diff recomplete.php @ 16:cf19005e65d1

added: mysql_real_escape_string
author Sushi-k <epgrec@park.mda.or.jp>
date Wed, 15 Jul 2009 13:02:20 +0900
parents b0fc647167f5
children 19bd80c60009
line wrap: on
line diff
--- a/recomplete.php	Wed Jul 15 12:52:29 2009 +0900
+++ b/recomplete.php	Wed Jul 15 13:02:20 2009 +0900
@@ -11,20 +11,22 @@
 	if( file_exists( INSTALL_PATH . SPOOL . "/". $rrec->path ) ) {
 		// 予約完了
 		$rrec->complete = '1';
-		if( MEDIATOMB_UPDATE) {
-			$dbh = mysql_connect( DB_HOST, DB_USER, DB_PASS );
-			if( $dbh !== false ) {
-				$sqlstr = "use ".DB_NAME;
-				mysql_query( $sqlstr );
-				// 別にやらなくてもいいが
-				$sqlstr = "set NAME utf8";
-				mysql_query( $sqlstr );
-				$sqlstr = "update mt_cds_object set metadata='dc:description=".$rrec->description."' where dc_title='".$rrec->path."'";
-				mysql_query( $sqlstr );
-				$sqlstr = "update mt_cds_object set dc_title='".$rrec->title."(".date("Y/m/d").")' where dc_title='".$rrec->path."'";
-				mysql_query( $sqlstr );
+		if( defined(MEDIATOMB_UPDATE) ) {
+			if( MEDIATOMB_UPDATE ) {
+				$dbh = mysql_connect( DB_HOST, DB_USER, DB_PASS );
+				if( $dbh !== false ) {
+					$sqlstr = "use ".DB_NAME;
+					mysql_query( $sqlstr );
+					// 別にやらなくてもいいが
+					$sqlstr = "set NAME utf8";
+					mysql_query( $sqlstr );
+					$sqlstr = "update mt_cds_object set metadata='dc:description=".mysql_real_escape_string($rrec->description)."' where dc_title='".$rrec->path."'";
+					mysql_query( $sqlstr );
+					$sqlstr = "update mt_cds_object set dc_title='".mysql_real_escape_string($rrec->title)."(".date("Y/m/d").")' where dc_title='".$rrec->path."'";
+					mysql_query( $sqlstr );
+				}
 			}
-		}	
+		}
 	}
 	else {
 		// 予約失敗