session_start(); include "../util/user_function.inc"; include "conn.inc"; if(!$s_id){ //±ÛÀ» ¾µ¼ö ÀÖ´Â »ç¶÷À» °ñ¶ó³»´Âµ¥.. back('¼Ò±¸¸® ȸ¿ø¸¸ ±ÛÀ» ¾²½Ç¼ö ÀÖÀ¾´Ï´Ù.'); } if($mode) { //ÆûÀ¸·Î ÀüÇØÁø µ¥ÀÌŸ¸¦ ¹Þ¾ÒÀ»¶§¤Ó. if (!$boardid || !$where) { back('°Ô½ÃÆÇÀÇ ÄÚµå¿Í À§Ä¡°¡ ÇÊ¿äÇÕ´Ï´Ù.'); } if (!$subject || !$comment) { back('°Ô½ÃÆÇÀÇ Á¦¸ñ°ú ³»¿ëÀÌ ÇÊ¿äÇÕ´Ï´Ù.'); } if(isset($photo) && !empty($photo_name)) { //»çÁøÀ» ¿Ã·ÈÀ¸¸é if ($photo_size>300000) { back("»çÁøÅ©±â´Â 300,000 ¹ÙÀÌÆ®¸¦ ³ÑÀ»¼ö ¾øÀ¾´Ï´Ù."); } // echo "$photo_size"; $file_tail=substr(strrchr($photo_name,"."),1); //ÆÄÀÏ È®ÀåÀÚ ±¸Çϱâ. $file_tail=strtoupper($file_tail); if($file_tail != 'JPG' && $file_tail != 'GIF') { back("È®ÀåÀÚ°¡ JPG,GIF ÈÀϸ¸ ¿Ã¸±¼ö ÀÖÀ¾´Ï´Ù."); } /***************************************************************** $photo_name=addslashes($photo_name); $photo_name=ereg_replace(" ","",$photo_name); $photo_name=ereg_replace("\|","",$photo_name); $photo_dir="./photo/".$photo_name; $exitst=file_exists("./photo/$photo_name"); if($exitst) { back("¼±ÅÃÇϽŠÆÄÀÏ°ú µ¿ÀÏÇÑ À̸§ÀÇ ÆÄÀÏÀÌ ÀÌ¹Ì Á¸ÀçÇÕ´Ï´Ù."); } *******************************************************************/ $photo_dir="./photo/".date("U").$s_id.".".$file_tail; // alert($photo_dir); } // eof if (isset($photo)) mysql_select_db('woorinara'); $query="select * from member where id='$s_id'"; $result=mysql_query($query,$connect); $row=mysql_fetch_array($result); $line = explode("\n",$comment); $line_count = sizeof($line); $email=$row[email]."@".$row[emailserver]; $name=$row[name]; mysql_select_db('board'); $query="select thread,right(thread,1) from $boardid where fid=$fid and length(thread)=length('$thread')+1 and locate('$thread',thread)=1 and location like '$where' order by thread desc limit 1"; $result = mysql_query($query,$connect); if (!$result) { back('Ä÷¸®¿¡·¯'); } $row=mysql_num_rows($result); if($row) { $row=mysql_fetch_row($result); $thread_head=substr($row[0],0,-1); $thread_foot = ++$row[1]; $new_thread=$thread_head.$thread_foot; } else { $new_thread=$thread."A"; } $signdate = time(); ######### Á¦¸ñ°ú º»¹®ÀÇ ¹®ÀÚ¿¿¡ Æ÷ÇÔµÈ Æ¯¼ö¹®ÀÚ¸¦ escape½ÃŲ´Ù. ########## $subject = htmlspecialchars($subject); if($comment_is_html=='N') { $comment=htmlspecialchars($comment); } ########## µ¥ÀÌÅͺ£À̽º¿¡ ÀԷ°ªÀ» »ðÀÔÇÑ´Ù. ########## $query = "INSERT INTO $boardid VALUES ('', $fid, '$name', '$email', '$subject', '$comment', '', $signdate, 0,'$new_thread','$where',$line_count,'$REMOTE_ADDR','$s_id','$comment_is_html','$photo_dir','$photo_option')"; $result = mysql_query($query,$connect); if(!$result) { back('ÀμƮ ¿¡·¯'); } if(isset($photo_name) && !empty($photo_name)) { //»çÁøÀ» ¿Ã·ÈÀ¸¸é if(!copy($photo,$photo_dir)) { back("ÆÄÀÏÀ» ÁöÁ¤ÇÑ µð·ºÅ丮¿¡ º¹»çÇϴµ¥ ½ÇÆÐÇßÀ¾´Ï´Ù."); } if(!unlink($photo)) { back("ÀÓ½ÃÆÄÀÏÀ» »èÁ¦Çϴµ¥ ½ÇÆÐÇß½À´Ï´Ù."); } } if($key_field) { goto_refresh_page("search.html?boardid=$boardid&where=$where&page=$page&key=$key&key_field=$key_field",0); } else { goto_refresh_page("list.html?boardid=$boardid&where=$where&page=$page",0); } } ?>
´ë/ÇÑ/¹Î/±¹
¹®/È/Áö/µµ |