Changeset 16379
- Timestamp:
- 2007/10/11 16:41:56 (16 years ago)
- Location:
- branches/feature-module-update
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/feature-module-update/data/class/SC_SelectSql.php
r15571 r16379 170 170 for( $i = 0; $i < $count; $i++ ) { 171 171 172 if( isset( $arrWhere[$i]["value"] ) ) $statement .= $arrWhere[$i]["column"] ." = '" . addslashes( $arrWhere[$i]["value"] ) ."'OR " ;172 if( isset( $arrWhere[$i]["value"] ) ) $statement .= $arrWhere[$i]["column"] ." = " . SC_Utils_Ex::sfQuoteSmart($arrWhere[$i]["value"]) ." OR " ; 173 173 } 174 174 -
branches/feature-module-update/data/class/pages/admin/customer/LC_Page_Admin_Customer.php
r16326 r16379 206 206 if ($result_customer[0]["status"] == 2) { //本会員削除 207 207 $arrDel = array("del_flg" => 1, "update_date" => "NOW()"); 208 $objQuery->conn->autoExecute("dtb_customer", $arrDel, "customer_id = " . addslashes($_POST["edit_customer_id"]) );208 $objQuery->conn->autoExecute("dtb_customer", $arrDel, "customer_id = " . SC_Utils_Ex::sfQuoteSmart($_POST["edit_customer_id"]) ); 209 209 } elseif ($result_customer[0]["status"] == 1) { //仮会員削除 210 210 $sql = "DELETE FROM dtb_customer WHERE customer_id = ?"; … … 244 244 245 245 if ($_POST["mode"] == 'csv') { 246 $searchSql = $objSelect->getListCSV($ arrColumnCSV);246 $searchSql = $objSelect->getListCSV($this->arrColumnCSV); 247 247 }else{ 248 248 $searchSql = $objSelect->getList(); … … 279 279 280 280 //- CSV出力 281 $data = lfGetCSVData($this->search_data, $arrColumn);282 283 sfCSVDownload($header.$data);281 $data = $this->lfGetCSVData($this->search_data, $arrColumn); 282 283 SC_Utils_Ex::sfCSVDownload($header.$data); 284 284 exit; 285 285 break; … … 295 295 if ($result_customer[0]["status"] == 2) { //本会員削除 296 296 $arrDel = array("del_flg" => 1, "update_date" => "NOW()"); 297 $objQuery->conn->autoExecute("dtb_customer", $arrDel, "customer_id = " . addslashes($_POST["del_customer_id"]) );297 $objQuery->conn->autoExecute("dtb_customer", $arrDel, "customer_id = " . SC_Utils_Ex::sfQuoteSmart($_POST["del_customer_id"]) ); 298 298 } elseif ($result_customer[0]["status"] == 1) { //仮会員削除 299 299 $sql = "DELETE FROM dtb_customer WHERE customer_id = ?"; -
branches/feature-module-update/data/class/pages/admin/products/LC_Page_Admin_Products.php
r16326 r16379 113 113 if($_POST['category_id'] != "") { 114 114 // ランク付きレコードの削除 115 $where = "category_id = " . addslashes($_POST['category_id']);115 $where = "category_id = " . SC_Utils_Ex::sfQuoteSmart($_POST['category_id']); 116 116 $objDb->sfDeleteRankRecord("dtb_products", "product_id", $_POST['product_id'], $where); 117 117 } else { -
branches/feature-module-update/data/class/pages/admin/products/LC_Page_Admin_Products_ClassCategory.php
r15532 r16379 14 14 * @package Page 15 15 * @author LOCKON CO.,LTD. 16 * @version $Id $16 * @version $Id:LC_Page_Admin_Products_ClassCategory.php 15532 2007-08-31 14:39:46Z nanasess $ 17 17 */ 18 18 class LC_Page_Admin_Products_ClassCategory extends LC_Page { … … 70 70 71 71 if (!isset($_POST['mode'])) $_POST['mode'] = ""; 72 73 if (isset($_POST['class_id'])) { 74 if (!SC_Utils_Ex::sfIsInt($_POST['class_id'])) { 75 SC_Utils_Ex::sfDispError(""); 76 } 77 } 72 78 73 79 // 新規作成 or 編集 … … 98 104 case 'delete': 99 105 // ランク付きレコードの削除 100 $where = "class_id = " . addslashes($_POST['class_id']);106 $where = "class_id = " . SC_Utils_Ex::sfQuoteSmart($_POST['class_id']); 101 107 $objDb->sfDeleteRankRecord("dtb_classcategory", "classcategory_id", $_POST['classcategory_id'], $where, true); 102 108 break; … … 112 118 break; 113 119 case 'down': 114 $where = "class_id = " . addslashes($_POST['class_id']);120 $where = "class_id = " . SC_Utils_Ex::sfQuoteSmart($_POST['class_id']); 115 121 $objDb->sfRankDown("dtb_classcategory", "classcategory_id", $_POST['classcategory_id'], $where); 116 122 break; 117 123 case 'up': 118 $where = "class_id = " . addslashes($_POST['class_id']);124 $where = "class_id = " . SC_Utils_Ex::sfQuoteSmart($_POST['class_id']); 119 125 $objDb->sfRankUp("dtb_classcategory", "classcategory_id", $_POST['classcategory_id'], $where); 120 126 break; -
