diff --git a/adm/contentlist.php b/adm/contentlist.php index 7f8ce87ca..bdd929bb9 100644 --- a/adm/contentlist.php +++ b/adm/contentlist.php @@ -69,7 +69,7 @@ $result = sql_query($sql); - diff --git a/adm/faqformupdate.php b/adm/faqformupdate.php index 722a6c3a4..723850c95 100644 --- a/adm/faqformupdate.php +++ b/adm/faqformupdate.php @@ -21,7 +21,7 @@ if ($w == "") $sql_common "; sql_query($sql); - $fa_id = mysql_insert_id(); + $fa_id = sql_insert_id(); } else if ($w == "u") { diff --git a/adm/faqmasterformupdate.php b/adm/faqmasterformupdate.php index f6987d795..d86e0eed4 100644 --- a/adm/faqmasterformupdate.php +++ b/adm/faqmasterformupdate.php @@ -31,7 +31,7 @@ if ($w == "") $sql = " insert {$g5['faq_master_table']} $sql_common "; sql_query($sql); - $fm_id = mysql_insert_id(); + $fm_id = sql_insert_id(); } else if ($w == "u") { diff --git a/adm/faqmasterlist.php b/adm/faqmasterlist.php index c21ea47e2..c60c5accb 100644 --- a/adm/faqmasterlist.php +++ b/adm/faqmasterlist.php @@ -93,7 +93,7 @@ $result = sql_query($sql); - 미리보기'; $num = number_format($total_count - ($page - 1) * $config['cf_page_rows'] - $i); diff --git a/adm/newwinformupdate.php b/adm/newwinformupdate.php index e5fd4a6fc..2b2dce60e 100644 --- a/adm/newwinformupdate.php +++ b/adm/newwinformupdate.php @@ -28,7 +28,7 @@ if($w == "") $sql = " insert {$g5['new_win_table']} set $sql_common "; sql_query($sql); - $nw_id = mysql_insert_id(); + $nw_id = sql_insert_id(); } else if ($w == "u") { diff --git a/adm/newwinlist.php b/adm/newwinlist.php index ecc1217db..bdbc3beb0 100644 --- a/adm/newwinlist.php +++ b/adm/newwinlist.php @@ -71,7 +71,7 @@ $result = sql_query($sql); " . $sql); +sql_query($sql) or die(mysqli_error() . "

