Zou iemand mij kunnen vertellen,
waarom deze code gevoelig is voor malware, althans die van stopbadmalware.org
<?php
Class Succes {
function __construct(){
}
public static function renderBranceSelect(){
$html = 'test';
$result = Db::sql_select("SELECT * FROM successen_branche WHERE actief='1' ORDER BY volgorde_nr");
$option_list= '<option value="">kies een branche</option>';
for($i=0;$i<mysql_num_rows($result);$i++){
// if($cat_id == mysql_result($result,$i,"id") ){
// $class = 'class="sel"';
//}
$option_list.=
'<option value="' . mysql_result($result,$i,"id") . '">'
. mysql_result($result,$i,"naam") .
'</option>'
;
}
$html =
'<div style="float:left;width:200px;oveflow:hidden;margin-right:10px;margin-left:10px;">
<div style="font-size:15px;font-weight:bold;">Branche</div>
<br>
<select onchange="renderKlanten()" style="width:200px;" id="branche-select">'
. $option_list .
'</select>
</div>'
;
return $html;
}
public static function getKlantenList($branche_id = false){
$disabled= 'disabled="disabled"';
if($branche_id){
$b_result = Db::sql_select("SELECT * FROM successen_branche WHERE id= '" .$branche_id ."'");
$result = Db::sql_select("SELECT * FROM klanten WHERE actief= '1' AND branche ='". mysql_result($b_result,0,'naam') ."' ORDER BY naam ASC");
$disabled= '';
}
$option_list = '<option value="">kies een opdrachtgever</option>';
if(isset($result)){
for($i=0;$i<mysql_num_rows($result);$i++){
$option_list.=
'<option value="' . mysql_result($result,$i,"id") . '">'
. mysql_result($result,$i,"naam") .
'</option>'
;
}
}
$html =
'<div style="float:left;width:200px;oveflow:hidden;">
<div style="font-size:15px;font-weight:bold;">Opdrachtgevers</div><br>
<select '. $disabled .' onchange="renderSuccessen();" style="width:200px;" id="opdrachtgever-select">'
. $option_list .
'</select>
</div>'
;
return $html;
}
public static function getSuccessenList($klant_id = false){
if((!$klant_id)||($klant_id == '')){
return '';
}
if($klant_id == '*'){
$result = Db::sql_select("SELECT * FROM successen WHERE actief= '1' ORDER BY omschrijving ASC");
}else {
$s_arr = Db::column_to_array("gekoppelde_object_id",Db::sql_select("SELECT * FROM cms_koppelingen_data WHERE list_id = '1' AND gekoppelde_list_id ='5' AND object_id = '" .$klant_id ."'"));
$sql_id_str = implode("' OR id='",$s_arr);
//var_dump("SELECT * FROM successen WHERE actief= '1' AND id='". $sql_id_str ."' ORDER BY omschrijving ASC");
$result = Db::sql_select("SELECT * FROM successen WHERE actief= '1' AND id='". $sql_id_str ."' ORDER BY omschrijving ASC");
}
$list = '';
if(mysql_num_rows($result) == 0){
$list .= '<li>Geen successen</li>';
}else {
for($i=0;$i<mysql_num_rows($result);$i++){
$list .= '<li>' .Tekst::remove_tag('p',mysql_result($result,$i,"omschrijving")) .'</li>';
}
}
$html =
'<div style="font-size:15px;font-weight:bold;margin-bot">Successen</div><ul>'
. $list .
'</ul>'
;
return $html;
}
}
?>
Wat kan hieraan verbeterd worden?
