// SQL Injection 으로 인한 코드 보완
//$sql = " select distinct wr_num from $write_table where wr_id in (" . stripslashes($wr_id_list) . ") order by wr_id ";
$sql = " select distinct wr_num from {$write_table} where wr_id in ({$wr_id_list}) order by wr_id ";
$result = sql_query($sql);
while ($row = sql_fetch_array($result)) {
    $wr_num = $row[wr_num];
    for ($i = 0; $i < count($_POST['chk_bo_table']); $i++) {
        $move_bo_table = $_POST['chk_bo_table'][$i];
        $move_write_table = $g4['write_prefix'] . $move_bo_table;
        $src_dir = "{$g4['path']}/data/file/{$bo_table}";
        // 원본 디렉토리
        $dst_dir = "{$g4['path']}/data/file/{$move_bo_table}";
        // 복사본 디렉토리
        $count_write = 0;
        $count_comment = 0;
        $next_wr_num = get_next_num($move_write_table);
        //$sql2 = " select * from $write_table where wr_num = '$wr_num' order by wr_parent, wr_comment desc, wr_id ";
        $sql2 = " select * from {$write_table} where wr_num = '{$wr_num}' order by wr_parent, wr_is_comment, wr_comment desc, wr_id ";
        $result2 = sql_query($sql2);
        while ($row2 = sql_fetch_array($result2)) {
            $nick = cut_str($member[mb_nick], $config[cf_cut_name]);
            if (!$row2[wr_is_comment] && $config[cf_use_copy_log]) {
                $row2[wr_content] .= " \n[이 게시물은 {$nick}님에 의해 {$g4['time_ymdhis']} {$board[bo_subject]}에서 " . ($sw == 'copy' ? '복사' : '이동') . " 됨]";
            }
            $sql = " insert into {$move_write_table}\n                        set wr_num            = '{$next_wr_num}',\n                            wr_reply          = '{$row2['wr_reply']}',\n                            wr_is_comment     = '{$row2['wr_is_comment']}',\n                            wr_comment        = '{$row2['wr_comment']}',\n                            wr_comment_reply  = '{$row2['wr_comment_reply']}',\n                            ca_name           = '" . addslashes($row2[ca_name]) . "',\n                            wr_option         = '{$row2['wr_option']}',\n                            wr_subject        = '" . addslashes($row2[wr_subject]) . "',\n                            wr_content        = '" . addslashes($row2[wr_content]) . "',\n                            wr_link1          = '" . addslashes($row2[wr_link1]) . "',\n                            wr_link2          = '" . addslashes($row2[wr_link2]) . "',\n                            wr_link1_hit      = '{$row2['wr_link1_hit']}',\n                            wr_link2_hit      = '{$row2['wr_link2_hit']}',\n                            wr_trackback      = '" . addslashes($row2[wr_trackback]) . "',\n                            wr_hit            = '{$row2['wr_hit']}',\n                            wr_good           = '{$row2['wr_good']}',\n                            wr_nogood         = '{$row2['wr_nogood']}',\n                            mb_id             = '{$row2['mb_id']}',\n                            wr_password       = '******'wr_password']}',\n                            wr_name           = '" . addslashes($row2[wr_name]) . "',\n                            wr_email          = '" . addslashes($row2[wr_email]) . "',\n                            wr_homepage       = '" . addslashes($row2[wr_homepage]) . "',\n                            wr_datetime       = '{$row2['wr_datetime']}',\n                            wr_last           = '{$row2['wr_last']}',\n                            wr_ip             = '{$row2['wr_ip']}',\n                            wr_1              = '" . addslashes($row2[wr_1]) . "',\n                            wr_2              = '" . addslashes($row2[wr_2]) . "',\n                            wr_3              = '" . addslashes($row2[wr_3]) . "',\n                            wr_4              = '" . addslashes($row2[wr_4]) . "',\n                            wr_5              = '" . addslashes($row2[wr_5]) . "',\n                            wr_6              = '" . addslashes($row2[wr_6]) . "',\n                            wr_7              = '" . addslashes($row2[wr_7]) . "',\n                            wr_8              = '" . addslashes($row2[wr_8]) . "',\n                            wr_9              = '" . addslashes($row2[wr_9]) . "',\n                            wr_10             = '" . addslashes($row2[wr_10]) . "' ";
            sql_query($sql);
            $insert_id = mysql_insert_id();
            // 코멘트가 아니라면
            if (!$row2[wr_is_comment]) {
                $save_parent = $insert_id;
                $sql3 = " select * from {$g4['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$row2['wr_id']}' order by bf_no ";
Beispiel #2
0
         alert('이름은 필히 입력하셔야 합니다.');
     }
     $wr_password = get_encrypt_string($wr_password);
     $wr_email = get_email_address(trim($_POST['wr_email']));
     $wr_homepage = clean_xss_tags($wr_homepage);
 }
 if ($w == 'r') {
     // 답변의 원글이 비밀글이라면 비밀번호는 원글과 동일하게 넣는다.
