- if ($serno == 0)
- $r=mysql_query("select * from boards order by serno limit $offset,$limit");
- else
- $r=mysql_query("select * from boards where serno=$serno");
+ $query = "select * from boards";
+ if ($serno != '') {
+ $pre = " where ";
+ foreach (preg_split("/[\s,]+/", $serno) as $s) {
+ if (preg_match('/^[0-9]+$/',$s))
+ $query .= $pre . "serno=" . $s;
+ else if (preg_match('/^([0-9]+)-([0-9]+)$/',$s,$m)) {
+ $m1 = intval($m[1]); $m2 = intval($m[2]);
+ if ($m2 <= $m1)
+ die("bad serial number range ($s)");
+ $query .= $pre . "(serno>=$m[1] and serno<=$m[2])";
+ }
+ else
+ die("illegal serial number ($s)");
+ $pre = " or ";
+ }
+ }
+ $query .= " order by serno";
+ if ($serno == '')
+ $query .= " limit $offset,$limit";
+
+ $r = mysql_query($query);