                    <span class="cname"><?php echo htmlspecialchars($area_row['countryName']); ?></span>
+                                    <span class="close"></span>
+                                </li>
+                                <?php
+                            }
                         }
-                    }
-                    ?>
-                    </ul>
-                    <input type="text" id="AreaSearch" class="fastsearch">
-                    <div id="arealist" class="productlist"><ul></ul></div>
-                </td>
-            </tr>
-            <tr>
-                <th width="8%">不报价处理方式</th>
-                <td><input type="text" id="note" name="note" value="<?php echo $note; ?>" class="txt1"/></td>
-            </tr>
-            <tr>
-                <th width="8%">备注</th>
-                <td><input type="text" id="tips" name="tips" value="<?php echo $tips; ?>" class="txt1"/></td>
-            </tr>
-            <tr>
-                <th></th>
-                <td>
-                    <input type="submit" name="save" value="确定" class="btn1" />
-                    <input type="reset" name="reset" value="重置" class="btn1" />
-                    <input type="button" value="返回" class="btn1" onClick="location.href='<?php echo $hrefstr; ?>'" />
-                </td>
-            </tr>
-        </tbody>
-    </table>
+                        ?>
+                        </ul>
+                        <input type="text" id="AreaSearch" class="fastsearch">
+                        <div id="arealist" class="productlist"><ul></ul></div>
+                    </td>
+                </tr>
+                <tr>
+                    <th width="8%">不报价处理方式</th>
+                    <td><input type="text" id="note" name="note" value="<?php echo $note; ?>" class="txt1"/></td>
+                </tr>
+                <tr>
+                    <th width="8%">备注</th>
+                    <td><input type="text" id="tips" name="tips" value="<?php echo $tips; ?>" class="txt1"/></td>
+                </tr>
+                <tr>
+                    <th></th>
+                    <td colspan="2">
+                        <input type="submit" name="save" value="确定" class="btn1" />
+                        <input type="reset" name="reset" value="重置" class="btn1" />
+                        <input type="button" value="返回" class="btn1" onClick="location.href='<?php echo $href_str; ?>'" />
+                    </td>
+                </tr>
+            </tbody>
+        </table>
     </form>
-<?php
-    exit;
-}
-
-if ($act == "postchk") {
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $page = $_GET['Page'] ?? '';
-    $chkact = $_POST['chkact'] ?? '';
-    $sqlStr = "";
+    <?php
+} else {
+    // Display product list
+    $sql = "SELECT id, ProductName, ProductImg FROM Products ORDER BY id DESC";
+    $result = mysqli_query($conn, $sql);
+    $total_records = mysqli_num_rows($result);
+    $records_per_page = 18;
+    $total_pages = ceil($total_records / $records_per_page);
     
-    if (isset($_POST['chkbox'])) {
-        foreach ($_POST['chkbox'] as $value) {
-            if ($sqlStr != "") {
-                $sqlStr .= " Or id=" . $value;
-            } else {
-                $sqlStr = " Where id=" . $value;
-            }
-        }
-
-        switch ($chkact) {
-            case "0":
-                $sqlStr = "Update Products Set cs_state=" . $chkact . $sqlStr;
-                break;
-            case "1":
-                $sqlStr = "Update Products Set cs_state=" . $chkact . $sqlStr;
-                break;
-            default:
-                $sqlStr = "Delete From Products" . $sqlStr;
-        }
-
-        $conn->query($sqlStr);
-    }
+    // Validate page number
+    if ($page == 'end') $page = $total_pages;
+    if (!is_numeric($page) || $page < 1) $page = 1;
+    if ($page > $total_pages) $page = $total_pages;
     
