From bc1cfad1c21f1109fc8f4ebe4c2b37292fb5ca64 Mon Sep 17 00:00:00 2001 From: chicpro Date: Thu, 20 Feb 2014 11:29:19 +0900 Subject: [PATCH] =?UTF-8?q?post=20=EB=93=B1=EC=97=90=20mysql=5Freal=5Fesca?= =?UTF-8?q?pe=5Fstring=20=EC=A0=81=EC=9A=A9=ED=95=98=EB=8A=94=20=EC=BD=94?= =?UTF-8?q?=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- adm/board_copy_update.php | 4 +-- adm/board_list_update.php | 2 +- adm/member_form_update.php | 2 +- adm/visit_search.php | 4 +-- bbs/ajax.autosave.php | 6 ++-- bbs/ajax.mb_email.php | 4 +-- bbs/ajax.mb_hp.php | 4 +-- bbs/ajax.mb_id.php | 2 +- bbs/ajax.mb_nick.php | 4 +-- bbs/ajax.mb_recommend.php | 2 +- bbs/login_check.php | 6 ++-- bbs/password_lost2.php | 2 +- bbs/qawrite_update.php | 2 +- bbs/register_email_update.php | 4 +-- bbs/register_form_update.php | 64 +++++++++++++++++------------------ bbs/visit_insert.inc.php | 10 +++--- bbs/write_comment_update.php | 4 +-- bbs/write_update.php | 8 ++--- common.php | 14 ++++---- lib/common.lib.php | 4 +-- 20 files changed, 76 insertions(+), 76 deletions(-) diff --git a/adm/board_copy_update.php b/adm/board_copy_update.php index 9537ed786..5636b1cae 100644 --- a/adm/board_copy_update.php +++ b/adm/board_copy_update.php @@ -4,8 +4,8 @@ include_once('./_common.php'); auth_check($auth[$sub_menu], 'w'); -$target_table = escape_trim($_POST['target_table']); -$target_subject = escape_trim($_POST['target_subject']); +$target_table = trim($_POST['target_table']); +$target_subject = trim($_POST['target_subject']); if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) { alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)'); diff --git a/adm/board_list_update.php b/adm/board_list_update.php index 5754db411..0cf509bd7 100644 --- a/adm/board_list_update.php +++ b/adm/board_list_update.php @@ -62,7 +62,7 @@ if ($_POST['act_button'] == "선택수정") { $k = $_POST['chk'][$i]; // include 전에 $bo_table 값을 반드시 넘겨야 함 - $tmp_bo_table = escape_trim($_POST['board_table'][$k]); + $tmp_bo_table = trim($_POST['board_table'][$k]); include ('./board_delete.inc.php'); } diff --git a/adm/member_form_update.php b/adm/member_form_update.php index 18a40b548..50543e0d7 100644 --- a/adm/member_form_update.php +++ b/adm/member_form_update.php @@ -10,7 +10,7 @@ auth_check($auth[$sub_menu], 'w'); check_token(); -$mb_id = escape_trim($_POST['mb_id']); +$mb_id = trim($_POST['mb_id']); // 휴대폰번호 체크 $mb_hp = $_POST['mb_hp']; diff --git a/adm/visit_search.php b/adm/visit_search.php index 1750956e2..fa01682f4 100644 --- a/adm/visit_search.php +++ b/adm/visit_search.php @@ -9,8 +9,8 @@ $g5['title'] = '접속자검색'; include_once('./admin.head.php'); include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php'); -$search_word = escape_trim($_GET['search_word']); -$search_sort = escape_trim($_GET['search_sort']); +$search_word = trim($_GET['search_word']); +$search_sort = trim($_GET['search_sort']); $colspan = 5; $qstr = 'search_word='.$search_word.'&search_sort='.$search_sort; //페이징 처리관련 변수 diff --git a/bbs/ajax.autosave.php b/bbs/ajax.autosave.php index 2073c1f86..2222a86b3 100644 --- a/bbs/ajax.autosave.php +++ b/bbs/ajax.autosave.php @@ -3,9 +3,9 @@ include_once('./_common.php'); if (!