post 등에 mysql_real_escape_string 적용하는 코드 수정

2014-02-20 11:29:19 +09:00
parent 7bd383b7cf
commit bc1cfad1c2
20 changed files with 76 additions and 76 deletions
--- a/adm/board_copy_update.php
+++ b/adm/board_copy_update.php
@ -4,8 +4,8 @@ include_once('./_common.php');

 auth_check($auth[$sub_menu], 'w');

-$target_table   = escape_trim($_POST['target_table']);
-$target_subject = escape_trim($_POST['target_subject']);
+$target_table   = trim($_POST['target_table']);
+$target_subject = trim($_POST['target_subject']);

 if (!preg_match('/[A-Za-z0-9_]{1,20}/', $target_table)) {
    alert('게시판 TABLE명은 공백없이 영문자, 숫자, _ 만 사용 가능합니다. (20자 이내)');
--- a/adm/board_list_update.php
+++ b/adm/board_list_update.php
@ -62,7 +62,7 @@ if ($_POST['act_button'] == "선택수정") {
        $k = $_POST['chk'][$i];

        // include 전에 $bo_table 값을 반드시 넘겨야 함
-        $tmp_bo_table = escape_trim($_POST['board_table'][$k]);
+        $tmp_bo_table = trim($_POST['board_table'][$k]);
        include ('./board_delete.inc.php');
    }

--- a/adm/member_form_update.php
+++ b/adm/member_form_update.php
@ -10,7 +10,7 @@ auth_check($auth[$sub_menu], 'w');

 check_token();

-$mb_id = escape_trim($_POST['mb_id']);
+$mb_id = trim($_POST['mb_id']);

 // 휴대폰번호 체크
 $mb_hp = $_POST['mb_hp'];
--- a/adm/visit_search.php
+++ b/adm/visit_search.php
@ -9,8 +9,8 @@ $g5['title'] = '접속자검색';
 include_once('./admin.head.php');
 include_once(G5_PLUGIN_PATH.'/jquery-ui/datepicker.php');

-$search_word = escape_trim($_GET['search_word']);
-$search_sort = escape_trim($_GET['search_sort']);
+$search_word = trim($_GET['search_word']);
+$search_sort = trim($_GET['search_sort']);

 $colspan = 5;
 $qstr = 'search_word='.$search_word.'&amp;search_sort='.$search_sort; //페이징 처리관련 변수