-    header("Location: ?Keys=" . $keys . "&Page=" . $page);
-    exit;
-}
-
-// 主列表页面
-$keyscode = textEncode($_GET['Keys'] ?? '');
-$page = $_GET['Page'] ?? '';
-
-$sqlStr = "Select id,ProductName,ProductImg from Products order by id Desc";
-$rs = $conn->query($sqlStr);
-?>
-<form id="form1" method="post" action="?act=postchk&Keys=<?php echo urlencode($_GET['Keys'] ?? ''); ?>&Page=<?php echo $page; ?>" onSubmit="return false">
-<table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
-    <thead>
-        <tr>
-            <th width="4%"><input type="checkbox" name="chkall" id="chkall" onClick="chkboxall(this,'chkbox')" /></th>
-            <th width="6%">序号</th>
-            <th width="30%">产品名称</th>
-            <th width="40%">图片</th>
-            <th width="20%">操作</th>
-        </tr>
-    </thead>
-    <tbody>
-    <?php
-    if ($rs->rowCount() > 0) {
-        $rs->setFetchMode(PDO::FETCH_ASSOC);
-        $records_per_page = 18;
-        
-        if ($page == "") $page = 1;
-        if ($page == "end") $page = ceil($rs->rowCount() / $records_per_page);
-        if (!is_numeric($page) || $page < 1) $page = 1;
-        $page = (int)$page;
-        
-        $start = ($page - 1) * $records_per_page;
-        $tempNum = $start;
-        
-        $count = 0;
-        while ($row = $rs->fetch()) {
-            $count++;
-            if ($count > $start && $count <= $start + $records_per_page) {
-                $tempNum++;
-    ?>
-            <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
-                <td align="center"><input type="checkbox" name="chkbox[]" value="<?php echo $row['id']; ?>" /></td>
-                <td align="center"><?php echo $tempNum; ?></td>
-                <td align="center"><?php echo $row['ProductName']; ?></td>
-                <td align="center"><img src="<?php echo $row['ProductImg']; ?>" width="80px"></td>
-                <td align="center">
-                    <a href="?Keys=<?php echo urlencode($_GET['Keys'] ?? ''); ?>&Page=<?php echo $page; ?><?php echo $urlStr ?? ''; ?>&act=edit&id=<?php echo $row['id']; ?>" class="ico_edit ico">修改</a>
-                </td>
-            </tr>
-    <?php
-            }
-        }
-    } else {
-        if ($_GET['Keys'] ?? '' == "") {
+    $offset = ($page - 1) * $records_per_page;
+    $sql .= " LIMIT $offset, $records_per_page";
+    $result = mysqli_query($conn, $sql);
     ?>
-            <tr>
-                <td align="center" colspan="9">Sorry，当前暂无信息</td>
-            </tr>
-    <?php
-        } else {
-    ?>
-            <tr>
-                <td align="center" colspan="9"><a href="?">Sorry，没有找到"<?php echo $keyscode; ?>"相关的信息，点击返回</a></td>
-            </tr>
-    <?php
-        }
-    }
-    ?>
-    </tbody>
-    <tfoot>
-        <tr>
-            <td colspan="9">
-                <div class="showpagebox">
+    <form id="form1" method="post" action="?act=postchk&Keys=<?php echo $keys; ?>&Page=<?php echo $page; ?>" onSubmit="return false">
+        <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
+            <thead>
+                <tr>
+                    <th width="4%"><input type="checkbox" name="chkall" id="chkall" onClick="chkboxall(this,'chkbox')" /></th>
+                    <th width="6%">序号</th>
+                    <th width="30%">产品名称</th>
+                    <th width="40%">图片</th>
+                    <th width="20%">操作</th>
+                </tr>
+            </thead>
+            <tbody>
+            <?php
+            if (mysqli_num_rows($result) > 0) {
+                $temp_num = $offset;
+                while ($row = mysqli_fetch_assoc($result)) {
+                    $temp_num++;
+                    ?>
+                    <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
+                        <td align="center"><input type="checkbox" name="chkbox[]" value="<?php echo $row['id']; ?>" /></td>
+                        <td align="center"><?php echo $temp_num; ?></td>
+                        <td align="center"><?php echo htmlspecialchars($row['ProductName']); ?></td>
+                        <td align="center"><img src="<?php echo htmlspecialchars($row['ProductImg']); ?>" width="80px"></td>
+                        <td align="center">
+                            <a href="?Keys=<?php echo $keys; ?>&Page=<?php echo $page; ?>&act=edit&id=<?php echo $row['id']; ?>" class="ico_edit ico">修改</a>
+                        </td>
+                    </tr>
+                    <?php
+                }
+            } else {
+                ?>
+                <tr>
+                    <td colspan="9" align="center">
+                        <?php echo empty($keys) ? 'Sorry，当前暂无信息' : '<a href="?">Sorry，没有找到"' . htmlspecialchars($keyscode) . '"相关的信息，点击返回</a>'; ?>
+                    </td>
+                </tr>
                 <?php
-                if ($rs->rowCount() > 0) {
-                    $total_pages = ceil($rs->rowCount() / $records_per_page);
-                    if ($total_pages > 1) {
-                        $pageName = "?Keys=" . urlencode($_GET['Keys'] ?? '') . ($urlStr ?? '') . "&";
-                        $pagelen = 3;
-
-                        if ($page > 1) {
-                            echo "<a href=\"{$pageName}Page=1\">首页</a>";
-                            echo "<a href=\"{$pageName}Page=" . ($page-1) . "\">上一页</a>";
-                        }
-
-                        if ($pagelen * 2 + 1 >= $total_pages) {
-                            $startPage = 1;
-                            $endPage = $total_pages;
-                        } else {
-                            if ($page <= $pagelen + 1) {
-                                $startPage = 1;
-                                $endPage = $pagelen * 2 + 1;
-                            } else {
-                                $startPage = $page - $pagelen;
-                                $endPage = $page + $pagelen;
-                            }
-                            if ($page + $pagelen > $total_pages) {
