echo " " . str_pad("Preis", 15, ".") . ": " . $preis . "\n"; // site_file: sql bauen $sql = "SELECT * FROM site_file WHERE ffname='" . $pic . "' AND funder='Wening-Stich " . $serial . "'"; echo " " . str_pad("Ueberpruefung", 15, ".") . ": " . $sql . "\n"; $result = $db->query($sql); echo " " . str_pad("Num_Rows", 15, ".") . ": " . $db->num_rows($result) . "\n"; if ($db->num_rows($result) == 0) { $sql = "INSERT INTO site_file (ffname,\n fdesc,\n funder,\n fhit,\n ffart,\n fuid,\n fdid)\n VALUES ('" . $pic . "',\n 'Wening-Stiche:\n" . $desc . "\n" . $size . "\n" . $format . "',\n 'Wening-Stich " . $serial . "',\n 'Wening-Stiche:\n" . $desc . "\n" . $size . "\n" . $format . "',\n 'jpg',\n '1',\n '')"; // echo " ".str_pad("Einfuegen",15,".").": ".$sql."\n"; if ($result = $db->query($sql)) { echo " " . str_pad("Einfuegen", 15, ".") . ": erfolgreich\n"; $pic_source = $path_pics . "/" . $pic; echo " " . str_pad("Quelle", 15, ".") . ": " . $pic_source . "\n"; $file_id = $db->lastid(); echo " " . str_pad("last-id", 15, ".") . ": " . $file_id . "\n"; arrange($file_id, $path_pics . "/" . $pic, $pic, 0); } } // db_produkte: sql bauen $sql = "SELECT * FROM db_produkte WHERE seriennr='" . $serial . "' AND typ='wening' AND titel='" . $titel . "'"; echo " " . str_pad("Ueberpruefung", 15, ".") . ": " . $sql . "\n"; $result = $db->query($sql); echo " " . str_pad("Num_Rows", 15, ".") . ": " . $db->num_rows($result) . "\n"; if ($db->num_rows($result) == 0) { $sql = "INSERT INTO db_produkte (seriennr,\n typ,\n titel,\n beschreibung,\n preis,\n changed,\n created,\n pics)\n VALUES ('" . $serial . "',\n 'wening',\n '" . $titel . "',\n '" . $desc . "\n" . $size . "\n" . $format . "',\n '" . $preis . "',\n '" . date("Y-m-d") . "',\n '" . date("Y-m-d") . "',\n '" . $file_id . "')"; // echo " ".str_pad("Einfuegen",15,".").": ".$sql."\n"; // $result = $db -> query($sql); if ($result = $db->query($sql)) { echo " " . str_pad("Einfuegen", 15, ".") . ": erfolgreich\n"; } }
$sqla .= ", ffart"; $sqlb .= ", '" . strtolower(substr(strrchr($file, "."), 1)) . "'"; $sqla .= ", fuid"; $sqlb .= ", '" . $_SESSION["uid"] . "'"; $sqla .= ", fdid"; $sqlb .= ", '" . $_SESSION["custom"] . "'"; $sql = "insert into " . $cfg["fileed"]["db"]["file"]["entries"] . " (" . $sqla . ") VALUES (" . $sqlb . ")"; if ($debugging["sql_enable"]) { $debugging["ausgabe"] .= "sql: " . $sql . $debugging["char"]; } $result = $db->query($sql); #if ( !$result ) $ausgaben["form_error"] .= $db -> error("#(error_result)<br />"); if ($result) { $file_id = $db->lastid(); $source = $cfg["file"]["base"]["maindir"] . $cfg["file"]["base"]["new"] . $file; arrange($file_id, $source, $file); } else { $ausgaben["form_error"] .= $db->error("#(error_result)<br />"); } if ($header == "") { $header = $cfg["fileed"]["basis"] . "/add.html"; } } // wenn es keine fehlermeldungen gab, die uri $header laden if ($ausgaben["form_error"] == "") { header("Location: " . $header); } } } else { header("Location: " . $pathvars["virtual"] . "/"); }
