<?php include '../config/config.class.php'; include '../model/scoreserve.php'; $grade = $_GET['new']; $keyname = $_GET['key']; $judeger = $_GET['judger']; if ($grade > 100 || $grade < 0 || $grade == "") { $grade = "error"; } else { $score = new score(); @($flag = $score->getflag($keyname, $judeger)); if ($flag == 1) { $grade = "errorse"; } else { $flag = 1; $sql = "update zg_grade set grade='{$grade}',flag='{$flag}' where stunumber='{$keyname}' and judeger='{$judeger}'"; $obj = new mysql_helper(); $conn = $obj->connect(); $obj->mysql_do($sql, $conn); $grade = "success!"; $obj->mysql_close($conn); } } echo $grade;
<?php $obj = new mysql_helper(); $conn = $obj->connect(); $file_name_show = xfs($_POST["xy"]) . '/' . xfs($_POST["xh"]) . '_' . xfs($_POST["xm"]) . '_' . xfs($_POST["xy"]) . '_' . xfs($_POST["bj"]) . '.doc'; $filename = xfs($_POST["xh"]) . '_' . xfs($_POST["xm"]) . '_' . xfs($_POST["xy"]) . '_' . xfs($_POST["bj"]); $stunumb = xfs($_POST["xh"]); $listdir = xfs($_POST["xy"]); $sqlc = "select stunumber from upload_table where stunumber='{$stunumb}'"; @($result = $obj->mysql_selecte($sqlc, $conn)); $result = mysql_fetch_array($result); if ($result[0] == $stunumb) { $sqlu = "update upload_table set filename='{$filename}' where stunumber='{$stunumb}'"; @$obj->mysql_do($sqlu, $conn); } else { $sql = "insert into upload_table(filename,stunumber,academy) values('{$filename}','{$stunumb}','{$listdir}')"; $sql1 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','1')"; $sql2 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','2')"; $sql3 = "insert into zg_grade(stunumber,grade,judeger) values('{$stunumb}','','3')"; @$obj->mysql_do($sql, $conn); @$obj->mysql_do($sql1, $conn); @$obj->mysql_do($sql2, $conn); @$obj->mysql_do($sql3, $conn); } @$obj->mysql_close($conn); $POST_MAX_SIZE = ini_get('post_max_size'); $unit = strtoupper(substr($POST_MAX_SIZE, -1)); $multiplier = $unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)); if ((int) $_SERVER['CONTENT_LENGTH'] > $multiplier * (int) $POST_MAX_SIZE && $POST_MAX_SIZE) { header("HTTP/1.1 500 Internal Server Error"); echo "POST exceeded maximum allowed size.";