" . $sql); echo ""; flush(); usleep(50000); diff --git a/adm/sms_admin/sms_write.php b/adm/sms_admin/sms_write.php index c9092bfbd..b63d3dd71 100644 --- a/adm/sms_admin/sms_write.php +++ b/adm/sms_admin/sms_write.php @@ -532,7 +532,7 @@ if ($wr_no) // 회원목록 $sql = " select * from {$g5['sms5_history_table']} where wr_no = '$wr_no' and bk_no > 0 "; $qry = sql_query($sql); - $tot = mysql_num_rows($qry); + $tot = sql_num_rows($qry); if ($tot > 0) { @@ -550,7 +550,7 @@ if ($wr_no) // 비회원 목록 $sql = " select * from {$g5['sms5_history_table']} where wr_no = '$wr_no' and bk_no = 0 "; $qry = sql_query($sql); - $tot = mysql_num_rows($qry); + $tot = sql_num_rows($qry); if ($tot > 0) { diff --git a/bbs/list.php b/bbs/list.php index b756bb03c..3fab5acfa 100644 --- a/bbs/list.php +++ b/bbs/list.php @@ -53,7 +53,7 @@ if ($sca || $stx) { /* $sql = " select distinct wr_parent from {$write_table} where {$sql_search} "; $result = sql_query($sql); - $total_count = mysql_num_rows($result); + $total_count = sql_num_rows($result); */ } else { $sql_search = ""; diff --git a/bbs/move_update.php b/bbs/move_update.php index bfaf54bcf..e3919905f 100644 --- a/bbs/move_update.php +++ b/bbs/move_update.php @@ -99,7 +99,7 @@ while ($row = sql_fetch_array($result)) wr_10 = '".addslashes($row2['wr_10'])."' "; sql_query($sql); - $insert_id = mysql_insert_id(); + $insert_id = sql_insert_id(); // 코멘트가 아니라면 if (!$row2['wr_is_comment']) diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index 5b5c6c422..a58255b09 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -244,7 +244,7 @@ if($w == '' || $w == 'a' || $w == 'r') { sql_query($sql); if($w == '' || $w == 'r') { - $qa_id = mysql_insert_id(); + $qa_id = sql_insert_id(); if($w == 'r' && $write['qa_related']) { $qa_related = $write['qa_related']; diff --git a/bbs/scrap_popin_update.php b/bbs/scrap_popin_update.php index 0a5ff7394..fdc90f9d2 100644 --- a/bbs/scrap_popin_update.php +++ b/bbs/scrap_popin_update.php @@ -70,7 +70,7 @@ if ($wr_content && ($member['mb_level'] >= $board['bo_comment_level'])) wr_ip = '{$_SERVER['REMOTE_ADDR']}' "; sql_query($sql); - $comment_id = mysql_insert_id(); + $comment_id = sql_insert_id(); // 원글에 코멘트수 증가 sql_query(" update $write_table set wr_comment = wr_comment + 1 where wr_id = '$wr_id' "); diff --git a/bbs/search.php b/bbs/search.php index 0f3fe803b..b9831eb67 100644 --- a/bbs/search.php +++ b/bbs/search.php @@ -120,7 +120,7 @@ if ($stx) { $sql = " select wr_id from {$tmp_write_table} where {$sql_search} "; $result = sql_query($sql, false); - $row['cnt'] = @mysql_num_rows($result); + $row['cnt'] = @sql_num_rows($result); $total_count += $row['cnt']; if ($row['cnt']) { diff --git a/bbs/write_comment_update.php b/bbs/write_comment_update.php index c2fdb67e7..4e93d1556 100644 --- a/bbs/write_comment_update.php +++ b/bbs/write_comment_update.php @@ -167,7 +167,7 @@ if ($w == 'c') // 댓글 입력 wr_10 = '$wr_10' "; sql_query($sql); - $comment_id = mysql_insert_id(); + $comment_id = sql_insert_id(); // 원글에 댓글수 증가 & 마지막 시간 반영 sql_query(" update $write_table set wr_comment = wr_comment + 1, wr_last = '".G5_TIME_YMDHIS."' where wr_id = '$wr_id' "); diff --git a/bbs/write_update.php b/bbs/write_update.php index e70f57e6c..5310d2e16 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -244,7 +244,7 @@ if ($w == '' || $w == 'r') { wr_10 = '$wr_10' "; sql_query($sql); - $wr_id = mysql_insert_id(); + $wr_id = sql_insert_id(); // 부모 아이디에 UPDATE sql_query(" update $write_table set wr_parent = '$wr_id' where wr_id = '$wr_id' "); diff --git a/common.php b/common.php index b2b1d1ca7..f46cc542c 100644 --- a/common.php +++ b/common.php @@ -135,7 +135,7 @@ if (file_exists($dbconfig_file)) { // mysql connect resource $g5 배열에 저장 - 명랑폐인님 제안 $g5['connect_db'] = $connect_db; - sql_query(" set names utf8 "); + sql_set_charset('utf8', $connect_db); if(defined('G5_MYSQL_SET_MODE') && G5_MYSQL_SET_MODE) sql_query("SET SESSION sql_mode = ''"); if (defined(G5_TIMEZONE)) sql_query(" set time_zone = '".G5_TIMEZONE."'"); } else { diff --git a/g4_import_run.php b/g4_import_run.php index 1d3ea67f4..aa8f8a214 100644 --- a/g4_import_run.php +++ b/g4_import_run.php @@ -169,13 +169,7 @@ document.onkeydown = noRefresh ; $is_euckr = true; // member table 복사 - $columns = array(); - $fields = mysql_list_fields(G5_MYSQL_DB, $g5['member_table']); - $count = mysql_num_fields($fields); - for ($i = 0; $i < $count; $i++) { - $fld = mysql_field_name($fields, $i); - $columns[] = $fld; - } + $columns = sql_field_names($g5['member_table']); $sql = " select * from {$g4['member_table']} "; $result = sql_query($sql); @@ -325,13 +319,7 @@ document.onkeydown = noRefresh ; echo '

