Code: Select all
<?php
include('config.php');
$con=mysql_pconnect($server,$user,$pass);
if (!con)
{
die('Cannot connect to mysql ' . mysql_error());
}
mysql_select_db($db);
if(isset($_POST['submit']))
{
if($_POST['mamapegheata'] !== htmlspecialchars($_POST['mamapegheata'])){
print $_POST['mamapegheata'].' Are HTML corecteaza!<br />
« <input type="button" onClick="javascript:history.back(-1);" value="Gresala">';
}
else{
$categorie=$_POST['categorie'];
$title=$_POST['mamapegheata'];
$link=$_POST['link'];
$link2=$_POST['link2'];
$link3=$_POST['link3'];
$linkpoza=$_FILES['fisiere']['name'];
$descriere=$_POST['descriere'];
$linkplayer=$_POST['linkplayer'];
$download=$_POST['download'];
$tags=$_POST['bunicatag'];
$uploader=$session->username;
echo $_POST['bunicatag'];
$q="INSERT INTO melodie (titlu, categorie, data, link, data_ad, link2, link3, linkpoza, timp, descriere, linkplayer, tags, uploader, download)
VALUES ('$title','$categorie',NOW(),'$link',NOW(),'$link2','$link3','$linkpoza',NOW(),'$descriere','$linkplayer','$tags','$uploader','$download')";
mysql_query($q) or die (mysql_error());
print $_POST['mamapegheata'].' Urcat! <br />
<center><input type="button" onClick="javascript:history.back(-1);" value="Adauga Fisier Nou"></center>';
}
si nu ma lasa sa adaug caractere precum: &, $, ' ect. Stie cineva cum trebuie modificat pentru a-mi accepta caracterele?