fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-24 04:42:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

r7760 Mysqli Mysql_innodb 수정 보안

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/sandbox@7763 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ngleader 2010-10-18 02:17:39 +00:00
parent f055d80cd6
commit 6cec56771b
2 changed files with 28 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

17
classes/db/DBMysql_innodb.class.php
View file

@ -443,13 +443,24 @@
$table_list[] = '`'.$this->prefix.$val.'`';
}
// 컬럼 정리
// 컬럼 정리
foreach($output->columns as $key => $val) {
$name = $val['name'];
$value = $val['value'];
if($output->column_type[$name]!='number') {
$value = "'".$this->addQuotes($value)."'";
if(!$value) $value = 'null';
if(!is_null($value)){
$value = "'" . $this->addQuotes($value) ."'";
}else{
if($val['notnull']=='notnull') {
$value = "''";
} else {
//$value = 'null';
$value = "''";
}
}
} elseif(!$value || is_numeric($value)) $value = (int)$value;
$column_list[] = '`'.$name.'`';

21
classes/db/DBMysqli.class.php
View file

@ -422,23 +422,30 @@
$table_list[] = '`'.$this->prefix.$val.'`';
}
// 컬럼 정리
// 컬럼 정리
foreach($output->columns as $key => $val) {
$name = $val['name'];
$value = $val['value'];
if($output->column_type[$name]!='number') {
$value = "'".$this->addQuotes($value)."'";
if(!$value) $value = 'null';
if(!is_null($value)){
$value = "'" . $this->addQuotes($value) ."'";
}else{
if($val['notnull']=='notnull') {
$value = "''";
} else {
//$value = 'null';
$value = "''";
}
}
} elseif(!$value || is_numeric($value)) $value = (int)$value;
$column_list[] = '`'.$name.'`';
$value_list[] = $value;
}
$query = sprintf("insert into %s (%s) values (%s)", implode(',',$table_list), implode(',',$column_list), implode(',', $value_list));
return $this->_query($query);
}
/**
* @brief updateAct 처리