필터링 코드 추가

2015-12-10 16:12:20 +09:00
parent fea06d14b9
commit ab79139a91
5 changed files with 13 additions and 9 deletions
--- a/shop/cartoption.php
+++ b/shop/cartoption.php
@ -1,7 +1,8 @@
 <?php
 include_once('./_common.php');

-$it_id = $_POST['it_id'];
+$pattern = '#[/\'\"%=*\#\(\)\|\+\&\!\$~\{\}\[\]`;:\?\^\,]#i';
+$it_id  = preg_replace($pattern, '', $_POST['it_id']);

 $sql = " select * from {$g5['g5_shop_item_table']} where it_id = '$it_id' and it_use = '1' ";
 $it = sql_fetch($sql);