我已更改 中的magento代码C:\ xampp \ htdocs \ magento \ app \ design \ frontend \ mypackage \ mytheme \ template \ catalog \ product \ list.phtml C:\ xampp \ htdocs \ magento \ app \ design \ frontend \ mypackage \ mytheme \ template \ catalog \ product \ price.phtmlMagento隐藏购物篮和价格注入
仅在用户登录时才显示价格并且隐藏购物篮按钮和价格当一个产品0.00价格 我的问题是,我不希望用户使用注入方法绕过这个,所以我的问题是我的代码vurnerable到SQL注入?
<!-- To hide price if price is 0 if not display the details -->
<?php if($_product->price==0): ?>
<?php echo ''; ?>
<?php else: ?>
<?php echo $this->getPriceHtml($_product, true) ?>
<?php endif; ?>
<div class="actions">
<!-- To hide the shopping basket -->
<?php if (Mage::getSingleton('customer/session')->isLoggedIn()): ?>
<?php if($_product->isSaleable() && ($_product->price>0)): ?>
<button type="button" title="<?php echo $this->__('Add to Cart') ?>" class="button btn-cart" onclick="setLocation('<?php echo $this->getAddToCartUrl($_product) ?>')"><span><span><?php echo $this->__('Add to Cart') ?></span></span></button>
<?php else: ?>
<p class="availability out-of-stock"><span><?php echo $this->__('Auf anfrage') ?></span></p>
<?php endif; ?>
<!-- if they are not logged in then -->
<?php else: ?>
<p class="nurfuer"><span><?php echo 'only for registered users'?></span></p>
<p class="nurfuer"><span><?php echo 'please register'?></span></p>
<?php endif; ?>
,并在price.phtml文件我添加
<?php if (Mage::getSingleton('customer/session')->isLoggedIn()) { ?>
and at the end of the file
<?php } ?>