<meta name="apple-mobile-web-app-capable" content="yes" /> <meta name="format-detection" content="telephone=no" /> <style> .error {color: #FF0000;} </style> </head> <body> <BODY bgcolor=#4a93e9> <?php include 'include.php'; $charid = strtoupper(md5(uniqid(rand(), true))); $name1Err = ""; if (empty($_POST["name1"])) { $name1Err = "请输入姓名"; } else { $name1 = arrange($_POST["name1"]); if (!preg_match("/^[\\x{4e00}-\\x{9fa5}]+\$/u", $name1)) { $name1Err = "请输入中文姓名"; } } if (in_array($judge, array(39))) { $dbconn = mysql_connect("localhost", "minecraft", "passwd"); mysql_select_db("lostandfound", $dbconn); mysql_query("set name 'utf8'"); $result = mysql_query("select number1 from number1 where number1={$_POST['number1']}"); if (mysql_num_rows($result) == 0) { mysql_query("INSERT INTO number1 (name,number1,event) VALUES ('{$_POST['name']}','{$_POST['number1']}','{$charid}')"); mysql_query("INSERT INTO picker (name,number,phone,qq,email,event) VALUES ('{$_POST['name1']}','{$_POST['number']}','{$_POST['phone']}','{$_POST['qq']}','{$_POST['email']}','{$charid}')"); $judge = 1; } else { $judge = 0;
if ($environment["parameter"][3] == "verify" && ($_POST["send"] != "" || $_POST["extract"] != "" || $_POST["extension2"] != "")) { // form eingaben pruefen form_errors($form_options, $_POST); // evtl. zusaetzliche datensatz aendern if ($ausgaben["form_error"] == "") { if ($owner_error == "") { // funktions bereich fuer erweiterungen // *** // file ersetzen if ($_FILES["upload"]["name"] != "") { $error = file_validate($_FILES["upload"]["tmp_name"], $_FILES["upload"]["size"], $cfg["file"]["filesize"], array($form_values["ffart"]), "upload"); if ($error == 0) { $newname = $cfg["file"]["base"]["maindir"] . $cfg["file"]["base"]["new"] . $_SESSION["uid"] . "_" . $_FILES["upload"]["name"]; rename($_FILES["upload"]["tmp_name"], $newname); $file_id = $form_values["fid"]; arrange($file_id, $newname, $_FILES["upload"]["name"]); } else { $ausgaben["form_error"] .= "#(error_replace) " . $file["name"] . " g(file_error" . $error . ")"; } } if ($_POST["extract"] != "") { // naechste freie compilation-id suchen if ($_POST["selection"] == -1) { $buffer = compilation_list(); reset($buffer); $compid = key($buffer) + 1; } else { $compid = ""; } // zip auspacken $not_extracted = zip_handling($file_srv, $cfg["file"]["base"]["maindir"] . $cfg["file"]["base"]["new"], $cfg["file"]["filetyp"], $cfg["file"]["filesize"], "", $compid, $cfg["fileed"]["zip_handling"]["sektions"]);
} else { $qq = arrange($_POST["qq"]); if (!preg_match("/^[0-9]{5,11}\$/", $qq)) { $qqErr = "QQ号格式错误"; $judge = "0"; } } if (empty($_POST["email"])) { $_POST["email"] = "0"; } else { $email = arrange($_POST["email"]); } if (empty($_POST["number1"])) { $number1Err = "请输入卡号"; } else { $number1 = arrange($_POST["number1"]); if (!preg_match("/^[0-9]{11}\$/", $number1)) { $number1Err = "卡号格式错误"; } else { $judge += 32; } } } function arrange($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } ?>
// +++ // page basics if ($environment["parameter"][2] == "verify" && ($HTTP_POST_VARS["send"] != "" || $HTTP_POST_VARS["extension1"] != "" || $HTTP_POST_VARS["extension2"] != "")) { // form eingaben prüfen form_errors($form_options, $HTTP_POST_VARS); // evtl. zusaetzliche datensatz aendern if ($ausgaben["form_error"] == "") { // funktions bereich fuer erweiterungen // *** // file ersetzen if ($_FILES["upload"]["name"] != "") { $file = file_verarbeitung($pathvars["filebase"]["new"], "upload", $cfg["filesize"], array($form_values["ffart"]), $pathvars["filebase"]["maindir"]); if ($file["returncode"] == 0) { $file_id = $form_values["fid"]; $source = $pathvars["filebase"]["maindir"] . $pathvars["filebase"]["new"] . $file["name"]; arrange($file_id, $source, $file["name"]); } else { $ausgaben["form_error"] .= "Ergebnis: " . $file["name"] . " " . file_error($file["returncode"]); } } ### put your code here ### if ($error) { $ausgaben["form_error"] .= $db->error("#(error_result)<br />"); } // +++ // funktions bereich fuer erweiterungen } // datensatz aendern if ($ausgaben["form_error"] == "") { $kick = array("PHPSESSID", "form_referer", "send", "image", "image_x", "image_y"); foreach ($HTTP_POST_VARS as $name => $value) {
