// SQL Injection 으로 인한 코드 보완
//$sql = " select distinct wr_num from $write_table where wr_id in (" . stripslashes($wr_id_list) . ") order by wr_id ";
$sql = " select distinct wr_num from {$write_table} where wr_id in ({$wr_id_list}) order by wr_id ";
$result = sql_query($sql);
while ($row = sql_fetch_array($result)) {
$wr_num = $row[wr_num];
for ($i = 0; $i < count($_POST['chk_bo_table']); $i++) {
$move_bo_table = $_POST['chk_bo_table'][$i];
$move_write_table = $g4['write_prefix'] . $move_bo_table;
$src_dir = "{$g4['path']}/data/file/{$bo_table}";
// 원본 디렉토리
$dst_dir = "{$g4['path']}/data/file/{$move_bo_table}";
// 복사본 디렉토리
$count_write = 0;
$count_comment = 0;
$next_wr_num = get_next_num($move_write_table);
//$sql2 = " select * from $write_table where wr_num = '$wr_num' order by wr_parent, wr_comment desc, wr_id ";
$sql2 = " select * from {$write_table} where wr_num = '{$wr_num}' order by wr_parent, wr_is_comment, wr_comment desc, wr_id ";
$result2 = sql_query($sql2);
while ($row2 = sql_fetch_array($result2)) {
$nick = cut_str($member[mb_nick], $config[cf_cut_name]);
if (!$row2[wr_is_comment] && $config[cf_use_copy_log]) {
$row2[wr_content] .= " \n[이 게시물은 {$nick}님에 의해 {$g4['time_ymdhis']} {$board[bo_subject]}에서 " . ($sw == 'copy' ? '복사' : '이동') . " 됨]";
}
$sql = " insert into {$move_write_table}\n set wr_num = '{$next_wr_num}',\n wr_reply = '{$row2['wr_reply']}',\n wr_is_comment = '{$row2['wr_is_comment']}',\n wr_comment = '{$row2['wr_comment']}',\n wr_comment_reply = '{$row2['wr_comment_reply']}',\n ca_name = '" . addslashes($row2[ca_name]) . "',\n wr_option = '{$row2['wr_option']}',\n wr_subject = '" . addslashes($row2[wr_subject]) . "',\n wr_content = '" . addslashes($row2[wr_content]) . "',\n wr_link1 = '" . addslashes($row2[wr_link1]) . "',\n wr_link2 = '" . addslashes($row2[wr_link2]) . "',\n wr_link1_hit = '{$row2['wr_link1_hit']}',\n wr_link2_hit = '{$row2['wr_link2_hit']}',\n wr_trackback = '" . addslashes($row2[wr_trackback]) . "',\n wr_hit = '{$row2['wr_hit']}',\n wr_good = '{$row2['wr_good']}',\n wr_nogood = '{$row2['wr_nogood']}',\n mb_id = '{$row2['mb_id']}',\n wr_password = '******'wr_password']}',\n wr_name = '" . addslashes($row2[wr_name]) . "',\n wr_email = '" . addslashes($row2[wr_email]) . "',\n wr_homepage = '" . addslashes($row2[wr_homepage]) . "',\n wr_datetime = '{$row2['wr_datetime']}',\n wr_last = '{$row2['wr_last']}',\n wr_ip = '{$row2['wr_ip']}',\n wr_1 = '" . addslashes($row2[wr_1]) . "',\n wr_2 = '" . addslashes($row2[wr_2]) . "',\n wr_3 = '" . addslashes($row2[wr_3]) . "',\n wr_4 = '" . addslashes($row2[wr_4]) . "',\n wr_5 = '" . addslashes($row2[wr_5]) . "',\n wr_6 = '" . addslashes($row2[wr_6]) . "',\n wr_7 = '" . addslashes($row2[wr_7]) . "',\n wr_8 = '" . addslashes($row2[wr_8]) . "',\n wr_9 = '" . addslashes($row2[wr_9]) . "',\n wr_10 = '" . addslashes($row2[wr_10]) . "' ";
sql_query($sql);
$insert_id = mysql_insert_id();
// 코멘트가 아니라면
if (!$row2[wr_is_comment]) {
$save_parent = $insert_id;
$sql3 = " select * from {$g4['board_file_table']} where bo_table = '{$bo_table}' and wr_id = '{$row2['wr_id']}' order by bf_no ";
alert('이름은 필히 입력하셔야 합니다.');
}
$wr_password = get_encrypt_string($wr_password);
$wr_email = get_email_address(trim($_POST['wr_email']));
$wr_homepage = clean_xss_tags($wr_homepage);
}
if ($w == 'r') {
// 답변의 원글이 비밀글이라면 비밀번호는 원글과 동일하게 넣는다.
if ($secret) {
$wr_password = $wr['wr_password'];
}
$wr_id = $wr_id . $reply;
$wr_num = $write['wr_num'];
$wr_reply = $reply;
} else {
$wr_num = get_next_num($write_table);
$wr_reply = '';
}
$sql = " insert into {$write_table}\n set wr_num = '{$wr_num}',\n wr_reply = '{$wr_reply}',\n wr_comment = 0,\n ca_name = '{$ca_name}',\n wr_option = '{$html},{$secret},{$mail}',\n wr_subject = '{$wr_subject}',\n wr_content = '{$wr_content}',\n wr_link1 = '{$wr_link1}',\n wr_link2 = '{$wr_link2}',\n wr_link1_hit = 0,\n wr_link2_hit = 0,\n wr_hit = 0,\n wr_good = 0,\n wr_nogood = 0,\n mb_id = '{$member['mb_id']}',\n wr_password = '******',\n wr_name = '{$wr_name}',\n wr_email = '{$wr_email}',\n wr_homepage = '{$wr_homepage}',\n wr_datetime = '" . G5_TIME_YMDHIS . "',\n wr_last = '" . G5_TIME_YMDHIS . "',\n wr_ip = '{$_SERVER['REMOTE_ADDR']}',\n wr_1 = '{$wr_1}',\n wr_2 = '{$wr_2}',\n wr_3 = '{$wr_3}',\n wr_4 = '{$wr_4}',\n wr_5 = '{$wr_5}',\n wr_6 = '{$wr_6}',\n wr_7 = '{$wr_7}',\n wr_8 = '{$wr_8}',\n wr_9 = '{$wr_9}',\n wr_10 = '{$wr_10}' ";
sql_query($sql);
$wr_id = mysql_insert_id();
// 부모 아이디에 UPDATE
sql_query(" update {$write_table} set wr_parent = '{$wr_id}' where wr_id = '{$wr_id}' ");
// 새글 INSERT
sql_query(" insert into {$g5['board_new_table']} ( bo_table, wr_id, wr_parent, bn_datetime, mb_id ) values ( '{$bo_table}', '{$wr_id}', '{$wr_id}', '" . G5_TIME_YMDHIS . "', '{$member['mb_id']}' ) ");
// 게시글 1 증가
sql_query("update {$g5['board_table']} set bo_count_write = bo_count_write + 1 where bo_table = '{$bo_table}'");
// 쓰기 포인트 부여
if ($w == '') {
if ($notice) {
$bo_notice = $wr_id . ($board['bo_notice'] ? "," . $board['bo_notice'] : '');