firstgarden/firstgarden-web-gnu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

따옴표 수정

Browse Source
This commit is contained in:
chicpro
2013-01-15 18:08:58 +09:00
parent 50872e1abc
commit 7ae8f47d55
1 changed files with 70 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
bbs/move_update.php
View File

@ -21,11 +21,11 @@ $cnt = 0;
// SQL Injection 으로 인한 코드 보완 // SQL Injection 으로 인한 코드 보완
//$sql = " select distinct wr_num from {$write_table} where wr_id in (" . stripslashes($wr_id_list) . ") order by wr_id "; //$sql = " select distinct wr_num from {$write_table} where wr_id in (" . stripslashes($wr_id_list) . ") order by wr_id ";
$sql = " select distinct wr_num from {$write_table} where wr_id in ({$wr_id_list}) order by wr_id "; $sql = " select distinct wr_num from $write_table where wr_id in ({$wr_id_list}) order by wr_id ";
$result = sql_query($sql); $result = sql_query($sql);
while ($row = sql_fetch_array($result)) while ($row = sql_fetch_array($result))
{ {
$wr_num = $row[wr_num]; $wr_num = $row['wr_num'];
for ($i=0; $i<count($_POST['chk_bo_table']); $i++) for ($i=0; $i<count($_POST['chk_bo_table']); $i++)
{ {
$move_bo_table = $_POST['chk_bo_table'][$i]; $move_bo_table = $_POST['chk_bo_table'][$i];
@ -40,86 +40,86 @@ while ($row = sql_fetch_array($result))
$next_wr_num = get_next_num($move_write_table); $next_wr_num = get_next_num($move_write_table);
//$sql2 = " select * from {$write_table} where wr_num = '{$wr_num}' order by wr_parent, wr_comment desc, wr_id "; //$sql2 = " select * from {$write_table} where wr_num = '{$wr_num}' order by wr_parent, wr_comment desc, wr_id ";
$sql2 = " select * from {$write_table} where wr_num = '{$wr_num}' order by wr_parent, wr_is_comment, wr_comment desc, wr_id "; $sql2 = " select * from $write_table where wr_num = '$wr_num' order by wr_parent, wr_is_comment, wr_comment desc, wr_id ";
$result2 = sql_query($sql2); $result2 = sql_query($sql2);
while ($row2 = sql_fetch_array($result2)) while ($row2 = sql_fetch_array($result2))
{ {
$nick = cut_str($member[mb_nick], $config[cf_cut_name]); $nick = cut_str($member['mb_nick'], $config['cf_cut_name']);
if (!$row2[wr_is_comment] && $config[cf_use_copy_log]) if (!$row2['wr_is_comment'] && $config['cf_use_copy_log'])
$row2[wr_content] .= PHP_EOL.'[이 게시물은 '.$nick.'님에 의해 '.$g4[time_ymdhis].' '.$board[bo_subject].'에서 '.($sw == 'copy' ? '복사' : '이동').' 됨]'; $row2['wr_content'] .= "\n".'[이 게시물은 '.$nick.'님에 의해 '.$g4['time_ymdhis'].' '.$board['bo_subject'].'에서 '.($sw == 'copy' ? '복사' : '이동').' 됨]';
$sql = " insert into $move_write_table $sql = " insert into $move_write_table
set wr_num = '$next_wr_num', set wr_num = '$next_wr_num',
wr_reply = '$row2[wr_reply]', wr_reply = '{$row2['wr_reply']}',
wr_is_comment = '$row2[wr_is_comment]', wr_is_comment = '{$row2['wr_is_comment']}',
wr_comment = '$row2[wr_comment]', wr_comment = '{$row2['wr_comment']}',
wr_comment_reply = '$row2[wr_comment_reply]', wr_comment_reply = '{$row2['wr_comment_reply']}',
ca_name = '".addslashes($row2[ca_name])."', ca_name = '".addslashes($row2['ca_name'])."',
wr_option = '$row2[wr_option]', wr_option = '{$row2['wr_option']}',
wr_subject = '".addslashes($row2[wr_subject])."', wr_subject = '".addslashes($row2['wr_subject'])."',
wr_content = '".addslashes($row2[wr_content])."', wr_content = '".addslashes($row2['wr_content'])."',
wr_link1 = '".addslashes($row2[wr_link1])."', wr_link1 = '".addslashes($row2['wr_link1'])."',
wr_link2 = '".addslashes($row2[wr_link2])."', wr_link2 = '".addslashes($row2['wr_link2'])."',
wr_link1_hit = '$row2[wr_link1_hit]', wr_link1_hit = '{$row2['wr_link1_hit']}',
wr_link2_hit = '$row2[wr_link2_hit]', wr_link2_hit = '{$row2['wr_link2_hit']}',
wr_hit = '$row2[wr_hit]', wr_hit = '{$row2['wr_hit']}',
