Mercurial > epgrec.yaz
diff mediatomb.php @ 16:cf19005e65d1
added: mysql_real_escape_string
author | Sushi-k <epgrec@park.mda.or.jp> |
---|---|
date | Wed, 15 Jul 2009 13:02:20 +0900 |
parents | b0fc647167f5 |
children | 9238c1d9e060 |
line wrap: on
line diff
--- a/mediatomb.php Wed Jul 15 12:52:29 2009 +0900 +++ b/mediatomb.php Wed Jul 15 13:02:20 2009 +0900 @@ -18,8 +18,8 @@ mysql_query( $sqlstr ); foreach( $recs as $rec ) { - $title = $rec->title."(".date("Y/m/d", toTimestamp($rec->starttime)).")"; - $sqlstr = "update mt_cds_object set metadata='dc:description=".$rec->description."' where dc_title='".$rec->path."'"; + $title = mysql_real_escape_string($rec->title)."(".date("Y/m/d", toTimestamp($rec->starttime)).")"; + $sqlstr = "update mt_cds_object set metadata='dc:description=".mysql_real_escape_string($rec->description)."' where dc_title='".$rec->path."'"; mysql_query( $sqlstr ); $sqlstr = "update mt_cds_object set dc_title='".$title."' where dc_title='".$rec->path."'"; mysql_query( $sqlstr );