  • visit sum table 복사
    • '.PHP_EOL; // group table 복사 - $columns = array(); - $fields = mysql_list_fields(G5_MYSQL_DB, $g5['group_table']); - $count = mysql_num_fields($fields); - for ($i = 0; $i < $count; $i++) { - $fld = mysql_field_name($fields, $i); - $columns[] = $fld; - } + $columns = sql_field_names($g5['group_table']); $sql = " select * from {$g4['group_table']} "; $result = sql_query($sql); @@ -365,13 +353,7 @@ document.onkeydown = noRefresh ; unset($fiels); // board 복사 - $columns = array(); - $fields = mysql_list_fields(G5_MYSQL_DB, $g5['board_table']); - $count = mysql_num_fields($fields); - for ($i = 0; $i < $count; $i++) { - $fld = mysql_field_name($fields, $i); - $columns[] = $fld; - } + $columns = sql_field_names($g5['board_table']); $sql = " select * from {$g4['board_table']} "; $result = sql_query($sql); @@ -413,13 +395,7 @@ document.onkeydown = noRefresh ; // 게시글 복사 if(sql_query($sql, FALSE)) { $write_table = $g4['write_prefix'].$bo_table; - $columns2 = array(); - $fields2 = mysql_list_fields(G5_MYSQL_DB, $create_table); - $count2 = mysql_num_fields($fields2); - for ($j = 0; $j < $count2; $j++) { - $fld = mysql_field_name($fields2, $j); - $columns2[] = $fld; - } + $columns2 = sql_field_names($create_table); $sql3 = " select * from $write_table "; $result3 = sql_query($sql3); @@ -461,13 +437,7 @@ document.onkeydown = noRefresh ; $tables = array('board_file', 'board_new', 'board_good', 'mail', 'memo', 'group_member', 'auth', 'popular', 'poll', 'poll_etc', 'scrap'); foreach($tables as $table) { - $columns = array(); - $fields = mysql_list_fields(G5_MYSQL_DB, $g5[$table.'_table']); - $count = mysql_num_fields($fields); - for ($i = 0; $i < $count; $i++) { - $fld = mysql_field_name($fields, $i); - $columns[] = $fld; - } + $columns = sql_field_names($g5[$table.'_table']); $src_table = $g4[$table.'_table']; $dst_table = $g5[$table.'_table']; diff --git a/install/install_db.php b/install/install_db.php index 1a498ea7d..edb532c60 100644 --- a/install/install_db.php +++ b/install/install_db.php @@ -8,6 +8,8 @@ header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 header('Pragma: no-cache'); // HTTP/1.0 include_once ('../config.php'); +include_once ('../lib/common.lib.php'); + $title = G5_VERSION." 설치 완료 3/3"; include_once ('./install.inc.php'); @@ -28,7 +30,7 @@ if (isset($_POST['g5_install'])) $g5_shop_prefix = $_POST['g5_shop_prefix']; $g5_shop_install= $_POST['g5_shop_install']; -$dblink = @mysql_connect($mysql_host, $mysql_user, $mysql_pass); +$dblink = sql_connect($mysql_host, $mysql_user, $mysql_pass, $mysql_db); if (!$dblink) { ?> @@ -42,7 +44,7 @@ if (!$dblink) { exit; } -$select_db = @mysql_select_db($mysql_db, $dblink); +$select_db = sql_select_db($mysql_db, $dblink); if (!$select_db) { ?> @@ -57,12 +59,14 @@ if (!$select_db) { } $mysql_set_mode = 'false'; -@mysql_query('set names utf8'); -$row = mysql_fetch_assoc(mysql_query(" SELECT @@sql_mode as mode ")); +sql_set_charset('utf8', $dblink); +$result = sql_query(" SELECT @@sql_mode as mode ", true, $dblink); +$row = sql_fetch_array($result); if($row['mode']) { - @mysql_query("SET SESSION sql_mode = ''"); + sql_query("SET SESSION sql_mode = ''", true, $dblink); $mysql_set_mode = 'true'; } +unset($result); unset($row); ?> @@ -72,7 +76,7 @@ unset($row);
      " . $sql); + sql_query($sql, true, $dblink); // 1:1문의 설정 $sql = " insert into `{$table_prefix}qa_config` ( qa_title, qa_category, qa_skin, qa_mobile_skin, qa_use_email, qa_req_email, qa_use_hp, qa_req_hp, qa_use_editor, qa_subject_len, qa_mobile_subject_len, qa_page_rows, qa_mobile_page_rows, qa_image_width, qa_upload_size, qa_insert_content ) values ( '1:1문의', '회원|포인트', 'basic', 'basic', '1', '0', '1', '0', '1', '60', '30', '15', '15', '600', '1048576', '' ) "; - mysql_query($sql); + sql_query($sql, true, $dblink); // 관리자 회원가입 $sql = " insert into `{$table_prefix}member` @@ -201,15 +205,15 @@ if($g5_install || !$result) { mb_datetime = '".G5_TIME_YMDHIS."', mb_ip = '{$_SERVER['REMOTE_ADDR']}' "; - @mysql_query($sql); + sql_query($sql, true, $dblink); // 내용관리 생성 - @mysql_query(" insert into `{$table_prefix}content` set co_id = 'company', co_html = '1', co_subject = '회사소개', co_content= '

