if (get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_escape_string($str); } echo $_FILES['img'] . "<br>"; echo $_FILES['img']['size'] . "<br>"; if (isset($_FILES['img']) && $_FILES['img']['size'] > 0) { $tmpName = $_POST['img']['tmp_name']; $fp = fopen($tmpName, 'r'); $data = fread($fp, filesize($tmpName)); $data = addslashes($data); fclose($fp); echo $data . "<br>"; } $sql_qry = "INSERT INTO `mid`(\n\tid, \n\ttitle, \n\tlat, \n\tlng, \n\tmany, \n\tadvise, \n\tnotes,\n\timg)\nVALUES (\n\tNULL, \n\t'" . prepSQL($_POST['title']) . "', \n\t'" . prepSQL($_POST['lat']) . "', \n\t'" . prepSQL($_POST['lng']) . "', \n\t'" . prepSQL($_POST['many']) . "', \n\t'" . prepSQL($_POST['advise']) . "', \n\t'" . prepSQL($_POST['notes']) . "',\n\t'" . prepSQL($_POST['img']) . "')"; mysql_query($sql_qry) or die(mysql_error()); $db = mysql_query("SELECT id FROM `mid` ORDER BY id DESC LIMIT 1"); $row = mysql_fetch_array($db); echo $sql_qry . "<br>"; echo json_encode($_POST) . "<br>"; echo json_encode($_FILES); ?> <script> var id; if(localStorage.localid){ id=localStorage.localid.split(','); }else{ id=[]; localStorage.localid=[]; }
die("Labels table NOT created: " . mysql_error() . "</br>"); } // Create 'VotingBox' table-------------------------------------------------------------- // ID unique index for each entry // voter identifier for the client submitting a ballot // ballot the voter's selection $newTable = "CREATE TABLE VotingBox (\r\n ID\t\t\t\tINT NOT NULL AUTO_INCREMENT PRIMARY KEY,\r\n voter\t\t\tTEXT,\r\n ballot\t\t\tTEXT\r\n )"; // Execute query if (mysql_query($newTable)) { echo "VotingBox table created</br>"; } else { die("VotingBox table NOT created: " . mysql_error() . "</br>"); } // Convert data FORM -> PHP $varPass = $_POST['formPass']; //Fill in the Attributes table $newAttributes = "INSERT INTO Attributes (numberOfChoices, active, chartType, useLabels, adminPassword)\r\n\t\tVALUES (4, FALSE, 'vbar', FALSE, " . prepSQL($varPass) . ")"; // Execute query if (mysql_query($newAttributes)) { echo "</br>Attributes initialized: </br>\r\n 4 choices, </br>\r\n voting is not currently active, </br>\r\n results will be displayed as a horizontal bar graph, </br>\r\n labels will not be used, </br>\r\n the admin password is " . prepSQL($varPass) . "</br>"; } else { die("Attributes NOT initialized: " . mysql_error() . "</br>"); } // Close connection and notify user the script has completed mysql_close($con); echo "</br>COMPLETE</br></br>"; echo "You can now remove the 'setup.php' file. </br>"; } ?>
} $query = 'INSERT INTO genre_tb (genre) VALUES (' . prepSQL($genre) . ')'; mysql_query($query, $db) or die(mysql_error($db)); mysql_close($db); header("Location: add-video.php"); exit; } if ($_POST['lang-submit'] == "Submit") { $lang = $_POST['lang']; if (safeSQL($lang) == '') { header("Location: add-video.php"); exit; } $query = 'INSERT INTO lang_tb (lang) VALUES (' . prepSQL($lang) . ')'; mysql_query($query, $db) or die(mysql_error($db)); mysql_close($db); header("Location: add-video.php"); exit; } function prepSQL($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote $value = "'" . mysql_real_escape_string($value) . "'"; return $value; }