comparison mediatomb.php @ 16:cf19005e65d1

added: mysql_real_escape_string
author Sushi-k <epgrec@park.mda.or.jp>
date Wed, 15 Jul 2009 13:02:20 +0900
parents b0fc647167f5
children 9238c1d9e060
comparison
equal deleted inserted replaced
15:cbbddf99d1cd 16:cf19005e65d1
16 mysql_query( $sqlstr ); 16 mysql_query( $sqlstr );
17 $sqlstr = "set NAME utf8"; 17 $sqlstr = "set NAME utf8";
18 mysql_query( $sqlstr ); 18 mysql_query( $sqlstr );
19 19
20 foreach( $recs as $rec ) { 20 foreach( $recs as $rec ) {
21 $title = $rec->title."(".date("Y/m/d", toTimestamp($rec->starttime)).")"; 21 $title = mysql_real_escape_string($rec->title)."(".date("Y/m/d", toTimestamp($rec->starttime)).")";
22 $sqlstr = "update mt_cds_object set metadata='dc:description=".$rec->description."' where dc_title='".$rec->path."'"; 22 $sqlstr = "update mt_cds_object set metadata='dc:description=".mysql_real_escape_string($rec->description)."' where dc_title='".$rec->path."'";
23 mysql_query( $sqlstr ); 23 mysql_query( $sqlstr );
24 $sqlstr = "update mt_cds_object set dc_title='".$title."' where dc_title='".$rec->path."'"; 24 $sqlstr = "update mt_cds_object set dc_title='".$title."' where dc_title='".$rec->path."'";
25 mysql_query( $sqlstr ); 25 mysql_query( $sqlstr );
26 } 26 }
27 } 27 }