      회사소개에 대한 내용을 입력하십시오.

      ', co_skin = 'basic', co_mobile_skin = 'basic' ") or die(mysql_error() . "

      " . $sql); - @mysql_query(" insert into `{$table_prefix}content` set co_id = 'privacy', co_html = '1', co_subject = '개인정보 처리방침', co_content= '

      개인정보 처리방침에 대한 내용을 입력하십시오.

      ', co_skin = 'basic', co_mobile_skin = 'basic' ") or die(mysql_error() . "

      " . $sql); - @mysql_query(" insert into `{$table_prefix}content` set co_id = 'provision', co_html = '1', co_subject = '서비스 이용약관', co_content= '

      서비스 이용약관에 대한 내용을 입력하십시오.

      ', co_skin = 'basic', co_mobile_skin = 'basic' ") or die(mysql_error() . "

      " . $sql); + sql_query(" insert into `{$table_prefix}content` set co_id = 'company', co_html = '1', co_subject = '회사소개', co_content= '

      회사소개에 대한 내용을 입력하십시오.

      ', co_skin = 'basic', co_mobile_skin = 'basic' ", true, $dblink); + sql_query(" insert into `{$table_prefix}content` set co_id = 'privacy', co_html = '1', co_subject = '개인정보 처리방침', co_content= '

      개인정보 처리방침에 대한 내용을 입력하십시오.

      ', co_skin = 'basic', co_mobile_skin = 'basic' ", true, $dblink); + sql_query(" insert into `{$table_prefix}content` set co_id = 'provision', co_html = '1', co_subject = '서비스 이용약관', co_content= '

      서비스 이용약관에 대한 내용을 입력하십시오.