wr_good = '$row2[wr_good]', wr_good = '{$row2['wr_good']}',
wr_nogood = '$row2[wr_nogood]', wr_nogood = '{$row2['wr_nogood']}',
mb_id = '$row2[mb_id]', mb_id = '{$row2['mb_id']}',
wr_password = '$row2[wr_password]', wr_password = '{$row2['wr_password']}',
wr_name = '".addslashes($row2[wr_name])."', wr_name = '".addslashes($row2['wr_name'])."',
wr_email = '".addslashes($row2[wr_email])."', wr_email = '".addslashes($row2['wr_email'])."',
wr_homepage = '".addslashes($row2[wr_homepage])."', wr_homepage = '".addslashes($row2['wr_homepage'])."',
wr_datetime = '$row2[wr_datetime]', wr_datetime = '{$row2['wr_datetime']}',
wr_last = '$row2[wr_last]', wr_last = '{$row2['wr_last']}',
wr_ip = '$row2[wr_ip]', wr_ip = '{$row2['wr_ip']}',
wr_1 = '".addslashes($row2[wr_1])."', wr_1 = '".addslashes($row2['wr_1'])."',
wr_2 = '".addslashes($row2[wr_2])."', wr_2 = '".addslashes($row2['wr_2'])."',
wr_3 = '".addslashes($row2[wr_3])."', wr_3 = '".addslashes($row2['wr_3'])."',
wr_4 = '".addslashes($row2[wr_4])."', wr_4 = '".addslashes($row2['wr_4'])."',
wr_5 = '".addslashes($row2[wr_5])."', wr_5 = '".addslashes($row2['wr_5'])."',
wr_6 = '".addslashes($row2[wr_6])."', wr_6 = '".addslashes($row2['wr_6'])."',
wr_7 = '".addslashes($row2[wr_7])."', wr_7 = '".addslashes($row2['wr_7'])."',
wr_8 = '".addslashes($row2[wr_8])."', wr_8 = '".addslashes($row2['wr_8'])."',
wr_9 = '".addslashes($row2[wr_9])."', wr_9 = '".addslashes($row2['wr_9'])."',
wr_10 = '".addslashes($row2[wr_10])."' "; wr_10 = '".addslashes($row2['wr_10'])."' ";
sql_query($sql); sql_query($sql);
$insert_id = mysql_insert_id(); $insert_id = mysql_insert_id();
// 코멘트가 아니라면 // 코멘트가 아니라면
if (!$row2[wr_is_comment]) if (!$row2['wr_is_comment'])
{ {
$save_parent = $insert_id; $save_parent = $insert_id;
$sql3 = " select * from {$g4[board_file_table]} where bo_table = '{$bo_table}' and wr_id = '{$row2[wr_id]}' order by bf_no "; $sql3 = " select * from {$g4['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$row2['wr_id']}' order by bf_no ";
$result3 = sql_query($sql3); $result3 = sql_query($sql3);
for ($k=0; $row3 = sql_fetch_array($result3); $k++) for ($k=0; $row3 = sql_fetch_array($result3); $k++)
{ {
if ($row3[bf_file]) if ($row3['bf_file'])
{ {
// 원본파일을 복사하고 퍼미션을 변경 // 원본파일을 복사하고 퍼미션을 변경
@copy($src_dir.'/'.$row3[bf_file], $dst_dir.'/'.$row3[bf_file]); @copy($src_dir.'/'.$row3['bf_file'], $dst_dir.'/'.$row3['bf_file']);
@chmod($dst_dir/$row3[bf_file], 0606); @chmod($dst_dir/$row3['bf_file]', 0606);
} }
$sql = " insert into $g4[board_file_table] $sql = " insert into {$g4['board_file_table']}
set bo_table = '$move_bo_table', set bo_table = '$move_bo_table',
wr_id = '$insert_id', wr_id = '$insert_id',
bf_no = '$row3[bf_no]', bf_no = '{$row3['bf_no']}',
bf_source = '$row3[bf_source]', bf_source = '{$row3['bf_source']}',
bf_file = '$row3[bf_file]', bf_file = '{$row3['bf_file']}',
bf_download = '$row3[bf_download]', bf_download = '{$row3['bf_download']}',
bf_content = '".addslashes($row3[bf_content])."', bf_content = '".addslashes($row3['bf_content'])."',
bf_filesize = '$row3[bf_filesize]', bf_filesize = '{$row3['bf_filesize']}',
bf_width = '$row3[bf_width]', bf_width = '{$row3['bf_width']}',
bf_height = '$row3[bf_height]', bf_height = '{$row3['bf_height']}',
bf_type = '$row3[bf_type]', bf_type = '{$row3['bf_type']}',
bf_datetime = '$row3[bf_datetime]' "; bf_datetime = '{$row3['bf_datetime']}' ";
sql_query($sql); sql_query($sql);
if ($sw == 'move' && $row3[bf_file]) if ($sw == 'move' && $row3['bf_file'])
$save[$cnt][bf_file][$k] = $src_dir.'/'.$row3[bf_file]; $save[$cnt]['bf_file'][$k] = $src_dir.'/'.$row3['bf_file'];
} }
$count_write++; $count_write++;
@ -127,10 +127,10 @@ while ($row = sql_fetch_array($result))