     if ($secret) {
         $wr_password = $wr['wr_password'];
     }
     $wr_id = $wr_id . $reply;
     $wr_num = $write['wr_num'];
     $wr_reply = $reply;
 } else {
     $wr_num = get_next_num($write_table);
     $wr_reply = '';
 }
 $sql = " insert into {$write_table}\n                set wr_num = '{$wr_num}',\n                     wr_reply = '{$wr_reply}',\n                     wr_comment = 0,\n                     ca_name = '{$ca_name}',\n                     wr_option = '{$html},{$secret},{$mail}',\n                     wr_subject = '{$wr_subject}',\n                     wr_content = '{$wr_content}',\n                     wr_link1 = '{$wr_link1}',\n                     wr_link2 = '{$wr_link2}',\n                     wr_link1_hit = 0,\n                     wr_link2_hit = 0,\n                     wr_hit = 0,\n                     wr_good = 0,\n                     wr_nogood = 0,\n                     mb_id = '{$member['mb_id']}',\n                     wr_password = '******',\n                     wr_name = '{$wr_name}',\n                     wr_email = '{$wr_email}',\n                     wr_homepage = '{$wr_homepage}',\n                     wr_datetime = '" . G5_TIME_YMDHIS . "',\n                     wr_last = '" . G5_TIME_YMDHIS . "',\n                     wr_ip = '{$_SERVER['REMOTE_ADDR']}',\n                     wr_1 = '{$wr_1}',\n                     wr_2 = '{$wr_2}',\n                     wr_3 = '{$wr_3}',\n                     wr_4 = '{$wr_4}',\n                     wr_5 = '{$wr_5}',\n                     wr_6 = '{$wr_6}',\n                     wr_7 = '{$wr_7}',\n                     wr_8 = '{$wr_8}',\n                     wr_9 = '{$wr_9}',\n                     wr_10 = '{$wr_10}' ";
 sql_query($sql);
 $wr_id = mysql_insert_id();
 // 부모 아이디에 UPDATE
 sql_query(" update {$write_table} set wr_parent = '{$wr_id}' where wr_id = '{$wr_id}' ");
 // 새글 INSERT
 sql_query(" insert into {$g5['board_new_table']} ( bo_table, wr_id, wr_parent, bn_datetime, mb_id ) values ( '{$bo_table}', '{$wr_id}', '{$wr_id}', '" . G5_TIME_YMDHIS . "', '{$member['mb_id']}' ) ");
 // 게시글 1 증가
 sql_query("update {$g5['board_table']} set bo_count_write = bo_count_write + 1 where bo_table = '{$bo_table}'");
 // 쓰기 포인트 부여
 if ($w == '') {
     if ($notice) {
         $bo_notice = $wr_id . ($board['bo_notice'] ? "," . $board['bo_notice'] : '');