blind sql injection 대응 코드 수정

2014-03-21 10:18:47 +09:00
parent e9e1f9713f
commit 1e84bc6f1d
2 changed files with 11 additions and 5 deletions
--- a/common.php
+++ b/common.php
@ -80,10 +80,10 @@ if (file_exists($dbconfig_file)) {
    }

    // sql_escape_string 적용
-    $_POST    = array_map_deep('sql_escape_string', $_POST);
-    $_GET     = array_map_deep('sql_escape_string', $_GET);
-    $_COOKIE  = array_map_deep('sql_escape_string', $_COOKIE);
-    $_REQUEST = array_map_deep('sql_escape_string', $_REQUEST);
+    $_POST    = array_map_deep(G5_ESCAPE_FUNCTION,  $_POST);
+    $_GET     = array_map_deep(G5_ESCAPE_FUNCTION,  $_GET);
+    $_COOKIE  = array_map_deep(G5_ESCAPE_FUNCTION,  $_COOKIE);
+    $_REQUEST = array_map_deep(G5_ESCAPE_FUNCTION,  $_REQUEST);
    //==============================================================================

    // PHP 4.1.0 부터 지원됨