public function insertXueshu($arr) { $user = new User($this->arr); if ($user->islogin()) { $user_id = $user->getUserId(); $huida_id = isset($arr['huida_id']) ? (int) $arr['huida_id'] : 0; $kinds = C::safe($arr['kinds'], $this->dbc); $title = C::safe($arr['title'], $this->dbc); $content = Safe::removeXSS($arr['content']); $filename = sha1(uniqid() . $user_id) . '.txt'; // $table = $this->arr['xml']->xueshu['table']; $table = $this->table; $file_dir = $this->arr['xml']->xueshu['dir']; $root_dir = $this->arr['root_dir']; if (file_put_contents(dirname(dirname(__FILE__)) . '/' . $file_dir . $filename, $content)) { $query = sprintf("INSERT INTO %s (user_id,kinds,title,filename,huida_id)\n\t\t\t\t\t\tVALUES(%d,'%s','%s','%s', %d)", $table, $user_id, $kinds, $title, $filename, $huida_id); $result = C::query($query, $this->dbc); if ($result) { $arr = array('isok' => '1', 'info' => 'Ok', 'content' => $content); } else { $arr = array('isok' => '0', 'code' => 3, 'info' => mysql_error($this->dbc)); } if ($huida_id !== 0) { $query = sprintf("UPDATE %s SET huida = huida + 1 WHERE xueshu_id = %d", $table, $huida_id); C::query($query, $this->dbc); } } else { $arr = array('isok' => '0', 'code' => 2, 'info' => 'can not write into file!'); } } else { $arr = array('isok' => '0', 'code' => 1, 'info' => 'have not login!'); } return $arr; }