      ', co_skin = 'basic', co_mobile_skin = 'basic' ", true, $dblink); // FAQ Master - @mysql_query(" insert into `{$table_prefix}faq_master` set fm_id = '1', fm_subject = '자주하시는 질문' ") or die(mysql_error() . "

      " . $sql); + sql_query(" insert into `{$table_prefix}faq_master` set fm_id = '1', fm_subject = '자주하시는 질문' ", true, $dblink); } if($g5_shop_install) { @@ -347,10 +351,10 @@ if($g5_shop_install) { de_sms_cont4 = '{이름}님 입금 감사합니다.\n{입금액}원\n주문번호:\n{주문번호}\n{회사명}', de_sms_cont5 = '{이름}님 배송합니다.\n택배:{택배회사}\n운송장번호:\n{운송장번호}\n{회사명}' "; - mysql_query($sql) or die(mysql_error() . "

      " . $sql); + sql_query($sql, true, $dblink); // 게시판 그룹 생성 - @mysql_query(" insert into `{$table_prefix}group` set gr_id = 'shop', gr_subject = '쇼핑몰' "); + sql_query(" insert into `{$table_prefix}group` set gr_id = 'shop', gr_subject = '쇼핑몰' ", true, $dblink); // 게시판 생성 $tmp_bo_table = array ("qa", "free", "notice"); @@ -421,7 +425,7 @@ if($g5_shop_install) { bo_use_search = '0', bo_order = '0' "; - @mysql_query($sql); + sql_query($sql, true, $dblink); // 게시판 테이블 생성 $file = file("../adm/sql_write.sql"); @@ -433,7 +437,7 @@ if($g5_shop_install) { $source = array("/__TABLE_NAME__/", "/;/"); $target = array($create_table, ""); $sql = preg_replace($source, $target, $sql); - @mysql_query($sql); + sql_query($sql, true, $dblink); } } ?> diff --git a/lib/common.lib.php b/lib/common.lib.php index 2cee5e9d5..9baeec844 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1416,11 +1416,22 @@ function html_symbol($str) *************************************************************************/ // DB 연결 -function sql_connect($host, $user, $pass) +function sql_connect($host, $user, $pass, $db=G5_MYSQL_DB) { global $g5; - return @mysql_connect($host, $user, $pass); + if(function_exists('mysqli_connect')) { + $link = mysqli_connect($host, $user, $pass, $db); + + // 연결 오류 발생 시 스크립트 종료 + if (mysqli_connect_errno()) { + die('Connect Error: '.mysqli_connect_error()); + } + } else { + $link = mysql_connect($host, $user, $pass); + } + + return $link; } @@ -1429,16 +1440,36 @@ function sql_select_db($db, $connect) { global $g5; - return @mysql_select_db($db, $connect); + if(function_exists('mysqli_select_db')) + return @mysqli_select_db($connect, $db); + else + return @mysql_select_db($db, $connect); } -// mysql_query 와 mysql_error 를 한꺼번에 처리 -// mysql connect resource 지정 - 명랑폐인님 제안 -function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR) +function sql_set_charset($charset, $link=null) { global $g5; + if(!$link) + $link = $g5['connect_db']; + + if(function_exists('mysqli_set_charset')) + mysqli_set_charset($link, $charset); + else + sql_query(" set names {$charset} "); +} + + +// mysqli_query 와 mysqli_error 를 한꺼번에 처리 +// mysql connect resource 지정 - 명랑폐인님 제안 +function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR, $link=null) +{ + global $g5; + + if(!$link) + $link = $g5['connect_db']; + // Blind SQL Injection 취약점 해결 $sql = trim($sql); // union의 사용을 허락하지 않습니다. @@ -1447,20 +1478,34 @@ function sql_query($sql, $error=G5_DISPLAY_SQL_ERROR) // `information_schema` DB로의 접근을 허락하지 않습니다. $sql = preg_replace("#^select.*from.*where.*`?information_schema`?.*#i", "select 1", $sql); - if ($error) - $result = @mysql_query($sql, $g5['connect_db']) or die("

      $sql

      " . mysql_errno() . " : " . mysql_error() . "

      error file : {$_SERVER['SCRIPT_NAME']}"); - else - $result = @mysql_query($sql, $g5['connect_db']); + if(function_exists('mysqli_query')) { + if ($error) { + $result = @mysqli_query($link, $sql) or die("