-                                $startPage = $total_pages - $pagelen * 2;
-                                $endPage = $total_pages;
+            }
+            ?>
+            </tbody>
+            <tfoot>
+                <tr>
+                    <td colspan="9">
+                        <div class="showpagebox">
+                        <?php
+                        if ($total_pages > 1) {
+                            $page_name = "?Keys=" . $keys . "&";
+                            $page_len = 3;
+                            
+                            // Previous page links
+                            if ($page > 1) {
+                                echo "<a href=\"{$page_name}Page=1\">首页</a>";
+                                echo "<a href=\"{$page_name}Page=" . ($page - 1) . "\">上一页</a>";
                             }
-                        }
-
-                        for ($i = $startPage; $i <= $endPage; $i++) {
-                            if ($i == $page) {
-                                echo "<a class=\"current\">$i</a>";
+                            
+                            // Calculate page range
+                            if ($page_len * 2 + 1 >= $total_pages) {
+                                $start_page = 1;
+                                $end_page = $total_pages;
                             } else {
-                                echo "<a href=\"{$pageName}Page=$i\">$i</a>";
+                                if ($page <= $page_len + 1) {
+                                    $start_page = 1;
+                                    $end_page = $page_len * 2 + 1;
+                                } else {
+                                    $start_page = $page - $page_len;
+                                    $end_page = $page + $page_len;
+                                }
+                                if ($page + $page_len > $total_pages) {
+                                    $start_page = $total_pages - $page_len * 2;
+                                    $end_page = $total_pages;
+                                }
                             }
-                        }
-
-                        if ($page < $total_pages) {
-                            if ($total_pages - $page > $pagelen) {
-                                echo "<a href=\"{$pageName}Page=$total_pages\">...$total_pages</a>";
+                            
+                            // Page numbers
+                            for ($i = $start_page; $i <= $end_page; $i++) {
+                                if ($i == $page) {
+                                    echo "<a class=\"current\">{$i}</a>";
+                                } else {
+                                    echo "<a href=\"{$page_name}Page={$i}\">{$i}</a>";
+                                }
+                            }
+                            
+                            // Next page links
+                            if ($page < $total_pages) {
+                                if ($total_pages - $page > $page_len) {
+                                    echo "<a href=\"{$page_name}Page={$total_pages}\">...{$total_pages}</a>";
+                                }
+                                echo "<a href=\"{$page_name}Page=" . ($page + 1) . "\">下一页</a>";
+                                echo "<a href=\"{$page_name}Page={$total_pages}\">尾页</a>";
                             }
-                            echo "<a href=\"{$pageName}Page=" . ($page+1) . "\">下一页</a>";
-                            echo "<a href=\"{$pageName}Page=$total_pages\">尾页</a>";
+                            ?>
+                            <input type="text" id="Pagego" value="<?php echo $page; ?>" 
+                                onFocus="if(this.value == '<?php echo $page; ?>'){this.value='';}" 
+                                onBlur="if(this.value == ''){this.value='<?php echo $page; ?>';}" 
+                                onKeyUp="this.value=this.value.replace(/\D/g,'')" 
+                                onKeyDown="if(event.keyCode==13){location.href='<?php echo $page_name; ?>Page='+document.getElementById('Pagego').value}" />
+                            <?php
                         }
-
-                        echo "<input type=\"text\" id=\"Pagego\" value=\"$page\" onFocus=\"if(this.value == '$page'){this.value='';};\" onBlur=\"if(this.value == ''){this.value='$page';}\" onKeyUp=\"this.value=this.value.replace(/\D/g,'')\" onKeyDown=\"if(event.keyCode==13){location.href='{$pageName}Page='+document.getElementById('Pagego').value}\" />";
-                    }
-                }
-                ?>
-                </div>
-                <div class="postchkbox">
-                    <select id="chkact" name="chkact">
-                        <option value="1">显示</option>
-                        <option value="0">隐藏</option>
-                        <option value="-1">删除</option>
-                    </select>
-                    <input type="button" value="执行" onClick="postchk(1)" class="btn1" />
-                    <input type="button" value="新增" onClick="location.href='?act=add'" class="btn1" />
-                </div>
-            </td>
-        </tr>
-    </tfoot>
-</table>
-</form>
+                        ?>
+                        </div>
+                        <div class="postchkbox">
+                            <select id="chkact" name="chkact">
+                                <option value="1">显示</option>
+                                <option value="0">隐藏</option>
+                                <option value="-1">删除</option>
+                            </select>
+                            <input type="button" value="执行" onClick="postchk(1)" class="btn1" />
+                            <input type="button" value="新增" onClick="location.href='?act=add'" class="btn1" />
+                        </div>
+                    </td>
+                </tr>
+            </tfoot>
+        </table>
+    </form>
+    <?php
+}
+mysqli_close($conn);
+?>
 </div>
 </body>
 </html> 

