@@ -34,9 +34,9 @@
$sql = "SELECT topic.id,title,name,description FROM topic LEFT JOIN user ON topic.author = user.id WHERE topic.id=".$_GET['id'];
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
- echo '
'.$row['title'].'
';
- echo '
'.$row['name'].'
';
- echo $row['description'];
+ echo '
'.htmlspecialchars($row['title']).'
';
+ echo '
'.htmlspecialchars($row['name']).'
';
+ echo strip_tags($row['description'], '
- ');
}
?>
diff --git a/php/5.php b/php/5.php
new file mode 100644
index 0000000..1cc733f
--- /dev/null
+++ b/php/5.php
@@ -0,0 +1,10 @@
+
+
+
+
+
+ alert(1);');
+ ?>
+
+
diff --git a/phpjs/14.php b/phpjs/14.php
new file mode 100644
index 0000000..3bce34e
--- /dev/null
+++ b/phpjs/14.php
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+ num_rows == "0"){
+ echo "뉘신지?";
+ } else {
+ echo "안녕하세요. 주인님";
+ }
+ ?>
+
+
diff --git a/process.php b/process.php
index 8e81eaf..a1f19be 100644
--- a/process.php
+++ b/process.php
@@ -1,17 +1,22 @@
num_rows == 0){
- $sql = "INSERT INTO user (name, password) VALUES('".$_POST['author']."', '111111')";
+ $sql = "INSERT INTO user (name, password) VALUES('".$author."', '111111')";
mysqli_query($conn, $sql);
$user_id = mysqli_insert_id($conn);
} else {
$row = mysqli_fetch_assoc($result);
$user_id = $row['id'];
}
-$sql = "INSERT INTO topic (title,description,author,created) VALUES('".$_POST['title']."', '".$_POST['description']."', '".$user_id."', now())";
+$sql = "INSERT INTO topic (title,description,author,created) VALUES('".$title."', '".$description."', '".$user_id."', now())";
$result = mysqli_query($conn, $sql);
header('Location: http://localhost/index.php');
?>