글제목 문자열 자르기 오류를 이용한 sql injection 방지

2014-07-18 09:36:57 +09:00
parent 9d8a776bd9
commit 414b954b92
1 changed files with 1 additions and 0 deletions
--- a/bbs/write_update.php
+++ b/bbs/write_update.php
@ -10,6 +10,7 @@ $msg = array();
 $wr_subject = '';
 if (isset($_POST['wr_subject'])) {
    $wr_subject = substr(trim($_POST['wr_subject']),0,255);
+    $wr_subject = preg_replace("#[\\\]+$#", "", $wr_subject);
 }
 if ($wr_subject == '') {
    $msg[] = '<strong>제목</strong>을 입력하세요.';