system/pwd.php

@@ -54,7 +54,7 @@ if ($act == "save") {
 
     $sql = "Select loginpwd,loginname From login Where id=" . loadSession("loginid");
     $rs = $conn->query($sql);
-    if ($row = $rs->fetch()) {
+    if ($row = $rs->fetch_assoc()) {
         if (md5($loginpwd) != $row['loginpwd']) {
             echo "<script>alert('原密码输入错误');history.back()</script>";
             exit;
@@ -79,7 +79,7 @@ $sql = "Select loginlasttime,loginlastip,loginthistime,loginthisip,powercontent,
         From login Left Join power On power.id=login.loginpower 
         Where login.id=" . loadSession("loginid");
 $rs = $conn->query($sql);
-if ($row = $rs->fetch()) {
+if ($row = $rs->fetch_assoc()) {
     $loginlasttime = $row['loginlasttime'];
     $loginlastip = $row['loginlastip'];
     $loginthistime = $row['loginthistime'];

system/qudao.php

@@ -1,137 +1,144 @@
 <?php
-include "conn.php";
+require_once('conn.php');
 checkLogin("信息管理");
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<title>管理区域</title>
-<link rel="stylesheet" href="css/common.css" type="text/css" />
-<link rel="stylesheet" href="css/jquery.galpop.css" type="text/css" />
-<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
-<script type="text/javascript" src="js/js.js"></script>
-<script type="text/javascript" src="xheditor-1.1.9/xheditor-1.1.9-zh-cn.min.js"></script>
-<script type="text/javascript" src="js/jquery.galpop.min.js"></script>
-</head>
-<body>
-<div id="man_zone">
-<?php
+
 $act = $_GET['act'] ?? '';
 
-if ($act == "save") {
-    $isedit = false;
+// Process all actions that might need headers/redirects first
+if ($act == 'save') {
+    $isEdit = false;
     $id = $_POST['id'] ?? '';
-    if ($id != "" && is_numeric($id)) {
-        $isedit = true;
+    if (!empty($id) && is_numeric($id)) {
+        $isEdit = true;
     }
+    
     $ch_name = textEncode($_POST['ch_name'] ?? '');
 