branches/feature-module-update/data/class/pages/regist/LC_Page_Regist.php
r16371 r16379 130 130 //$this->tpl_mainpage = 'regist/complete.tpl'; 131 131 //$this->tpl_title = ' 会員登録(完了ページ)'; 132 $registSecretKey = lfRegistData($_GET); //本会員登録(フラグ変更)133 lfSendRegistMail($registSecretKey); //本会員登録完了メール送信132 $registSecretKey = $this->lfRegistData($_GET); //本会員登録(フラグ変更) 133 $this->lfSendRegistMail($registSecretKey); //本会員登録完了メール送信 134 134 135 135 // ログイン済みの状態にする。 … … 137 137 $email = $objQuery->get("dtb_customer", "email", "secret_key = ?", array($registSecretKey)); 138 138 $objCustomer->setLogin($email); 139 $this->sendRedirect($this->getLocation("./complete.php")); 140 header("Location: " . gfAddSessionId("./complete.php")); 139 $this->sendRedirect($this->getLocation("./complete.php"), true); 141 140 exit; 142 141 } … … 188 187 $arrRet = $objQuery->select("point", "dtb_customer", $where, array($array["id"])); 189 188 // 会員登録時の加算ポイント(購入時会員登録の場合は、ポイント加算) 190 $arrRegist['point'] = $arrRet[0]['point'] + addslashes($arrInfo['welcome_point']);189 $arrRegist['point'] = $arrRet[0]['point'] + $arrInfo['welcome_point']; 191 190 192 191 $objQuery->update("dtb_customer", $arrRegist, $where, array($array["id"])); … … 229 228 } 230 229 231 $objQuery->update("dtb_customer", $arrRegistMail, "email = '" .addslashes($email). "'AND del_flg = 0");230 $objQuery->update("dtb_customer", $arrRegistMail, "email = " . SC_Utils_Ex::sfQuoteSmart($email). " AND del_flg = 0"); 232 231 $objConn->query("COMMIT"); 233 232 -
branches/feature-module-update/data/class/pages/shopping/LC_Page_Shopping_Deliv.php
r16170 r16379 136 136 // 別のお届け先がチェックされている場合 137 137 } elseif($_POST['deliv_check'] >= 1) { 138 if ( sfIsInt($_POST['deliv_check'])) {138 if (SC_Utils_Ex::sfIsInt($_POST['deliv_check'])) { 139 139 // 登録済みの別のお届け先を受注一時テーブルに書き込む 140 lfRegistOtherDelivData($uniqid, $objCustomer, $_POST['deliv_check']);140 $this->lfRegistOtherDelivData($uniqid, $objCustomer, $_POST['deliv_check']); 141 141 // 正常に登録されたことを記録しておく 142 142 $objSiteSess->setRegistFlag(); -
branches/feature-module-update/data/class/util/SC_Utils.php
r16327 r16379 1278 1278 1279 1279 case '1': 1280 $objConn->autoExecute("dtb_customer_mail_temp",$arrRegistMailMagazine, "email = '" .addslashes($email). "'");1280 $objConn->autoExecute("dtb_customer_mail_temp",$arrRegistMailMagazine, "email = " .SC_Utils::sfQuoteSmart($email)); 1281 1281 break; 1282 1282 } -
branches/feature-module-update/html/mobile/regist/index.php
r16322 r16379 87 87 $arrRet = $objQuery->select("point", "dtb_customer", $where, array($array["id"])); 88 88 // 会員登録時の加算ポイント(購入時会員登録の場合は、ポイント加算) 89 $arrRegist['point'] = $arrRet[0]['point'] + addslashes($arrInfo['welcome_point']);89 $arrRegist['point'] = $arrRet[0]['point'] + $arrInfo['welcome_point']; 90 90 91 91 $objQuery->update("dtb_customer", $arrRegist, $where, array($array["id"])); … … 128 128 } 129 129 130 $objQuery->update("dtb_customer", $arrRegistMail, "email = '" .addslashes($email). "'AND del_flg = 0");130 $objQuery->update("dtb_customer", $arrRegistMail, "email = " . SC_Utils_Ex::sfQuoteSmart($email). " AND del_flg = 0"); 131 131 $objConn->query("COMMIT"); 132 132 -
branches/feature-module-update/html/mobile/shopping/deliv_addr.php
r15532 r16379 210 210 $objConn->query("BEGIN"); 211 211 if ($array['other_deliv_id'] != ""){ 212 $objConn->autoExecute("dtb_other_deliv", $arrRegist, "other_deliv_id= '" .addslashes($array["other_deliv_id"]). "'");212 $objConn->autoExecute("dtb_other_deliv", $arrRegist, "other_deliv_id=" SC_Utils_Ex::sfQuoteSmart($array["other_deliv_id"])); 213 213 }else{ 214 214 $objConn->autoExecute("dtb_other_deliv", $arrRegist);
Note: See TracChangeset
for help on using the changeset viewer.