$is_member) die('0'); -$uid = escape_trim($_REQUEST['uid']); -$subject = escape_trim(stripslashes($_REQUEST['subject'])); -$content = escape_trim(stripslashes($_REQUEST['content'])); +$uid = trim($_REQUEST['uid']); +$subject = trim(stripslashes($_REQUEST['subject'])); +$content = trim(stripslashes($_REQUEST['content'])); if ($subject && $content) { $sql = " select count(*) as cnt from {$g5['autosave_table']} where mb_id = '{$member['mb_id']}' and as_subject = '$subject' and as_content = '$content' "; diff --git a/bbs/ajax.mb_email.php b/bbs/ajax.mb_email.php index b6673ee51..6c50300cc 100644 --- a/bbs/ajax.mb_email.php +++ b/bbs/ajax.mb_email.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_email = escape_trim($_POST['reg_mb_email']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_email = trim($_POST['reg_mb_email']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_email($mb_email)) die($msg); if ($msg = valid_mb_email($mb_email)) die($msg); diff --git a/bbs/ajax.mb_hp.php b/bbs/ajax.mb_hp.php index 635bef022..5f4c9ffb6 100644 --- a/bbs/ajax.mb_hp.php +++ b/bbs/ajax.mb_hp.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_hp = escape_trim($_POST['reg_mb_hp']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_hp = trim($_POST['reg_mb_hp']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = valid_mb_hp($mb_hp)) die($msg); if ($msg = exist_mb_hp($mb_hp, $mb_id)) die($msg); diff --git a/bbs/ajax.mb_id.php b/bbs/ajax.mb_id.php index 3e4025dbf..6b0badd06 100644 --- a/bbs/ajax.mb_id.php +++ b/bbs/ajax.mb_id.php @@ -2,7 +2,7 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_id($mb_id)) die($msg); if ($msg = valid_mb_id($mb_id)) die($msg); diff --git a/bbs/ajax.mb_nick.php b/bbs/ajax.mb_nick.php index b3757dfac..50a90f037 100644 --- a/bbs/ajax.mb_nick.php +++ b/bbs/ajax.mb_nick.php @@ -2,8 +2,8 @@ include_once('./_common.php'); include_once(G5_LIB_PATH.'/register.lib.php'); -$mb_nick = escape_trim($_POST['reg_mb_nick']); -$mb_id = escape_trim($_POST['reg_mb_id']); +$mb_nick = trim($_POST['reg_mb_nick']); +$mb_id = trim($_POST['reg_mb_id']); if ($msg = empty_mb_nick($mb_nick)) die($msg); if ($msg = valid_mb_nick($mb_nick)) die($msg); diff --git a/bbs/ajax.mb_recommend.php b/bbs/ajax.mb_recommend.php index f7e1062e4..c19470fa0 100644 --- a/bbs/ajax.mb_recommend.php +++ b/bbs/ajax.mb_recommend.php @@ -2,7 +2,7 @@ include_once("./_common.php"); include_once(G5_LIB_PATH."/register.lib.php"); -$mb_recommend = escape_trim($_POST["reg_mb_recommend"]); +$mb_recommend = trim($_POST["reg_mb_recommend"]); if ($msg = valid_mb_id($mb_recommend)) { die("추천인의 아이디는 영문자, 숫자, _ 만 입력하세요."); diff --git a/bbs/login_check.php b/bbs/login_check.php index 2e5ed57a3..4defcc399 100644 --- a/bbs/login_check.php +++ b/bbs/login_check.php @@ -3,10 +3,10 @@ include_once('./_common.php'); $g5['title'] = "로그인 검사"; -$mb_id = escape_trim($_POST['mb_id']); -$mb_password = escape_trim($_POST['mb_password']); +$mb_id = trim($_POST['mb_id']); +$mb_password = trim($_POST['mb_password']); -if (!trim($mb_id) || !trim($mb_password)) +if (!$mb_id || !