-    if ($isedit) {
-        $sql = "Select * From qudao Where id=" . $id;
-        $rs = $conn->query($sql);
-        if ($rs->rowCount() == 0) {
-            $sql = "Insert Into qudao(ch_name) values('" . $ch_name . "')";
-        } else {
-            $sql = "Update qudao Set ch_name='" . $ch_name . "' Where id=" . $id;
+    if ($isEdit) {
+        $stmt = $conn->prepare("SELECT * FROM qudao WHERE id = ?");
+        $stmt->bind_param("i", $id);
+        $stmt->execute();
+        $result = $stmt->get_result();
+        
+        if ($result->num_rows > 0) {
+            $stmt = $conn->prepare("UPDATE qudao SET ch_name = ? WHERE id = ?");
+            $stmt->bind_param("si", $ch_name, $id);
+            $stmt->execute();
         }
-        $conn->query($sql);
-
+        
         $page = $_GET['Page'] ?? '';
         $keys = urlencode($_GET['Keys'] ?? '');
         $ord = urlencode($_GET['Ord'] ?? '');
-        header("Location: ?keys=" . $keys . "&Ord=" . $ord . "&Page=" . $page);
+        header("Location: ?keys=$keys&Ord=$ord&Page=$page");
         exit;
     } else {
-        $sql = "Insert Into qudao(ch_name) values('" . $ch_name . "')";
-        $conn->query($sql);
+        $stmt = $conn->prepare("INSERT INTO qudao (ch_name) VALUES (?)");
+        $stmt->bind_param("s", $ch_name);
+        $stmt->execute();
+        
         header("Location: ?");
         exit;
     }
 }
 
-if ($act == "add" || $act == "edit") {
+if ($act == 'postchk') {
+    $keys = urlencode($_GET['Keys'] ?? '');
+    $ord = urlencode($_GET['Ord'] ?? '');
+    $page = $_GET['Page'] ?? '';
+    
+    if (isset($_POST['chkbox']) && is_array($_POST['chkbox'])) {
+        $ids = array_map('intval', $_POST['chkbox']);
+        $idList = implode(',', $ids);
+        
+        if (!empty($idList)) {
+            $stmt = $conn->prepare("DELETE FROM qudao WHERE id IN ($idList)");
+            $stmt->execute();
+        }
+    }
+    
+    header("Location: ?Keys=$keys&Ord=$ord&Page=$page");
+    exit;
+}
+
+// Now we can start HTML output
+?>
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>管理区域</title>
+<link rel="stylesheet" href="css/common.css" type="text/css" />
+<link rel="stylesheet" href="css/jquery.galpop.css" type="text/css" />
+<script language="javascript" src="js/jquery-1.7.2.min.js"></script>
+<script type="text/javascript" src="js/js.js"></script>
+<script type="text/javascript" src="xheditor-1.1.9/xheditor-1.1.9-zh-cn.min.js"></script>
+<script type="text/javascript" src="js/jquery.galpop.min.js"></script>
+</head>
+<body>
+<div id="man_zone">
+<?php
+if ($act == 'add' || $act == 'edit') {
     $id = $_GET['id'] ?? '';
-    $isedit = false;
+    $isEdit = false;
     $ch_name = '';
     
-    if ($id != "" && is_numeric($id)) {
-        $isedit = true;
-        $sql = "Select * From qudao Where id=" . $id;
-        $rs = $conn->query($sql);
-        if ($row = $rs->fetch()) {
+    if (!empty($id) && is_numeric($id)) {
+        $isEdit = true;
+        $stmt = $conn->prepare("SELECT * FROM qudao WHERE id = ?");
+        $stmt->bind_param("i", $id);
+        $stmt->execute();
+        $result = $stmt->get_result();
+        
+        if ($row = $result->fetch_assoc()) {
             $ch_name = textUncode($row['ch_name']);
         } else {
-            $isedit = false;
+            $isEdit = false;
         }
     }
 
