<?php session_start(); /* * xfs * 过滤输入的字符串 * $str 输入的字符串 */ function xfs($str) { return preg_replace("/[ '.:;*?~`!\$^<>{}]|\\]|\\[|\\/|\\\\|\"|\\|/", "", $str); } include 'config/config.class.php'; set_time_limit(60000); header('Content-type: text/html; charset=utf-8'); //这个是默认选择utf-8编码 date_default_timezone_set('Asia/Shanghai'); $orcode = xfs($_SESSION['code']); $postcode = strtolower($_POST["input1"]); if ($postcode == $orcode) { if (xfs($_POST["xy"]) == "" || xfs($_POST["xh"]) == "" || xfs($_POST["xm"]) == "" || xfs($_POST["xy"]) == "" || xfs($_POST["bj"]) == "") { echo "<b style='color:red;'>错误,请检查你的输入</b>"; } else { require 'model/uploadinsert.php'; } } else { echo "<b style='color:red;'>验证码输入错误</b>"; } function HandleError($message) { echo $message; }
<?php $obj = new mysql_helper(); $conn = $obj->connect(); $file_name_show = xfs($_POST["xy"]) . '/' . xfs($_POST["xh"]) . '_' . xfs($_POST["xm"]) . '_' . xfs($_POST["xy"]) . '_' . xfs($_POST["bj"]) . '.doc'; $filename = xfs($_POST["xh"]) . '_' . xfs($_POST["xm"]) . '_' . xfs($_POST["xy"]) . '_' . xfs($_POST["bj"]); $stunumb = xfs($_POST["xh"]); $listdir = xfs($_POST["xy"]); $sqlc = "select stunumber from upload_table where stunumber='{$stunumb}'"; @($result = $obj->mysql_selecte($sqlc, $conn)); $result = mysql_fetch_array($result); if ($result[0] == $stunumb) { $sqlu = "update upload_table set filename='{$filename}' where stunumber='{$stunumb}'"; @$obj->mysql_do($sqlu, $conn); } else { $sql = "insert into upload_table(filename,stunumber,academy) values('{$filename}','{$stunumb}','{$listdir}')"; $sql1 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','1')"; $sql2 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','2')"; $sql3 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','3')"; @$obj->mysql_do($sql, $conn); @$obj->mysql_do($sql1, $conn); @$obj->mysql_do($sql2, $conn); @$obj->mysql_do($sql3, $conn); } @$obj->mysql_close($conn); $POST_MAX_SIZE = ini_get('post_max_size'); $unit = strtoupper(substr($POST_MAX_SIZE, -1)); $multiplier = $unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)); if ((int) $_SERVER['CONTENT_LENGTH'] > $multiplier * (int) $POST_MAX_SIZE && $POST_MAX_SIZE) { header("HTTP/1.1 500 Internal Server Error"); echo "POST exceeded maximum allowed size.";