1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
<?
include("../manage/category/common.php");
if( isset($mode) && $mode == "insert"){ // as»õ°Ô½Ã¹° ÀÔ·Â.
$memberQry = " SELECT * FROM member WHERE Mid = '$_COOKIE[USERID]' ";
$memberResult = MYSQL_QUERY($memberQry);
$memberRow = MYSQL_FETCH_ARRAY($memberResult);
$_subject = str_replace('\"', "", $subject);
$_content = addslashes($content);
$reg_date = Time();
//fid¸¦ ±¸ÇÑ´Ù.
$fidQry = "select fid from mBoard_as order by fid desc limit 1";
$fidResult = mysql_query($fidQry);
$fidRow = mysql_fetch_array($fidResult);
$_fid = $fidRow[0] +1;
$Mid = $_COOKIE[USERID];
//¹ÌÁø119¸¦ ÅëÇؼ ÀÛ¼ºµÈ±ÛÀº Á¦¸ñ ¾Õ¿¡ [119]¸¦ ºÙÀÓ
if ($filedir=="") {
$insertQry = " insert into mBoard_as values
( '','$memberRow[Mname]','$memberRow[Mcompany]','$memberRow[Memail]','','$memberRow[Mtel1]','$memberRow[Mhp]','$_subject','$_content','$filename',
'','','A','n','$reg_date','','','$Mid','$_fid','$Msw1',
'','A'
)";
} else {
$insertQry = " insert into mBoard_as values
( '','$memberRow[Mname]','$memberRow[Mcompany]','$memberRow[Memail]','','$memberRow[Mtel1]','$memberRow[Mhp]','[119]$_subject','$_content','$filename',
'','','A','n','$reg_date','','','$Mid','$_fid','$Msw1',
'','A'
)";
}
mysql_query($insertQry);
//uid°©À» ±¸ÇÑ´Ù.
$uidQry = "select uid from mBoard_as order by uid desc limit 1";
$uidResult = mysql_query($uidQry);
$uidRow = mysql_fetch_array($uidResult);
$_uid = $uidRow[0];
if( isset($add_file) && $add_file !== "" ){
$body_file_name = strstr($add_file_name,".");
if($body_file_name == ".php" || $body_file_name == ".html" || $body_file_name == ".cgi" || $body_file_name == ".pl" ||
$body_file_name == ".htm" || $body_file_name == ".php3" || $body_file_name == ".php4") {
?>
<script language="JavaScript">
alert("ÀÌ Çü½ÄÀÇ ÆÄÀÏÀº ¾÷·Îµå ÇÒ ¼ö ¾ø½À´Ï´Ù.");
history.back();
</script>
<?
}
$dir = "../save_dir/as/";
$filename = $_uid."-".$Mid."_".$add_file_name;
copy($add_file ,$dir.$filename );
unlink($add_file);
}
//ÆÄÀϳ×ÀÓÀ» ´Ù½Ã ¾÷µ¥ÀÌÆ®ÇÑ´Ù.
$filenameQry = " update mBoard_as set add_file = '$filename' WHERE uid = '$_uid' " ;
mysql_query($filenameQry);
?>
<script>
location.href = "mypage_03_01.php?pType=up&uid=<?=$_uid;?>";
</script>
<?
}
if( $mode == "update" && $uid !== ""){
$_content = addslashes($content);
$updateQry = " update mBoard_as set subject = '$subject' , content = '$_content' WHERE uid = '$uid' " ;
mysql_query($updateQry);
?>
<script>
location.href = "mypage_03_01.php?pType=up&uid=<?=$uid;?>";
</script>
<?
}
?>
|