     $page = $_GET['Page'] ?? '';
     $keys = urlencode($_GET['Keys'] ?? '');
     $ord = urlencode($_GET['Ord'] ?? '');
-    $hrefstr = "?keys=" . $keys . "&Ord=" . $ord . "&Page=" . $page;
-?>
+    $hrefstr = "?keys=$keys&Ord=$ord&Page=$page";
+    ?>
     <form name="form1" method="post" action="<?php echo $hrefstr; ?>&act=save">
     <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
         <tbody>
             <tr>
                 <th width="8%">来源</th>
-                <td><input type="text" id="ch_name" name="ch_name" value="<?php echo $ch_name; ?>" class="txt1" />
-                    <input type="hidden" name="id" value="<?php echo $id; ?>" /></td>
+                <td><input type="text" id="ch_name" name="ch_name" value="<?php echo $ch_name; ?>" class="txt1" /><input type="hidden" name="id" value="<?php echo $id; ?>" /></td>
             </tr>
             <tr>
                 <th></th>
-                <td><input type="submit" name="save" id="save" value="确定" class="btn1" /> 
-                    <input type="reset" name="save" id="save" value="重置" class="btn1" /> 
-                    <input type="button" value="返回" class="btn1" onClick="location.href='<?php echo $hrefstr; ?>'" /></td>
+                <td><input type="submit" name="save" id="save" value="确定" class="btn1" /> <input type="reset" name="save" id="save" value="重置" class="btn1" /> <input type="button" value="返回" class="btn1" onClick="location.href='<?php echo $hrefstr; ?>'" /></td>
             </tr>
         </tbody>
     </table>
     </form>
-<?php
-    exit;
-}
-
-if ($act == "postchk") {
-    $keys = urlencode($_GET['Keys'] ?? '');
-    $ord = urlencode($_GET['Ord'] ?? '');
-    $page = $_GET['Page'] ?? '';
-    $chkact = $_POST['chkact'] ?? '';
-    $sqlStr = "";
-    
-    if (isset($_POST['chkbox'])) {
-        foreach ($_POST['chkbox'] as $value) {
-            if ($sqlStr != "") {
-                $sqlStr .= " Or id=" . $value;
-            } else {
-                $sqlStr = " Where id=" . $value;
-            }
-        }
-
-        $sqlStr = "Delete From qudao" . $sqlStr;
-        $conn->query($sqlStr);
-    }
-    
-    header("Location: ?Keys=" . $keys . "&Ord=" . $ord . "&Page=" . $page);
+    </div>
+    </body>
+    </html>
+    <?php
     exit;
 }
 
+// Main listing page
 $keys = $_GET['Keys'] ?? '';
 $keyscode = textEncode($keys);
 $ord = $_GET['Ord'] ?? '';
 $page = $_GET['Page'] ?? '';
+$ordStr = !empty($ord) ? "$ord," : "";
 
-$ordStr = "";
-if ($ord != "") {
-    $ordStr = $ord . ",";
-}
-
-$sql = "Select * From qudao Where ch_name like '%" . $keyscode . "%' Order By id Desc";
-$rs = $conn->query($sql);
+$sql = "SELECT * FROM qudao WHERE ch_name LIKE ? ORDER BY id DESC";
+$stmt = $conn->prepare($sql);
+$searchTerm = "%$keyscode%";
+$stmt->bind_param("s", $searchTerm);
+$stmt->execute();
+$result = $stmt->get_result();
 
 $keys = urlencode($keys);
 $ord = urlencode($ord);
-$hrefstr = "?keys=" . $keys;
+$hrefstr = "?keys=$keys";
 ?>
 <form id="form1" method="post" action="?act=postchk&Keys=<?php echo $keys; ?>&Ord=<?php echo $ord; ?>&Page=<?php echo $page; ?>" onSubmit="return false">
 <table width="100%" border="0" cellpadding="3" cellspacing="1" class="table1">
@@ -145,50 +152,50 @@ $hrefstr = "?keys=" . $keys;
     </thead>
     <tbody>
     <?php
-    if ($rs->rowCount() > 0) {
-        $records_per_page = 10;
+    if ($result->num_rows > 0) {
+        $pageSize = 10;
+        $totalRecords = $result->num_rows;
+        $totalPages = ceil($totalRecords / $pageSize);
         
-        if ($page == "") $page = 1;
-        if ($page == "end") $page = ceil($rs->rowCount() / $records_per_page);
+        if (empty($page)) $page = 1;
+        if ($page == 'end') $page = $totalPages;
         if (!is_numeric($page) || $page < 1) $page = 1;
         $page = (int)$page;
-        if ($page > ceil($rs->rowCount() / $records_per_page)) {
-            $page = ceil($rs->rowCount() / $records_per_page);
-        }
+        if ($page > $totalPages) $page = $totalPages;
         
