diff --git a/application/admin/controllers/DataController.php b/application/admin/controllers/DataController.php index ca8f599f..482ccc42 100755 --- a/application/admin/controllers/DataController.php +++ b/application/admin/controllers/DataController.php @@ -648,6 +648,7 @@ class Admin_DataController extends Zend_Controller_Action function datafileimportAction() { if ($this->_request->isPost()) { + set_time_limit(0); $dir = $this->_request->getPost('directory'); if (file_exists($dir.'/dataset.txt')) { @@ -664,8 +665,9 @@ class Admin_DataController extends Zend_Controller_Action $sql="delete from dataset where uuid='".$duuid."'"; //datafile table will auto-delete $this->db->query($sql); - $sql="insert into dataset (path,uuid) values('".$dpath."','".$duuid."')"; - $this->db->query($sql); + //$sql="insert into dataset (path,uuid) values('".$dpath."','".$duuid."')"; + $sql="insert into dataset (path,uuid) values(?,?)"; + $this->db->query($sql,array($dpath,$duuid)); $sql="select id from dataset where uuid='".$duuid."'"; $rs=$this->db->fetchRow($sql); $dsid=$rs["id"]; @@ -686,8 +688,9 @@ class Admin_DataController extends Zend_Controller_Action { $fdepth=substr_count($fpath,"/")+1; //print $fsize." ".$fpath." ".$fdir."
"; - $sql="insert into datafile (dsid,filename,filesize,isdir,depth) values(".$dsid.",'".$fpath."',".$fsize.",".$fdir.",".$fdepth.")"; - $this->db->query($sql); + //$sql="insert into datafile (dsid,filename,filesize,isdir,depth) values(".$dsid.",'".$this->db->escape($fpath)."',".$fsize.",".$fdir.",".$fdepth.")"; + $sql="insert into datafile (dsid,filename,filesize,isdir,depth) values(?,?,?,?,?)"; + $this->db->query($sql,array($dsid,$fpath,$fsize,$fdir,$fdepth)); } } }