/** Tarkasta kysymys
* @param $title string
* @param $body string
* @param $tags string
* @return boolean
*/
function validate_input($title, $body, $tags)
{
echo "sisalla validaatiossa";
if (!validate_title($title)) {
echo "Virheellinen title";
return false;
} else {
if (!validate_body($body)) {
echo "Virheellinen body";
return false;
} else {
if (!validate_tags($tags)) {
echo "Virheellinen tag";
return false;
} else {
return true;
}
}
}
}
<?php
require_once 'private/check_login.php';
require_once 'private/sqldetails.php';
require_once 'private/mysql_fix_string.php';
$fail_msg = '';
if (isset($_POST['submit']) && isset($_POST['title'])) {
$target_dir = 'uploads/';
$uploadOK = 1;
$target_file = $target_dir . basename($_FILES['fileToUpload']['name']);
$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
$check = getimagesize($_FILES['fileToUpload']['tmp_name']);
$check !== false ? $uploadOK = 1 : ($uploadOK = 0);
$title = fix_string($_POST['title']);
validate_title($title) == '' ? $uploadOK = 1 : ($uploadOK = 0);
$target_file = hash('ripemd128', $_FILES['fileToUpload']['tmp_name']) . "." . $imageFileType;
$target_path = $target_dir . $target_file;
if (file_exists($target_path)) {
$uploadOK = 0;
$fail_msg = 'Already exists.';
}
if ($_FILES['fileToUpload']['size'] > 10000000) {
$uploadOK = 0;
$fail_msg = 'Too big.';
}
if ($imageFileType != 'jpg' && $imageFileType != 'png' && $imageFileType != 'jpeg') {
$uploadOK = 0;
$fail_msg = 'Not jpg, png or jpeg.';
}
if ($uploadOK == 0) {
} else {
if ($pay_max == 0 && $pay_min == 0) {
$payment = "Negotiable";
}
$input = ["title" => $jobtitle, "location" => $job_location, "payment" => $payment, "url" => $jobtitle_clean_url, "country" => $job_country, "jnum" => $job_number];
$correct_result = true;
/*---------------Country---------------*/
if (isset($u_country) && $u_country !== "") {
validate_country();
}
/*---------------City---------------*/
if (isset($u_city) && $u_city !== "") {
validate_city();
}
/*---------------Title---------------*/
if (isset($u_jobtitle) && $u_jobtitle !== "") {
validate_title();
}
/*---------------Category---------------*/
if (isset($u_category) && $u_category !== "Industry" && $u_category !== "") {
validate_category();
}
/*---------------Location---------------*/
if (isset($u_location) && $u_location !== "Location" && $u_location !== "") {
validate_location();
}
/*---------------keywords---------------*/
if (isset($u_keywords) && $u_keywords !== "") {
validate_keywords_and();
}
/*---------------Display Result---------------*/
if ($correct_result == true) {
$db_write = get_db_write();
if (!$me) {
show_error_redirect_back("Please log in before uploading an image");
}
if (isset($_SESSION['image_filename']) == false) {
show_error_redirect_back("Error uploading image! A session variable is missing set, so either there was a session timeout or you tried to reload the page. Please try again.");
}
$image_filename = $_SESSION['image_filename'];
$_SESSION['image_filename'] = null;
if (isset($_POST['category_id']) == false || is_numeric($_POST['category_id']) == false) {
show_error_redirect_back("Error -- category wasn't found");
}
$title = mysql_escape_string(htmlentities(trim($_POST['title'])));
$caption = mysql_escape_string(nl2br(htmlentities(trim($_POST['caption']))));
$category = get_category_by_category_id($_POST['category_id'], $db_read);
if (validate_title($title) == false) {
show_error_redirect_back("Invalid title. Titles have to be 0-{$max_length_title} characters.");
}
if (validate_comment($caption) == false) {
show_error_redirect_back("Invalid caption. Captions have to be 0-{$max_length_comment} characters.");
}
# Make sure he's uploading to his own category
$result = try_mysql_query("SELECT * FROM categories WHERE user_id='" . $me['user_id'] . "' AND category_id='" . $category['category_id'] . "'", $db_read);
if (mysql_num_rows($result) == 0) {
show_error_redirect_back("Invalid category.");
}
mysql_free_result($result);
# Insert the new picture
try_mysql_query("INSERT INTO pictures (category_id, title, filename, caption, date_added) VALUES ('" . $category['category_id'] . "', '{$title}', '{$image_filename}', '{$caption}', NOW())", $db_write);
$picture_id = mysql_insert_id($db_write);
# Update the las modified category (used for the default selection in the category combo)
require_once 'private/sqldetails.php';
require_once 'private/mysql_fix_string.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
$submit_string = 'Add entry';
$entry_input = '';
$title = $author = $total_pages = '';
$fail = '';
if (isset($_POST['title'])) {
$title = fix_string($_POST['title']);
if (isset($_POST['author'])) {
$author = fix_string($_POST['author']);
}
if (isset($_POST['total_pages'])) {
$total_pages = fix_string($_POST['total_pages']);
}
$fail = validate_title($title);
$fail .= validate_author($author);
$fail .= validate_total_pages($total_pages);
if ($fail == '') {
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
$ti_temp = mysql_entities_fix_string($connection, $title);
$au_temp = mysql_entities_fix_string($connection, $author);
$to_temp = mysql_entities_fix_string($connection, $total_pages);
if (isset($_POST['entry_id'])) {
$ei_temp = mysql_entities_fix_string($connection, $_POST['entry_id']);
$query = "UPDATE movies SET title='{$ti_temp}', author='{$di_temp}', total_pages='{$ye_temp}',\n imdb_rating='{$im_temp}', rating='{$ra_temp}', date='{$da_temp}'\n WHERE user_id='{$user_id}' AND entry_id='{$ei_temp}'";
} else {
$query = "INSERT INTO user_books(title, author, total_pages, user_id)\n VALUES('{$ti_temp}', '{$au_temp}', '{$to_temp}', '{$user_id}')";
}
$result = $connection->query($query);
if (!$result) {