-        $start = ($page - 1) * $records_per_page;
-        $tempNum = $start;
+        $offset = ($page - 1) * $pageSize;
+        $sql .= " LIMIT ?, ?";
+        $stmt = $conn->prepare($sql);
+        $stmt->bind_param("sii", $searchTerm, $offset, $pageSize);
+        $stmt->execute();
+        $result = $stmt->get_result();
         
-        $count = 0;
-        while ($row = $rs->fetch()) {
-            $count++;
-            if ($count > $start && $count <= $start + $records_per_page) {
-                $tempNum++;
-    ?>
-                <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
-                    <td align="center"><input type="checkbox" name="chkbox[]" value="<?php echo $row['id']; ?>" /></td>
-                    <td align="center"><?php echo $tempNum; ?></td>
-                    <td align="center"><?php echo $row['ch_name']; ?></td>
-                    <td align="center">
-                        <a href="?Keys=<?php echo $keys; ?>&Ord=<?php echo $ord; ?>&Page=<?php echo $page; ?>&act=edit&id=<?php echo $row['id']; ?>" class="ico_edit ico">修改</a>
-                    </td>
-                </tr>
-    <?php
-            }
+        $tempNum = $pageSize * ($page - 1);
+        
+        while ($row = $result->fetch_assoc()) {
+            $tempNum++;
+            ?>
+            <tr onMouseOver="this.style.background='#F7FCFF'" onMouseOut="this.style.background='#FFFFFF'">
+                <td align="center"><input type="checkbox" name="chkbox[]" value="<?php echo $row['id']; ?>" /></td>
+                <td align="center"><?php echo $tempNum; ?></td>
+                <td align="center"><?php echo $row['ch_name']; ?></td>
+                <td align="center"><a href="?Keys=<?php echo $keys; ?>&Ord=<?php echo $ord; ?>&Page=<?php echo $page; ?>&act=edit&id=<?php echo $row['id']; ?>" class="ico_edit ico">修改</a></td>
+            </tr>
+            <?php
         }
     } else {
-        if ($keys == "") {
-    ?>
+        if (empty($keys)) {
+            ?>
             <tr>
                 <td align="center" colspan="4">Sorry，当前暂无信息</td>
             </tr>
-    <?php
+            <?php
         } else {
-    ?>
+            ?>
             <tr>
                 <td align="center" colspan="4"><a href="?">Sorry，没有找到"<?php echo $keyscode; ?>"相关的信息，点击返回</a></td>
             </tr>
-    <?php
+            <?php
         }
     }
     ?>
@@ -198,61 +205,58 @@ $hrefstr = "?keys=" . $keys;
             <td colspan="4">
                 <div class="showpagebox">
                 <?php
-                if ($rs->rowCount() > 0) {
-                    $total_pages = ceil($rs->rowCount() / $records_per_page);
-                    if ($total_pages > 1) {
-                        $pageName = "?Keys=" . $keys . "&Ord=" . $ord . "&";
-                        $pagelen = 3;
-
-                        if ($page > 1) {
-                            echo "<a href=\"{$pageName}Page=1\">首页</a>";
-                            echo "<a href=\"{$pageName}Page=" . ($page-1) . "\">上一页</a>";
-                        }
-
-                        if ($pagelen * 2 + 1 >= $total_pages) {
+                if ($totalPages > 1) {
+                    $pageName = "?Keys=$keys&Ord=$ord&";
+                    $pageLen = 3;
+                    
+                    if ($page > 1) {
+                        echo "<a href=\"{$pageName}Page=1\">首页</a>";
+                        echo "<a href=\"{$pageName}Page=" . ($page-1) . "\">上一页</a>";
+                    }
+                    
+                    if ($pageLen * 2 + 1 >= $totalPages) {
+                        $startPage = 1;
+                        $endPage = $totalPages;
+                    } else {
+                        if ($page <= $pageLen + 1) {
                             $startPage = 1;
-                            $endPage = $total_pages;
+                            $endPage = $pageLen * 2 + 1;
                         } else {
-                            if ($page <= $pagelen + 1) {
-                                $startPage = 1;
-                                $endPage = $pagelen * 2 + 1;
-                            } else {
-                                $startPage = $page - $pagelen;
-                                $endPage = $page + $pagelen;
-                            }
-                            if ($page + $pagelen > $total_pages) {
