changeset 10:152b146bd276

fixed: mysql_connect before mysql_real_escape_string
author Sushi-k <epgrec@park.mda.or.jp>
date Mon, 13 Jul 2009 17:12:07 +0900
parents 500c7fbb46aa
children 065d48346fff
files programTable.php recordedTable.php
diffstat 2 files changed, 8 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/programTable.php	Thu Jul 09 20:08:46 2009 +0900
+++ b/programTable.php	Mon Jul 13 17:12:07 2009 +0900
@@ -11,7 +11,10 @@
 $category_id = 0;
 $station = 0;
 
+// mysql_real_escape_stringより先に接続しておく必要がある
+$dbh = @mysql_connect(DB_HOST, DB_USER, DB_PASS );
 
+	// パラメータの処理
 if(isset( $_POST['do_search'] )) {
 	if( isset($_POST['search'])){
 		if( $_POST['search'] != "" ) {
@@ -44,14 +47,13 @@
 		}
 	}
 }
-
 $options .= " ORDER BY starttime ASC LIMIT 300";
-
 $do_keyword = 0;
 if( ($search != "") || ($type != "*") || ($category_id != 0) || ($station != 0) )
 	$do_keyword = 1;
-
+	
 try{
+	
 	$precs = DBRecord::createRecords(TBL_PREFIX.PROGRAM_TBL, $options );
 	
 	$programs = array();
--- a/recordedTable.php	Thu Jul 09 20:08:46 2009 +0900
+++ b/recordedTable.php	Mon Jul 13 17:12:07 2009 +0900
@@ -8,6 +8,9 @@
 $category_id = 0;
 $station = 0;
 
+// mysql_real_escape_stringより先に接続しておく必要がある
+$dbh = @mysql_connect( DB_HOST, DB_USER, DB_PASS );
+
 #$options = "WHERE complete='1'";
 $options = "WHERE starttime < '". date("Y-m-d H:i:s")."'";	// ながら再生は無理っぽい?