Mercurial > epgrec.yaz
changeset 16:cf19005e65d1
added: mysql_real_escape_string
| author | Sushi-k <epgrec@park.mda.or.jp> |
|---|---|
| date | Wed, 15 Jul 2009 13:02:20 +0900 |
| parents | cbbddf99d1cd |
| children | d3ee3927eb3a |
| files | mediatomb.php recomplete.php |
| diffstat | 2 files changed, 17 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/mediatomb.php Wed Jul 15 12:52:29 2009 +0900 +++ b/mediatomb.php Wed Jul 15 13:02:20 2009 +0900 @@ -18,8 +18,8 @@ mysql_query( $sqlstr ); foreach( $recs as $rec ) { - $title = $rec->title."(".date("Y/m/d", toTimestamp($rec->starttime)).")"; - $sqlstr = "update mt_cds_object set metadata='dc:description=".$rec->description."' where dc_title='".$rec->path."'"; + $title = mysql_real_escape_string($rec->title)."(".date("Y/m/d", toTimestamp($rec->starttime)).")"; + $sqlstr = "update mt_cds_object set metadata='dc:description=".mysql_real_escape_string($rec->description)."' where dc_title='".$rec->path."'"; mysql_query( $sqlstr ); $sqlstr = "update mt_cds_object set dc_title='".$title."' where dc_title='".$rec->path."'"; mysql_query( $sqlstr );
--- a/recomplete.php Wed Jul 15 12:52:29 2009 +0900 +++ b/recomplete.php Wed Jul 15 13:02:20 2009 +0900 @@ -11,20 +11,22 @@ if( file_exists( INSTALL_PATH . SPOOL . "/". $rrec->path ) ) { // 予約完了 $rrec->complete = '1'; - if( MEDIATOMB_UPDATE) { - $dbh = mysql_connect( DB_HOST, DB_USER, DB_PASS ); - if( $dbh !== false ) { - $sqlstr = "use ".DB_NAME; - mysql_query( $sqlstr ); - // 別にやらなくてもいいが - $sqlstr = "set NAME utf8"; - mysql_query( $sqlstr ); - $sqlstr = "update mt_cds_object set metadata='dc:description=".$rrec->description."' where dc_title='".$rrec->path."'"; - mysql_query( $sqlstr ); - $sqlstr = "update mt_cds_object set dc_title='".$rrec->title."(".date("Y/m/d").")' where dc_title='".$rrec->path."'"; - mysql_query( $sqlstr ); + if( defined(MEDIATOMB_UPDATE) ) { + if( MEDIATOMB_UPDATE ) { + $dbh = mysql_connect( DB_HOST, DB_USER, DB_PASS ); + if( $dbh !== false ) { + $sqlstr = "use ".DB_NAME; + mysql_query( $sqlstr ); + // 別にやらなくてもいいが + $sqlstr = "set NAME utf8"; + mysql_query( $sqlstr ); + $sqlstr = "update mt_cds_object set metadata='dc:description=".mysql_real_escape_string($rrec->description)."' where dc_title='".$rrec->path."'"; + mysql_query( $sqlstr ); + $sqlstr = "update mt_cds_object set dc_title='".mysql_real_escape_string($rrec->title)."(".date("Y/m/d").")' where dc_title='".$rrec->path."'"; + mysql_query( $sqlstr ); + } } - } + } } else { // 予約失敗