-                                $startPage = $total_pages - $pagelen * 2;
-                                $endPage = $total_pages;
-                            }
+                            $startPage = $page - $pageLen;
+                            $endPage = $page + $pageLen;
                         }
-
-                        for ($i = $startPage; $i <= $endPage; $i++) {
-                            if ($i == $page) {
-                                echo "<a class=\"current\">$i</a>";
-                            } else {
-                                echo "<a href=\"{$pageName}Page=$i\">$i</a>";
-                            }
+                        if ($page + $pageLen > $totalPages) {
+                            $startPage = $totalPages - $pageLen * 2;
+                            $endPage = $totalPages;
                         }
-
-                        if ($page < $total_pages) {
-                            if ($total_pages - $page > $pagelen) {
-                                echo "<a href=\"{$pageName}Page=$total_pages\">...$total_pages</a>";
-                            }
-                            echo "<a href=\"{$pageName}Page=" . ($page+1) . "\">下一页</a>";
-                            echo "<a href=\"{$pageName}Page=$total_pages\">尾页</a>";
+                    }
+                    
+                    for ($i = $startPage; $i <= $endPage; $i++) {
+                        if ($i == $page) {
+                            echo "<a class=\"current\">$i</a>";
+                        } else {
+                            echo "<a href=\"{$pageName}Page=$i\">$i</a>";
                         }
-
-                        echo "<input type=\"text\" id=\"Pagego\" value=\"$page\" onFocus=\"if(this.value == '$page'){this.value='';};\" onBlur=\"if(this.value == ''){this.value='$page';}\" onKeyUp=\"this.value=this.value.replace(/\D/g,'')\" onKeyDown=\"if(event.keyCode==13){location.href='{$pageName}Page='+document.getElementById('Pagego').value}\" />";
                     }
+                    
+                    if ($page < $totalPages) {
+                        if ($totalPages - $page > $pageLen) {
+                            echo "<a href=\"{$pageName}Page=$totalPages\">...$totalPages</a>";
+                        }
+                        echo "<a href=\"{$pageName}Page=" . ($page+1) . "\">下一页</a>";
+                        echo "<a href=\"{$pageName}Page=$totalPages\">尾页</a>";
+                    }
+                    
+                    echo "<input type=\"text\" id=\"Pagego\" value=\"$page\" onFocus=\"if(this.value == '$page'){this.value='';};\" onBlur=\"if(this.value == ''){this.value='$page';}\" onKeyUp=\"this.value=this.value.replace(/\\D/g,'')\" onKeyDown=\"if(event.keyCode==13){location.href='{$pageName}Page='+document.getElementById('Pagego').value}\" />";
                 }
                 ?>
                 </div>
                 <div class="searchbox">
-                    <input type="text" id="keys" value="<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>" 
-                           onFocus="if(this.value == '<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>'){this.value='';}" 
-                           onBlur="if(this.value == ''){this.value='<?php echo ($keyscode == "") ? "请输入搜索关键词" : $keyscode; ?>';}" 
-                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+escape(document.getElementById('keys').value)}" />
-                    <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+escape(document.getElementById('keys').value)" />
+                    <input type="text" id="keys" value="<?php echo empty($keyscode) ? '请输入搜索关键词' : $keyscode; ?>" 
+                           onFocus="if(this.value == '<?php echo empty($keyscode) ? '请输入搜索关键词' : $keyscode; ?>'){this.value='';}" 
+                           onBlur="if(this.value == ''){this.value='<?php echo empty($keyscode) ? '请输入搜索关键词' : $keyscode; ?>';}" 
+                           onKeyDown="if(event.keyCode==13){location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)}" />
+                    <input type="button" id="searchgo" value="go" onClick="location.href='?Keys='+encodeURIComponent(document.getElementById('keys').value)" />
                 </div>
                 <div class="postchkbox">
                     <select id="chkact" name="chkact">