Affelio

[Affelio-cvs 161] CVS update: affelio/apps/album

Yoshihisa Fukuhara higef****@users*****
2005年 6月 26日 (日) 17:02:54 JST

• 前の記事 [Affelio-cvs 160] CVS update: affelio
• 次の記事 [Affelio-cvs 162] CVS update: affelio
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]

Index: affelio/apps/album/Album.pm
diff -u affelio/apps/album/Album.pm:1.10 affelio/apps/album/Album.pm:1.11
--- affelio/apps/album/Album.pm:1.10	Wed Jun 22 15:40:22 2005
+++ affelio/apps/album/Album.pm	Sun Jun 26 17:02:54 2005
@@ -116,13 +116,14 @@
   	my $id = $this->getColumn("SELECT MAX(id) FROM $this->{album_tb}");
 	$title = $this->validate($title);
 	$user = $this->validate($user);
-	$contents = $this->validate_entry($id, $title, $contents);
+#	$contents = $this->validate_entry($id, $title, $contents);
+	$contents = $this->validate($title);
 
 	# 二重投稿を防ぐ
-#	my @same = $this->getall("SELECT id FROM $this->{album_tb} WHERE title = '$title' AND contents = '$contents'");
+#	my @same = $this->getall("SELECT id FROM $this->{album_tb} WHERE title = $title AND contents = $contents");
 #	if($#same >= 0) { return; }
 
-	$this->{dbh}->do("INSERT INTO $this->{album_tb} (title, contents, timestamp, update_time, user, afid, pswd, ord) VALUES ('$title', '$contents', $time, $time, '$user', '$afid', '', '')");
+	$this->{dbh}->do("INSERT INTO $this->{album_tb} (title, contents, timestamp, update_time, user, afid, pswd, ord) VALUES ($title, $contents, $time, $time, $user, '$afid', '', '')");
   	$id = $this->getColumn("SELECT MAX(id) FROM $this->{album_tb}");
 
         my $data_dir=$this->{afap}->get_userdata_dir()."/";
@@ -154,11 +155,11 @@
 	# 二重投稿を防ぐ
 #	my @same = $this->getall("SELECT id FROM $this->{image_tb} WHERE title = '$title' AND comment = '$comment'");
 #	if($#same >= 0) { return; }
-	my @same = $this->getall("SELECT id FROM $this->{image_tb} WHERE id = $id AND image = '$image'");
+	my @same = $this->getall("SELECT id FROM $this->{image_tb} WHERE id = $id AND image = $image");
 	if($#same > 0) {
-	$this->{dbh}->do("UPDATE $this->{image_tb} SET title = '$title', comment='$comment', user='$user', afid='$afid', time=$time WHERE id = $id AND image='$image'");
+	$this->{dbh}->do("UPDATE $this->{image_tb} SET title = $title, comment=$comment, user=$user, afid='$afid', time=$time WHERE id = $id AND image=$image");
         }else{
-	$this->{dbh}->do("INSERT INTO $this->{image_tb} (id, image, title, user, afid, comment, pswd, timestamp) VALUES ($id, '$image', '$title', '$user', '$afid', '$comment', '', $time)");
+	$this->{dbh}->do("INSERT INTO $this->{image_tb} (id, image, title, user, afid, comment, pswd, timestamp) VALUES ($id, $image, $title, $user, '$afid', $comment, '', $time)");
       	}
 }
 
@@ -174,7 +175,7 @@
 	$title = $this->validate($title);
 	$contents = $this->validate($contents);
   	my $time = time;
-	$this->{dbh}->do("UPDATE $this->{album_tb} SET title = '$title', contents = '$contents', update_time=$time WHERE id = $id");
+	$this->{dbh}->do("UPDATE $this->{album_tb} SET title = $title, contents = $contents, update_time=$time WHERE id = $id");
 }
 
 ##############################################
@@ -186,8 +187,9 @@
 	my ($this, $id, $title, $comment, $image) = @_;
 	$title = $this->validate($title);
 	$comment = $this->validate($comment);
+	$image = $this->validate($image);
   	my $time = time;
-	$this->{dbh}->do("UPDATE $this->{image_tb} SET title = '$title', comment = '$comment' WHERE id = $id AND image='$image'");
+	$this->{dbh}->do("UPDATE $this->{image_tb} SET title = $title, comment = $comment WHERE id = $id AND image=$image");
 }
 
 ##############################################
@@ -333,13 +335,13 @@
 	my ($this, $id, $user, $afid, $comment) = @_;
 	my $time = time;
 	$user = $this->validate($user);
-#	$comment = $this->validate($comment);
+	$comment = $this->validate($comment);
 	
 	# 二重投稿を防ぐ
-	my @same = $this->getall("SELECT id FROM $this->{comment_tb} WHERE user = '$user' AND comment = '$comment'");
+	my @same = $this->getall("SELECT id FROM $this->{comment_tb} WHERE user = $user AND comment = $comment");
 	if($#same >= 0) { return; }
 	
-	$this->{dbh}->do("INSERT INTO $this->{comment_tb} (id, user, afid, comment, pswd, timestamp) VALUES ($id, '$user', '$afid', '$comment', '', $time)");
+	$this->{dbh}->do("INSERT INTO $this->{comment_tb} (id, user, afid, comment, pswd, timestamp) VALUES ($id, $user, '$afid', $comment, '', $time)");
 }
 
 
@@ -551,14 +553,14 @@
 sub validate {
 	my ($this, $str) = @_;
 
-	$str =~ s/,/、/g;
-	$str =~ s/'/’/g;
-	$str =~ s/"/”/g;
+	$str =~ s/'/"/g;
+	$str =~ s/"/"/g;
 	$str =~ s/</&lt;/g;
 	$str =~ s/>/&gt;/g;
 	$str =~ s/\r\n/<br \/>/g;
 	$str =~ s/[\r\n]/<br \/>/g;
 	$str =~ s/(s?https?:\/\/[-_.!~*'()a-zA-Z0-9;\/?:\@&=+\$,%#]+)/<a href="$1">$1<\/a>/g;
+	$str = $this->{dbh}->quote($str);
 	return $str;
 }
 

• 前の記事 [Affelio-cvs 160] CVS update: affelio
• 次の記事 [Affelio-cvs 162] CVS update: affelio
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]