if(ereg("([^[:space:]]+)", $email) && (!ereg("(^[_0-9a-zA-Z-]+(\.[_0-9a-zA-Z-]+)*@[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*$)", $email)) ) {
echo("");
exit;
}
if(ereg("([^[:space:]]+)", $homepage) && (!ereg("http://([0-9a-zA-Z./@~?&=_]+)", $homepage)) ) {
echo("");
exit;
}
if(!ereg("([^[:space:]]+)", $subject)) {
echo("");
exit;
}
if(!ereg("(^[0-9a-zA-Z]{4,}$)", $passwd)) {
echo("");
exit;
}
if(!ereg("([^[:space:]]+)", $comment)) {
echo("");
exit;
}
########## µ¥ÀÌÅͺ£À̽º¿¡ ¿¬°áÇÑ´Ù. ###########
include "../includes/dbconn.inc";
######### ¿ø±ÛÀÇ ÀԷ°ªÀ¸·ÎºÎÅÍ ´äº¯±Û¿¡ ÀÔ·ÂÇÒ Á¤º¸(Á¤·Ä ¹× indent¿¡ ÇÊ¿äÇÑ threadÇʵ尪)¸¦ »Ì¾Æ³½´Ù. ##########
$query = "SELECT thread,right(thread,1) FROM qna WHERE fid = $fid AND length(thread) = length('$thread')+1 AND locate('$thread',thread) = 1 ORDER BY thread DESC LIMIT 1";
$result = mysql_query($query,$dbconn);
if(!$result) {
echo("");
exit;
}
$rows = mysql_num_rows($result);
if($rows) {
$row = mysql_fetch_row($result);
$thread_head = substr($row[0],0,-1);
$thread_foot = ++$row[1];
$new_thread = $thread_head . $thread_foot;
} else {
$new_thread = $thread . "A";
}
$signdate = time();
########## Á¦¸ñ°ú º»¹®ÀÇ ¹®ÀÚ¿¿¡ Æ÷ÇÔµÈ Æ¯¼ö¹®ÀÚ¸¦ escape½ÃŲ´Ù. ##########
$subject = addslashes($subject);
$comment = addslashes($comment);
########## µ¥ÀÌÅͺ£À̽º¿¡ ÀԷ°ªÀ» »ðÀÔÇÑ´Ù. ##########
$query = "INSERT INTO qna (fid, name, email, homepage, subject, comment, passwd, signdate, ref, thread) VALUES ('$fid', '$name', '$email', '$homepage', '$subject', '$comment', password('$passwd'), $signdate, 0, '$new_thread')";
$result = mysql_query($query,$dbconn);
if($result) {
########## ¸®½ºÆ® Ãâ·ÂȸéÀ¸·Î À̵¿ÇÑ´Ù. ##########
echo ("");
} else {
echo("");
exit;
}
?>