$mb_password) alert('회원아이디나 비밀번호가 공백이면 안됩니다.'); $mb = get_member($mb_id); diff --git a/bbs/password_lost2.php b/bbs/password_lost2.php index f56927427..074e2bfd7 100644 --- a/bbs/password_lost2.php +++ b/bbs/password_lost2.php @@ -11,7 +11,7 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$email = escape_trim($_POST['mb_email']); +$email = trim($_POST['mb_email']); if (!$email) alert_close('메일주소 오류입니다.'); diff --git a/bbs/qawrite_update.php b/bbs/qawrite_update.php index c6fde25d5..c7fa45225 100644 --- a/bbs/qawrite_update.php +++ b/bbs/qawrite_update.php @@ -52,7 +52,7 @@ for ($i=1; $i<=5; $i++) { $var = "qa_$i"; $$var = ""; if (isset($_POST['qa_'.$i]) && $_POST['qa_'.$i]) { - $$var = escape_trim($_POST['qa_'.$i]); + $$var = trim($_POST['qa_'.$i]); } } diff --git a/bbs/register_email_update.php b/bbs/register_email_update.php index 240fd0a26..7f59541e9 100644 --- a/bbs/register_email_update.php +++ b/bbs/register_email_update.php @@ -3,8 +3,8 @@ include_once('./_common.php'); include_once(G5_CAPTCHA_PATH.'/captcha.lib.php'); include_once(G5_LIB_PATH.'/mailer.lib.php'); -$mb_id = escape_trim($_POST['mb_id']); -$mb_email = escape_trim($_POST['mb_email']); +$mb_id = trim($_POST['mb_id']); +$mb_email = trim($_POST['mb_email']); $sql = " select mb_name, mb_datetime from {$g5['member_table']} where mb_id = '{$mb_id}' and mb_email_certify <> '' "; $mb = sql_fetch($sql); diff --git a/bbs/register_form_update.php b/bbs/register_form_update.php index 31bda65a0..b593792cc 100644 --- a/bbs/register_form_update.php +++ b/bbs/register_form_update.php @@ -20,38 +20,38 @@ if (!chk_captcha()) { alert('자동등록방지 숫자가 틀렸습니다.'); } -$mb_id = escape_trim($_POST['mb_id']); -$mb_password = escape_trim($_POST['mb_password']); -$mb_password_re = escape_trim($_POST['mb_password_re']); -$mb_name = escape_trim($_POST['mb_name']); -$mb_nick = escape_trim($_POST['mb_nick']); -$mb_email = escape_trim($_POST['mb_email']); -$mb_sex = isset($_POST['mb_sex']) ? escape_trim($_POST['mb_sex']) : ""; -$mb_birth = isset($_POST['mb_birth']) ? escape_trim($_POST['mb_birth']) : ""; -$mb_homepage = isset($_POST['mb_homepage']) ? escape_trim($_POST['mb_homepage']) : ""; -$mb_tel = isset($_POST['mb_tel']) ? escape_trim($_POST['mb_tel']) : ""; -$mb_hp = isset($_POST['mb_hp']) ? escape_trim($_POST['mb_hp']) : ""; -$mb_zip1 = isset($_POST['mb_zip1']) ? escape_trim($_POST['mb_zip1']) : ""; -$mb_zip2 = isset($_POST['mb_zip2']) ? escape_trim($_POST['mb_zip2']) : ""; -$mb_addr1 = isset($_POST['mb_addr1']) ? escape_trim($_POST['mb_addr1']) : ""; -$mb_addr2 = isset($_POST['mb_addr2']) ? escape_trim($_POST['mb_addr2']) : ""; -$mb_addr3 = isset($_POST['mb_addr3']) ? escape_trim($_POST['mb_addr3']) : ""; -$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? escape_trim($_POST['mb_addr_jibeon']) : ""; -$mb_signature = isset($_POST['mb_signature']) ? escape_trim($_POST['mb_signature']) : ""; -$mb_profile = isset($_POST['mb_profile']) ? escape_trim($_POST['mb_profile']) : ""; -$mb_recommend = isset($_POST['mb_recommend']) ? escape_trim($_POST['mb_recommend']) : ""; -$mb_mailling = isset($_POST['mb_mailling']) ? escape_trim($_POST['mb_mailling']) : ""; -$mb_sms = isset($_POST['mb_sms']) ? escape_trim($_POST['mb_sms']) : ""; -$mb_1 = isset($_POST['mb_1']) ? escape_trim($_POST['mb_1']) : ""; -$mb_2 = isset($_POST['mb_2']) ? escape_trim($_POST['mb_2']) : ""; -$mb_3 = isset($_POST['mb_3']) ? escape_trim($_POST['mb_3']) : ""; -$mb_4 = isset($_POST['mb_4']) ? escape_trim($_POST['mb_4']) : ""; -$mb_5 = isset($_POST['mb_5']) ? escape_trim($_POST['mb_5']) : ""; -$mb_6 = isset($_POST['mb_6']) ? escape_trim($_POST['mb_6']) : ""; -$mb_7 = isset($_POST['mb_7']) ? escape_trim($_POST['mb_7']) : ""; -$mb_8 = isset($_POST['mb_8']) ? escape_trim($_POST['mb_8']) : ""; -$mb_9 = isset($_POST['mb_9']) ? escape_trim($_POST['mb_9']) : ""; -$mb_10 = isset($_POST['mb_10']) ? escape_trim($_POST['mb_10']) : ""; +$mb_id = trim($_POST['mb_id']); +$mb_password = trim($_POST['mb_password']); +$mb_password_re = trim($_POST['mb_password_re']); +$mb_name = trim($_POST['mb_name']); +$mb_nick = trim($_POST['mb_nick']); +$mb_email = trim($_POST['mb_email']); +$mb_sex = isset($_POST['mb_sex']) ? trim($_POST['mb_sex']) : ""; +$mb_birth = isset($_POST['mb_birth']) ? trim($_POST['mb_birth']) : ""; +$mb_homepage = isset($_POST['mb_homepage']) ? trim($_POST['mb_homepage']) : ""; +$mb_tel = isset($_POST['mb_tel']) ? trim($_POST['mb_tel']) : ""; +$mb_hp = isset($_POST['mb_hp']) ? trim($_POST['mb_hp']) : ""; +$mb_zip1 = isset($_POST['mb_zip1']) ? trim($_POST['mb_zip1']) : ""; +$mb_zip2 = isset($_POST['mb_zip2']) ? trim($_POST['mb_zip2']) : ""; +$mb_addr1 = isset($_POST['mb_addr1']) ? trim($_POST['mb_addr1']) : ""; +$mb_addr2 = isset($_POST['mb_addr2']) ? trim($_POST['mb_addr2']) : ""; +$mb_addr3 = isset($_POST['mb_addr3']) ? trim($_POST['mb_addr3']) : ""; +$mb_addr_jibeon = isset($_POST['mb_addr_jibeon']) ? trim($_POST['mb_addr_jibeon']) : ""; +$mb_signature = isset($_POST['mb_signature']) ? trim($_POST['mb_signature']) : ""; +$mb_profile = isset($_POST['mb_profile']) ? trim($_POST['mb_profile']) : ""; +$mb_recommend = isset($_POST['mb_recommend']) ? trim($_POST['mb_recommend']) : ""; +$mb_mailling = isset($_POST['mb_mailling']) ? trim($_POST['mb_mailling']) : ""; +$mb_sms = isset($_POST['mb_sms']) ? trim($_POST['mb_sms']) : ""; +$mb_1 = isset($_POST['mb_1']) ? trim($_POST['mb_1']) : ""; +$mb_2 = isset($_POST['mb_2']) ? trim($_POST['mb_2']) : ""; +$mb_3 = isset($_POST['mb_3']) ? trim($_POST['mb_3']) : ""; +$mb_4 = isset($_POST['mb_4']) ? trim($_POST['mb_4']) : ""; +$mb_5 = isset($_POST['mb_5']) ? trim($_POST['mb_5']) : ""; +$mb_6 = isset($_POST['mb_6']) ? trim($_POST['mb_6']) : ""; +$mb_7 = isset($_POST['mb_7']) ? trim($_POST['mb_7']) : ""; +$mb_8 = isset($_POST['mb_8']) ? trim($_POST['mb_8']) : ""; +$mb_9 = isset($_POST['mb_9']) ? trim($_POST['mb_9']) : ""; +$mb_10 = isset($_POST['mb_10']) ? trim($_POST['mb_10']) : ""; if ($w == '' || $w == 'u') { diff --git a/bbs/visit_insert.inc.php b/bbs/visit_insert.inc.php index e0698f75c..dccd1326f 100644 --- a/bbs/visit_insert.inc.php +++ b/bbs/visit_insert.inc.php @@ -1,8 +1,8 @@ 50) { @include_once($board_skin_path.'