我已更改 中的magento代碼C:\ xampp \ htdocs \ magento \ app \ design \ frontend \ mypackage \ mytheme \ template \ catalog \ product \ list.phtml C:\ xampp \ htdocs \ magento \ app \ design \ frontend \ mypackage \ mytheme \ template \ catalog \ product \ price.phtmlMagento隱藏購物籃和價格注入
僅在用戶登錄時才顯示價格並且隱藏購物籃按鈕和價格當一個產品0.00價格 我的問題是,我不希望用戶使用注入方法繞過這個,所以我的問題是我的代碼vurnerable到SQL注入?
<!-- To hide price if price is 0 if not display the details -->
<?php if($_product->price==0): ?>
<?php echo ''; ?>
<?php else: ?>
<?php echo $this->getPriceHtml($_product, true) ?>
<?php endif; ?>
<div class="actions">
<!-- To hide the shopping basket -->
<?php if (Mage::getSingleton('customer/session')->isLoggedIn()): ?>
<?php if($_product->isSaleable() && ($_product->price>0)): ?>
<button type="button" title="<?php echo $this->__('Add to Cart') ?>" class="button btn-cart" onclick="setLocation('<?php echo $this->getAddToCartUrl($_product) ?>')"><span><span><?php echo $this->__('Add to Cart') ?></span></span></button>
<?php else: ?>
<p class="availability out-of-stock"><span><?php echo $this->__('Auf anfrage') ?></span></p>
<?php endif; ?>
<!-- if they are not logged in then -->
<?php else: ?>
<p class="nurfuer"><span><?php echo 'only for registered users'?></span></p>
<p class="nurfuer"><span><?php echo 'please register'?></span></p>
<?php endif; ?>
,並在price.phtml文件我添加
<?php if (Mage::getSingleton('customer/session')->isLoggedIn()) { ?>
and at the end of the file
<?php } ?>