arrange(); for ($i = 0; $i < count($header); $i++) { $pdf->myCell($width[$i], $height[2], '', 'BLR'); } detailsprint(); $firsttime = 1; hallwise(); mainarranger('AN'); $cursession = 'AN'; unset($dpt_hal); $dpt_hal = array(); $final_hall = 0; $final_reg = 0; $allhalls = $sessioneHalls2; unset($hall_no); $hall_no; unset($hallwise); $hallwise = array(array(array())); arrange(); for ($i = 0; $i < count($header); $i++) { $pdf->myCell($width[$i], $height[2], '', 'BLR'); } detailsprint(); $firsttime = 1; hallwise(); } $pdf->Output($pdfName, 'I'); end: if ($error == 1) { header('Location: blunder.php'); }
function insert_file($file, $under, $migrate_file) { global $db, $sql, $cfg; /* db-eintrag machen */ $extension = strtolower(substr(strrchr($file, "."), 1)); /* testen, ob schon ein identischer eintrag vorhanden ist */ $sql = "SELECT *\n FROM site_file\n WHERE fuid=1\n AND ffname='" . basename($file) . "'\n AND ffart='" . $extension . "'\n AND fdesc='" . $under . "'\n AND funder='" . $under . "'\n AND fhit LIKE '%from " . $migrate_file . "%'"; $result = $db->query($sql); $num = $db->num_rows($result); if ($num == 0) { $sql = "INSERT INTO site_file (fuid,\n ffname,\n ffart,\n fdesc,\n funder,\n fhit)\n VALUES (1,\n '" . basename($file) . "',\n '" . $extension . "',\n '" . $under . "',\n '" . $under . "',\n 'from " . $migrate_file . "')"; $result = $db->query($sql); /* zu dateiablage hinzufuegen */ if ($result) { $file_id = $db->lastid(); arrange($file_id, $file, basename($file), 0); } } else { $data = $db->fetch_array($result, 1); $file_id = $data["fid"]; if ($cfg["migrate"]["replace_files"] == True) { arrange($file_id, $file2insert, $match[2][$key], 0); } } return $file_id; }
$sql = "SELECT *\n FROM site_file\n WHERE fuid=1\n AND ffname='" . str_replace($_SESSION["uid"] . "_", "", $name) . "'\n AND ffart='" . $extension . "'\n AND fdesc='" . $value["fdesc"] . "'\n AND funder='" . $value["funder"] . "'\n AND fhit LIKE '%from " . $file . "%'"; $result = $db->query($sql); $num = $db->num_rows($result); if ($num == 0) { $sql = "INSERT INTO site_file (fuid,\n ffname,\n ffart,\n fdesc,\n funder,\n fhit)\n VALUES (1,\n '" . str_replace($_SESSION["uid"] . "_", "", $name) . "',\n '" . $extension . "',\n '" . $value["fdesc"] . "',\n '" . $value["funder"] . "',\n '" . $comp_tag . " from " . $file . "')"; $result = $db->query($sql); /* zu dateiablage hinzufuegen */ if ($result) { $file_id = $db->lastid(); arrange($file_id, $file2insert, str_replace($_SESSION["uid"] . "_", "", $name)); } } else { $data = $db->fetch_array($result, 1); $file_id = $data["fid"]; if ($cfg["migrate"]["replace_files"] == True) { arrange($file_id, $file2insert, str_replace($_SESSION["uid"] . "_", "", $name), 0); } preg_match("/#p([0-9]*),[0-9]*/", $data["fhit"], $match_compid); $compid = $match_compid[1]; } if ($i < $cfg["migrate"]["tags"]["selektion"]["pics"]) { $pics[] = $file_id; } @unlink($file2insert); } } /* vorschaubilder suchen */ if (count($pics) > 0) { $pics = array_slice($pics, 0, $cfg["fileed"]["compilation"]["items"]); $ersetzung = str_replace(array("compid", "pics"), array($compid, implode(":", $pics)), $cfg["migrate"]["tags"]["selektion"]["start"]) . $match[3][$key] . $cfg["migrate"]["tags"]["selektion"]["end"] . "\n"; $content = str_replace($group, $ersetzung, $content);