      $sql

      " . mysqli_errno($link) . " : " . mysqli_error($link) . "

      error file : {$_SERVER['SCRIPT_NAME']}"); + } else { + $result = @mysqli_query($link, $sql); + } + } else { + if ($error) { + $result = @mysql_query($sql, $link) or die("

      $sql

      " . mysql_errno() . " : " . mysql_error() . "

      error file : {$_SERVER['SCRIPT_NAME']}"); + } else { + $result = @mysql_query($sql, $link); + } + } return $result; } // 쿼리를 실행한 후 결과값에서 한행을 얻는다. -function sql_fetch($sql, $error=G5_DISPLAY_SQL_ERROR) +function sql_fetch($sql, $error=G5_DISPLAY_SQL_ERROR, $link=null) { - $result = sql_query($sql, $error); - //$row = @sql_fetch_array($result) or die("

      $sql

      " . mysql_errno() . " : " . mysql_error() . "

      error file : $_SERVER['SCRIPT_NAME']"); + global $g5; + + if(!$link) + $link = $g5['connect_db']; + + $result = sql_query($sql, $error, $link); + //$row = @sql_fetch_array($result) or die("

      $sql

      " . mysqli_errno() . " : " . mysqli_error() . "

      error file : $_SERVER['SCRIPT_NAME']"); $row = sql_fetch_array($result); return $row; } @@ -1469,7 +1514,11 @@ function sql_fetch($sql, $error=G5_DISPLAY_SQL_ERROR) // 결과값에서 한행 연관배열(이름으로)로 얻는다. function sql_fetch_array($result) { - $row = @mysql_fetch_assoc($result); + if(function_exists('mysqli_fetch_assoc')) + $row = @mysqli_fetch_assoc($result); + else + $row = @mysql_fetch_assoc($result); + return $row; } @@ -1479,7 +1528,10 @@ function sql_fetch_array($result) // 단, 결과 값은 스크립트(script) 실행부가 종료되면서 메모리에서 자동적으로 지워진다. function sql_free_result($result) { - return mysql_free_result($result); + if(function_exists('mysqli_free_result')) + return mysqli_free_result($result); + else + return mysql_free_result($result); } @@ -1493,6 +1545,59 @@ function sql_password($value) } +function sql_insert_id($link=null) +{ + global $g5; + + if(!$link) + $link = $g5['connect_db']; + + if(function_exists('mysqli_insert_id')) + return mysqli_insert_id($link); + else + return mysql_insert_id($link); +} + + +function sql_num_rows($result) +{ + if(function_exists('mysqli_num_rows')) + return mysqli_num_rows($result); + else + return mysql_num_rows($result); +} + + +function sql_field_names($table, $link=null) +{ + global $g5; + + if(!$link) + $link = $g5['connect_db']; + + $columns = array(); + + $sql = " select * from `$table` limit 1 "; + $result = sql_query($sql, $link); + + if(function_exists('mysqli_fetch_field')) { + while($field = mysqli_fetch_field($result)) { + $columns[] = $field->name; + } + } else { + $i = 0; + $cnt = mysql_num_fields($result); + while($i < $cnt) { + $field = mysql_fetch_field($result, $i); + $columns[] = $field->name; + $i++; + } + } + + return $columns; +} + + // PHPMyAdmin 참고 function get_table_define($table, $crlf="\n") { @@ -1893,12 +1998,15 @@ function convert_charset($from_charset, $to_charset, $str) } -// mysql_real_escape_string 의 alias 기능을 한다. -function sql_real_escape_string($field) +// mysqli_real_escape_string 의 alias 기능을 한다. +function sql_real_escape_string($str, $link=null) { global $g5; - return mysql_real_escape_string($field, $g5['connect_db']); + if(!$link) + $link = $g5['connect_db']; + + return mysqli_real_escape_string($link, $str); } function escape_trim($field)