if ($sw == 'move' && $i == 0) if ($sw == 'move' && $i == 0)
{ {
// 스크랩 이동 // 스크랩 이동
sql_query(" update {$g4[scrap_table]} set bo_table = '{$move_bo_table}', wr_id = '{$save_parent}' where bo_table = '{$bo_table}' and wr_id = '{$row2[wr_id]}' "); sql_query(" update {$g4['scrap_table']} set bo_table = '$move_bo_table', wr_id = '$save_parent' where bo_table = '$bo_table' and wr_id = '{$row2['wr_id']}' ");
// 최신글 이동 // 최신글 이동
sql_query(" update {$g4[board_new_table]} set bo_table = '{$move_bo_table}', wr_id = '{$save_parent}', wr_parent = '{$save_parent}' where bo_table = '{$bo_table}' and wr_id = '{$row2[wr_id]}' "); sql_query(" update {$g4['board_new_table']} set bo_table = '$move_bo_table', wr_id = '$save_parent', wr_parent = '$save_parent' where bo_table = '$bo_table' and wr_id = '{$row2['wr_id']}' ");
} }
} }
else else
@ -140,21 +140,21 @@ while ($row = sql_fetch_array($result))
if ($sw == 'move') if ($sw == 'move')
{ {
// 최신글 이동 // 최신글 이동
sql_query(" update {$g4[board_new_table]} set bo_table = '{$move_bo_table}', wr_id = '{$insert_id}', wr_parent = '{$save_parent}' where bo_table = '{$bo_table}' and wr_id = '{$row2[wr_id]}' "); sql_query(" update {$g4['board_new_table']} set bo_table = '$move_bo_table', wr_id = '$insert_id', wr_parent = '$save_parent' where bo_table = '$bo_table' and wr_id = '{$row2['wr_id']}' ");
} }
} }
sql_query(" update {$move_write_table} set wr_parent = '{$save_parent}' where wr_id = '{$insert_id}' "); sql_query(" update $move_write_table set wr_parent = '$save_parent' where wr_id = '$insert_id' ");
if ($sw == 'move') if ($sw == 'move')
$save[$cnt][wr_id] = $row2[wr_parent]; $save[$cnt]['wr_id'] = $row2['wr_parent'];
$cnt++; $cnt++;
} }
sql_query(" update {$g4[board_table]} set bo_count_write = bo_count_write + '{$count_write}' where bo_table = '{$move_bo_table}' "); sql_query(" update {$g4['board_table']} set bo_count_write = bo_count_write + '$count_write' where bo_table = '$move_bo_table' ");
sql_query(" update {$g4[board_table]} set bo_count_comment = bo_count_comment + '{$count_comment}' where bo_table = '{$move_bo_table}' "); sql_query(" update {$g4['board_table']} set bo_count_comment = bo_count_comment + '$count_comment' where bo_table = '$move_bo_table' ");
} }
$save_count_write += $count_write; $save_count_write += $count_write;
@ -165,14 +165,14 @@ if ($sw == "move")
{ {
for ($i=0; $i<count($save); $i++) for ($i=0; $i<count($save); $i++)
{ {
for ($k=0; $k<count($save[$i][bf_file]); $k++) for ($k=0; $k<count($save[$i]['bf_file']); $k++)
@unlink($save[$i][bf_file][$k]); @unlink($save[$i]['bf_file'][$k]);
sql_query(" delete from {$write_table} where wr_parent = '{$save[$i][wr_id]}' "); sql_query(" delete from $write_table where wr_parent = '{$save[$i]['wr_id']}' ");
sql_query(" delete from {$g4[board_new_table]} where bo_table = '{$bo_table}' and wr_id = '{$save[$i][wr_id]}' "); sql_query(" delete from {$g4['board_new_table']} where bo_table = '$bo_table' and wr_id = '{$save[$i]['wr_id']}' ");
sql_query(" delete from {$g4[board_file_table]} where bo_table = '{$bo_table}' and wr_id = '{$save[$i][wr_id]}' "); sql_query(" delete from {$g4['board_file_table']} where bo_table = '$bo_table' and wr_id = '{$save[$i]['wr_id']}' ");
} }
sql_query(" update {$g4[board_table]} set bo_count_write = bo_count_write - '{$save_count_write}', bo_count_comment = bo_count_comment - '{$save_count_comment}' where bo_table = '{$bo_table}' "); sql_query(" update {$g4['board_table']} set bo_count_write = bo_count_write - '$save_count_write', bo_count_comment = bo_count_comment - '$save_count_comment' where bo_table = '$bo_table' ");
} }
$msg = '해당 게시물을 선택한 게시판으로 '.$act.' 하였습니다.'; $msg = '해당 게시물을 선택한 게시판으로 '.$act.' 하였습니다.';