Ignore:
Timestamp:
2010/08/26 16:23:49 (14 years ago)
Author:
nanasess
bzr:base-revision:
ohkouchi@loop-az.jp-20100826014156-g12l1o38gsj73acs
bzr:committer:
Kentaro Ohkouchi <ohkouchi@loop-az.jp>
bzr:file-ids:

data/class/db/SC_DB_DBFactory.php 15123@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fdb%2FSC_DB_DBFactory.php
data/class/db/dbfactory/SC_DB_DBFactory_MYSQL.php 15123@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fdb%2Fdbfactory%2FSC_DB_DBFactory_MYSQL.php
data/class/db/dbfactory/SC_DB_DBFactory_PGSQL.php 15123@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fdb%2Fdbfactory%2FSC_DB_DBFactory_PGSQL.php
data/class/pages/mypage/LC_Page_Mypage_DownLoad.php 18777@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Fversion-2_5-dev%2Fdata%2Fclass%2Fpages%2Fmypage%2FLC_Page_Mypage_DownLoad.php
data/class/pages/mypage/LC_Page_Mypage_History.php 16102@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fmypage%2FLC_Page_Mypage_History.php
bzr:mapping-version:
v4
bzr:repository-uuid:
1e3b908f-19a9-db11-a64c-001125224ba8
bzr:revision-id:
ohkouchi@loop-az.jp-20100826072347-bdrmnk0g8b3llidi
bzr:revno:
2276
bzr:revprop:branch-nick:
branches/version-2_5-dev
bzr:root:
branches/version-2_5-dev
bzr:text-parents:

data/class/db/SC_DB_DBFactory.php ohkouchi@loop-az.jp-20100824055828-2oy1qb3wcp85i76l
data/class/db/dbfactory/SC_DB_DBFactory_MYSQL.php ohkouchi@loop-az.jp-20100824055828-2oy1qb3wcp85i76l
data/class/db/dbfactory/SC_DB_DBFactory_PGSQL.php ohkouchi@loop-az.jp-20100824055828-2oy1qb3wcp85i76l
data/class/pages/mypage/LC_Page_Mypage_DownLoad.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow
data/class/pages/mypage/LC_Page_Mypage_History.php svn-v4:1e3b908f-19a9-db11-a64c-001125224ba8:branches/version-2_5-dev:18777
bzr:timestamp:
2010-08-26 16:23:47.036999941 +0900
bzr:user-agent:
bzr2.1.2+bzr-svn1.0.2
svn:original-date:
2010-08-26T07:23:47.037000Z
Message:
  • DB_TYPE で分岐している箇所の修正(#801)
  • プリペアドステートメントを使用するよう修正(#792)
File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/version-2_5-dev/data/class/pages/mypage/LC_Page_Mypage_DownLoad.php

    r18789 r18793  
    5454    function process() { 
    5555        ob_end_clean(); 
     56 
     57        $customer_id = $_SESSION['customer']['customer_id']; 
     58        $order_id = $_GET['order_id']; 
     59        $product_id = $_GET['product_id']; 
     60 
     61        // ID の数値チェック 
     62        // TODO SC_FormParam でチェックした方が良い? 
     63        if (!is_numeric($customer_id) 
     64            || !is_numeric($order_id) 
     65            || !is_numeric($product_id)) { 
     66            SC_Utils_Ex::sfDispSiteError(""); 
     67        } 
     68 
     69 
    5670        $objCustomer = new SC_Customer(); 
    5771        //ログインしていない場合 
     
    6175        //ログインしている場合 
    6276            //DBから商品情報の読込 
    63             $arrForm = $this->lfGetRealFileName($_GET['product_id']); 
     77 
     78            $arrForm = $this->lfGetRealFileName($customer_id, $order_id, $product_id); 
    6479 
    6580            //ステータスが支払済み以上である事 
     
    101116    } 
    102117 
    103     /* 商品情報の読み込み */ 
    104     function lfGetRealFileName($product_id) { 
     118    /** 
     119     * 商品情報の読み込みを行う. 
     120     * 
     121     * @param integer $customer_id 顧客ID 
     122     * @param integer $order_id 受注ID 
     123     * @param integer $product_id 商品ID 
     124     * @return array 商品情報の配列 
     125     */ 
     126    function lfGetRealFileName($customer_id, $order_id, $product_id) { 
    105127        $objQuery = new SC_Query(); 
    106128        $col = "*"; 
    107129        $table = "vw_download_class AS T1"; 
    108         // FIXME order_id, product_id の妥当性をチェックすべき. 
    109         if (DB_TYPE == "mysql"){ 
    110             $where = "T1.customer_id = " . (int)$_SESSION['customer']['customer_id'] . " AND T1.order_id = " . (int)$_GET['order_id'] . " AND T1.product_id = " . (int)$_GET['product_id'] . 
    111                 " AND (SELECT IF((SELECT d1.downloadable_days_unlimited FROM dtb_baseinfo d1)=1, 1, DATE(NOW()) <= DATE(DATE_ADD(T1.commit_date, INTERVAL (SELECT downloadable_days FROM dtb_baseinfo) DAY)))) = 1;"; 
    112         }else{ 
    113             $baseinfo = SC_Helper_DB_Ex::sf_getBasisData(); 
    114             $where = "T1.customer_id = " . (int)$_SESSION['customer']['customer_id'] . " AND T1.order_id = " . (int)$_GET['order_id'] . " AND T1.product_id = " . (int)$_GET['product_id'] . 
    115                 " AND (SELECT CASE WHEN (SELECT d1.downloadable_days_unlimited FROM dtb_baseinfo d1) = 1 THEN 1 WHEN DATE(NOW()) <= DATE(T1.commit_date + '". $baseinfo['downloadable_days'] ." days') THEN 1 ELSE 0 END) = 1;"; 
    116         } 
    117         $arrRet = $objQuery->select($col, $table, $where); 
     130        $dbFactory = SC_DB_DBFactory_Ex::getInstance(); 
     131        $where = "T1.customer_id = ? AND T1.order_id = ? AND T1.product_id = ?"; 
     132        $where .= " AND " . $dbFactory->getDownloadableDaysWhereSql("T1"); 
     133        $where .= " = 1"; 
     134        $arrRet = $objQuery->select($col, $table, $where, 
     135                                    array($customer_id, $order_id, $product_id)); 
    118136        return $arrRet[0]; 
    119137    } 
Note: See TracChangeset for help on using the changeset viewer.