WooYun.org

//#####################@ 商品列表 @#####################//
	case 'list':
		$category_id = intval($id);
		$info = $db->pe_select('category', array('category_id'=>$category_id));
		//搜索
		$sqlwhere = " and `product_state` = 1";
		pe_lead('hook/category.hook.php');
		if ($category_id) {
			$sqlwhere .= is_array($category_cidarr = category_cidarr($category_id)) ? " and `category_id` in('".implode("','", $category_cidarr)."')" : " and `category_id` = '{$category_id}'";
		}
		$_g_keyword && $sqlwhere .= " and `product_name` like '%".pe_dbhold($_g_keyword)."%'";
		if ($_g_orderby) {
			$orderby = explode('_', $_g_orderby);//将参数分割
			$sqlwhere .= " order by `product_{$orderby[0]}` {$orderby[1]}";//将分割后的参数直接带入
		}
		else {
			$sqlwhere .= " order by `product_id` desc";
		}
		$info_list = $db->pe_selectall('product', $sqlwhere, '*', array(16, $_g_page));//进入sql语句
		//热卖排行
		$product_hotlist = product_hotlist();
		//当前路径
		$nowpath = category_path($category_id);
		$seo = pe_seo($info['category_name']);
		include(pe_tpl('product_list.html'));
	break;

public function pe_selectall($table, $where = '', $field = '*', $limit_page = array())
	{
		//处理条件语句
		$sqlwhere = $this->_dowhere($where);
		return $this->sql_selectall("select {$field} from `".dbpre."{$table}` {$sqlwhere}", $limit_page);
	}
protected function _dowhere($where)
	{
		if (is_array($where)) {
			foreach ($where as $k => $v) {
				if (is_array($v)) {
					$where_arr[] = "`{$k}` in('".implode("','", $v)."')";			
				}
				else {
					in_array($k, array('order by', 'group by')) ? ($sqlby = " {$k} {$v}") : ($where_arr[] = "`{$k}` = '{$v}'");
				}
			}
			$sqlwhere = is_array($where_arr) ? 'where '.implode($where_arr, ' and ').$sqlby : $sqlby;
		}
		else {
			$where && $sqlwhere = (stripos(trim($where), 'order by') === 0 or stripos(trim($where), 'group by') === 0) ? "{$where}" : "where 1 {$where}";
		}
		return $sqlwhere;
	}