Beispiel #1
0
function clean4sql($var)
{
    if (!is_array($var) && is_string($var)) {
        $var = (array) $var;
    }
    foreach ($var as $k => $v) {
        $var[$k] = is_array($v) ? clean4sql($v) : mysql_escape_string(stripslashes(trim($v)));
    }
    return $var;
}
Beispiel #2
0
function treatURLForm()
{
    if (isset($_POST['url'])) {
        $_POST = clean4sql($_POST);
        $q = mysql_query("SELECT id  FROM `amsn_files` WHERE id = " . (int) $_POST['id'] . ";");
        $row = mysql_fetch_assoc($q);
        if ($row['filename'] != '') {
            unlink(getFilePath($row['filename']));
        }
        if (mysql_query("UPDATE `amsn_files` SET filename = '', `url` = '{$_POST['url']}', `lastmod` = NOW() WHERE id = '" . (int) $_POST['id'] . "' LIMIT 1")) {
            return array('success' => "File successfully modified");
        } else {
            #echo mysql_error();
            return array('error' => "There was an error when trying to update the database registry");
        }
    }
}
Beispiel #3
0
    if ($idn != 0) {
        ?>
    <input type="hidden" name="id" value="<?php 
        echo $idn;
        ?>
" />
<?php 
    }
    ?>
    <input type="submit" />
</form>
<?php 
}
if ($_GET['action'] == 'add') {
    if (isset($_POST['title'], $_POST['text'])) {
        $_POST = clean4sql($_POST);
        if (mysql_query("INSERT INTO `amsn_news` (author, time) VALUES ('" . (int) $_SESSION['id'] . "', UNIX_TIMESTAMP())")) {
            $title = $_POST['title'];
            $text = $_POST['text'];
            $id = mysql_insert_id();
            $query = "UPDATE amsn_news SET title='news_{$id}_title',text='news_{$id}_text' WHERE id='{$id}'";
            mysql_query($query) or die(mysql_error());
            $query = "INSERT INTO amsn_langs (lang_key,lang_text) VALUES ('news_{$id}_title','{$title}')";
            mysql_query($query) or die(mysql_error());
            $query = "INSERT INTO amsn_langs (lang_key,lang_text) VALUES ('news_{$id}_text','{$text}')";
            mysql_query($query) or die(mysql_error());
            echo "<p>Post successfully added to the database</p>\n";
            return;
        } else {
            echo "<p>An error ocurred while trying to add the post to the database</p>\n";
            form(htmlentities($_POST['title']), htmlentities($_POST['text']));
Beispiel #4
0
function treatURLForm($prefix)
{
    $field_name = $prefix . 'url';
    if (isset($_POST[$field_name])) {
        $_POST = clean4sql($_POST);
        if (!mysql_num_rows($q = mysql_query("SELECT id  FROM `amsn_files` WHERE LOWER(`url`) = LOWER('" . $_POST[$field_name] . "');"))) {
            if (mysql_query("INSERT INTO `amsn_files` (url,lastmod) VALUES ('" . $_POST[$field_name] . "', NOW());")) {
                return array('id' => mysql_insert_id(), 'name' => $_POST[$field_name]);
            } else {
                return array('error' => mysql_error());
            }
        } else {
            $row = mysql_fetch_assoc($q);
            return array('id' => $row['id'], 'name' => $_POST[$field_name]);
        }
    }
}