/write_comment_update.head.skin.php'); $w = $_POST["w"]; -$wr_name = escape_trim($_POST['wr_name']); +$wr_name = trim($_POST['wr_name']); $wr_email = ''; if (!empty($_POST['wr_email'])) - $wr_email = escape_trim($_POST['wr_email']); + $wr_email = trim($_POST['wr_email']); // 비회원의 경우 이름이 누락되는 경우가 있음 if ($is_guest) { diff --git a/bbs/write_update.php b/bbs/write_update.php index 0b71d3306..2caae2308 100644 --- a/bbs/write_update.php +++ b/bbs/write_update.php @@ -50,8 +50,8 @@ if (empty($_POST)) { } $w = $_POST['w']; -$wr_link1 = escape_trim(strip_tags($_POST['wr_link1'])); -$wr_link2 = escape_trim(strip_tags($_POST['wr_link2'])); +$wr_link1 = trim(strip_tags($_POST['wr_link1'])); +$wr_link2 = trim(strip_tags($_POST['wr_link2'])); $notice_array = explode(",", $board['bo_notice']); @@ -91,7 +91,7 @@ for ($i=1; $i<=10; $i++) { $var = "wr_$i"; $$var = ""; if (isset($_POST['wr_'.$i]) && $_POST['wr_'.$i]) { - $$var = escape_trim($_POST['wr_'.$i]); + $$var = trim($_POST['wr_'.$i]); } } @@ -291,7 +291,7 @@ if ($w == '' || $w == 'r') { } else { $mb_id = ''; // 비회원의 경우 이름이 누락되는 경우가 있음 - $wr_name = escape_trim($_POST['wr_name']); + $wr_name = trim($_POST['wr_name']); if (!$wr_name) alert('이름은 필히 입력하셔야 합니다.'); $wr_password = sql_password($wr_password); diff --git a/common.php b/common.php index 3f8a74a56..7e2db059a 100644 --- a/common.php +++ b/common.php @@ -205,7 +205,7 @@ if (isset($_REQUEST['PHPSESSID']) && $_REQUEST['PHPSESSID'] != session_id()) $qstr = ''; if (isset($_REQUEST['sca'])) { - $sca = escape_trim($_REQUEST['sca']); + $sca = trim($_REQUEST['sca']); if ($sca) $qstr .= '&sca=' . urlencode($sca); } else { @@ -213,7 +213,7 @@ if (isset($_REQUEST['sca'])) { } if (isset($_REQUEST['sfl'])) { - $sfl = escape_trim($_REQUEST['sfl']); + $sfl = trim($_REQUEST['sfl']); $sfl = preg_replace("/[\<\>\'\"\%\=\(\)\s]/", "", $sfl); if ($sfl) $qstr .= '&sfl=' . urlencode($sfl); // search field (검색 필드) @@ -223,7 +223,7 @@ if (isset($_REQUEST['sfl'])) { if (isset($_REQUEST['stx'])) { // search text (검색어) - $stx = escape_trim($_REQUEST['stx']); + $stx = trim($_REQUEST['stx']); if ($stx) $qstr .= '&stx=' . urlencode($stx); } else { @@ -231,7 +231,7 @@ if (isset($_REQUEST['stx'])) { // search text (검색어) } if (isset($_REQUEST['sst'])) { - $sst = escape_trim($_REQUEST['sst']); + $sst = trim($_REQUEST['sst']); if ($sst) $qstr .= '&sst=' . urlencode($sst); // search sort (검색 정렬 필드) } else { @@ -283,7 +283,7 @@ if (isset($_REQUEST['wr_id'])) { } if (isset($_REQUEST['bo_table'])) { - $bo_table = escape_trim($_REQUEST['bo_table']); + $bo_table = trim($_REQUEST['bo_table']); $bo_table = substr($bo_table, 0, 20); } else { $bo_table = ''; @@ -291,7 +291,7 @@ if (isset($_REQUEST['bo_table'])) { // URL ENCODING if (isset($_REQUEST['url'])) { - $url = escape_trim($_REQUEST['url']); + $url = trim($_REQUEST['url']); $urlencode = urlencode($url); } else { $url = ''; @@ -303,7 +303,7 @@ if (isset($_REQUEST['url'])) { } if (isset($_REQUEST['gr_id'])) { - $gr_id = escape_trim($_REQUEST['gr_id']); + $gr_id = trim($_REQUEST['gr_id']); } else { $gr_id = ''; } diff --git a/lib/common.lib.php b/lib/common.lib.php index 624017d40..de725408f 100644 --- a/lib/common.lib.php +++ b/lib/common.lib.php @@ -1885,8 +1885,8 @@ function escape_trim($field) if ($field) { $str = mysql_real_escape_string(@trim($field)); - if(PHP_VERSION < '5.3.0') - $str = stripslashes($str); + //if(PHP_VERSION < '5.3.0') + // $str = stripslashes($str); return $str; }