OLDBOY/bbs/link.php



<title>OLDBOY/bbs/link.php</title>


<div class="header">OLDBOY/bbs/link.php</div>
<pre>&lt;?php
include_once(&#039;./_common.php&#039;);

$html_title = &#039;링크&#039;;

if (isset($write[&#039;wr_subject&#039;]) &amp;&amp; $write[&#039;wr_subject&#039;]) {
    $html_title .= &#039; &amp;gt; &#039;.conv_subject($write[&#039;wr_subject&#039;], 255);
}

$no = isset($_REQUEST[&#039;no&#039;]) ? preg_replace(&#039;/[^0-9]/i&#039;, &#039;&#039;, $_REQUEST[&#039;no&#039;]) : &#039;&#039;;

if (!($bo_table &amp;&amp; $wr_id &amp;&amp; $no))
    alert_close(&#039;값이 제대로 넘어오지 않았습니다.&#039;);

// SQL Injection 예방
$row = sql_fetch(&quot; select count(*) as cnt from {$g5[&#039;write_prefix&#039;]}{$bo_table} &quot;, FALSE);
if (!(isset($row[&#039;cnt&#039;]) &amp;&amp; $row[&#039;cnt&#039;]))
    alert_close(&#039;존재하는 게시판이 아닙니다.&#039;);

if (!(isset($write[&#039;wr_link&#039;.$no]) &amp;&amp; $write[&#039;wr_link&#039;.$no]))
    alert_close(&#039;링크가 없습니다.&#039;);

$ss_name = &#039;ss_link_&#039;.$bo_table.&#039;_&#039;.$wr_id.&#039;_&#039;.$no;
if (empty($_SESSION[$ss_name]))
{
    $sql = &quot; update {$g5[&#039;write_prefix&#039;]}{$bo_table} set wr_link{$no}_hit = wr_link{$no}_hit + 1 where wr_id = &#039;{$wr_id}&#039; &quot;;
    sql_query($sql);

    set_session($ss_name, true);
}

goto_url(set_http($write[&#039;wr_link&#039;.$no]));</pre>