dedecms v5.7 最新注入　０ｄａｙ

}elseif ($dopost == 'save'){

    if(isset($mtypeidarr) && is_array($mtypeidarr))

    {

        $delids = '0';

        $mtypeidarr = array_filter($mtypeidarr, 'is_numeric');

        foreach($mtypeidarr as $delid)

        {

            $delids .= ','.$delid;

            unset($groupname[$delid]);

        }

        $query = "DELETE FROM `#@__member_group` WHERE id in ($delids) AND mid='$cfg_ml->M_ID'";

        $dsql->ExecNoneQuery($query);

        $sql="SELECT id FROM `#@__member_friends` WHERE groupid in ($delids) AND mid='$cfg_ml->M_ID'";

        $db->SetQuery($sql);

        $db->Execute();

        while($row = $db->GetArray())

        {

            $query2 = "UPDATE `#@__member_friends` SET groupid='1' WHERE id='{$row['id']}' AND mid='$cfg_ml->M_ID'";

            $dsql->ExecNoneQuery($query2);

        }

    }

    foreach ($groupname as $id => $name)

    {

        $name = HtmlReplace($name);

                echo $id.'\n\n';

        $query = "UPDATE `#@__member_group` SET groupname='$name' WHERE id='$id' AND mid='$cfg_ml->M_ID'";

                echo $query;

                exit;

        $dsql->ExecuteNoneQuery($query);

    }