Exemple #1
0
<link rel="shortcut icon" href="images/favicon.ico" />
<script type="text/javascript" src="js/add_img.js"></script>
</head>
<body>
<?php 
define('IN_TG', true);
require dirname(__FILE__) . '/includes/conn.inc.php';
require dirname(__FILE__) . '/includes/global.fun.php';
require dirname(__FILE__) . '/includes/add_dir_fun.php';
require dirname(__FILE__) . '/includes/common.inc.php';
//普通会员也可以添加图片
check_login();
if ($_GET['action'] == 'add_img') {
    $clean = array();
    $clean['name'] = check_name($_POST['name']);
    $clean['url'] = check_photo_url($_POST['url']);
    $clean['content'] = $_POST['content'];
    $clean['dir_id'] = $_POST['dir_id'];
    //开始写入数据库
    mysql_query("insert into photo (\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tname,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tusername,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\turl,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tcontent,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdir_id,\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdate\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)\r\n\t\t \t\t\t\t\t\t\tvalues\t\t\t\t\t(\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['name']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$_COOKIE['username']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['url']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['content']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'{$clean['dir_id']}',\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\tnow()\r\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t)");
    if (mysql_affected_rows() == 1) {
        location('图片添加成功', 'photo_show.php?id=' . $clean['dir_id']);
    } else {
        alert('图片添加失败');
    }
    exit;
}
//获取数据
if (isset($_GET['id'])) {
    if (!!($row = mysql_fetch_array(mysql_query("select * from add_dir where id='{$_GET['id']}'")))) {
        $html = array();
Exemple #2
0
    } else {
        alert('非法操作');
    }
}
//保存图片信息进入数据库
if (@$_GET['action'] == 'addphoto') {
    //要删除的时候,需要进行唯一标识符验证,避免恶意删除
    if (!!($rows1 = fetch_array("SELECT bbs_uniqid FROM bbs_users WHERE bbs_username='******'username']}' LIMIt 1"))) {
        //为了防止cookie伪造,要比对一下唯一标识符uniqid
        uniqid_check($rows1['bbs_uniqid'], $_COOKIE['uniqid']);
        //引入验证文件
        include ROOT_PATH . 'includes/check.func.php';
        //接收数据
        $clean = array();
        $clean['name'] = mysql_real_escape_string(check_dir_name($_POST['name'], 2, 20));
        $clean['url'] = mysql_real_escape_string(check_photo_url($_POST['url']));
        $clean['content'] = mysql_real_escape_string($_POST['content']);
        $clean['fid'] = mysql_real_escape_string($_POST['fid']);
        //写入数据库
        query("INSERT INTO bbs_photo (\n                                    bbs_name,\n                                    bbs_url,\n                                    bbs_content,\n                                    bbs_fid,\n                                    bbs_username,\n                                    bbs_date\n                                    )\n                            VALUES (\n                                    '{$clean['name']}',\n                                    '{$clean['url']}',\n                                    '{$clean['content']}',\n                                    '{$clean['fid']}',\n                                    '{$_COOKIE['username']}',\n                                    NOW()\n                                )\n            ");
        if (affected_rows() == 1) {
            //关闭数据库
            close();
            location('图片添加成功!', 'show_photo.php?id=' . $clean['fid']);
        } else {
            close();
            alert('图片添加失败');
        }
    } else {
        alert('非法操作');
    }