Modificare PHP

Discutii despre tot ce nu se incadreaza in celelalte categorii.

Moderators: Moderatori ajutatori, Moderatori

Post Reply
forynel
Membru, skill 0
Membru, skill 0
Posts: 4
Joined: 03 Jan 2015, 21:46
Detinator Steam: Nu
CS Status: Citesc forumul eXtreamCS.com...!
Fond eXtream: 0
Contact:
Contact forynel

03 Jan 2015, 21:53

salut, am acest cod:

Code: Select all

<?php
include('config.php');
$con=mysql_pconnect($server,$user,$pass);
if (!con)
{
	die('Cannot connect to mysql ' . mysql_error());
}
mysql_select_db($db);
if(isset($_POST['submit']))
{

if($_POST['mamapegheata'] !== htmlspecialchars($_POST['mamapegheata'])){

	print $_POST['mamapegheata'].' Are HTML corecteaza!<br />
	&laquo; <input type="button" onClick="javascript:history.back(-1);" value="Gresala">';
	
	}
	else{
	
        $categorie=$_POST['categorie'];
        $title=$_POST['mamapegheata'];
        $link=$_POST['link'];
        $link2=$_POST['link2'];
        $link3=$_POST['link3'];
	$linkpoza=$_FILES['fisiere']['name'];
	$descriere=$_POST['descriere'];
	$linkplayer=$_POST['linkplayer'];
	$download=$_POST['download'];
	$tags=$_POST['bunicatag'];
        $uploader=$session->username;
	echo $_POST['bunicatag'];
	$q="INSERT INTO melodie (titlu, categorie, data, link, data_ad, link2, link3, linkpoza, timp, descriere, linkplayer, tags, uploader, download) 
	VALUES ('$title','$categorie',NOW(),'$link',NOW(),'$link2','$link3','$linkpoza',NOW(),'$descriere','$linkplayer','$tags','$uploader','$download')";
	mysql_query($q) or die (mysql_error());
	print $_POST['mamapegheata'].' Urcat! <br />
	<center><input type="button" onClick="javascript:history.back(-1);" value="Adauga Fisier Nou"></center>';
	
	}


si nu ma lasa sa adaug caractere precum: &, $, ' ect. Stie cineva cum trebuie modificat pentru a-mi accepta caracterele?
Last edited by Awakening on 03 Jan 2015, 21:58, edited 2 times in total.
Reason: Titlu editat, este vorba despre php nu html + [code] adaugat
Top
RoyalServer
The Kalu
Fost administrator
Fost administrator
Posts: 13712
Joined: 09 Oct 2010, 12:39
Detinator Steam: Da
CS Status: In grajd!
SteamID: kalulord
Reputatie: Fost Administrator
Fost membru Club eXtreamCS (6 luni)
Nume anterior: Terra
Location: Romania, Ploiesti
Has thanked: 328 times
Been thanked: 646 times
Contact:
Contact The Kalu

03 Jan 2015, 21:56

Este PHP, iti las eu pm cu el rezolvat.
Edit: Incearca asta.

Code: Select all

<?php
include('config.php');
$con=mysql_pconnect($server,$user,$pass);
if (!con)
{
die('Cannot connect to mysql ' . mysql_error());
}
mysql_select_db($db);

if(isset($_POST['submit'])){
    
  filter_var_array($_POST, FILTER_SANITIZE_STRING);
  
  $dsql = array(
          'cat'        => $_POST['categorie'],
          'title'      => $_POST['title'],
          'link'       => $_POST['link'],
          'link2'      => $_POST['link2'],
          'link3'      => $_POST['link3'],
          'linkpoza'   => $_POST['linkpoza'],
          'descriere'  => $_POST['descriere'],
          'linkplayer' => $_POST['linkplayer'],
          'download'   => $_POST['download'],
          'tags'       => $_POST['tags'],
          'uploader'   => $session->username
  );

  $data  = implode(", ", $dsql);

  $query = mysql_query("INSERT INTO melodie (titlu, categorie, data, link, data_ad, link2, link3, linkpoza, timp, descriere, linkplayer, tags, uploader, download)
  VALUES ($data)") or die(mysql_error());
  
  if(!$query){
    //sql fail
    print "<script>alert('Nu au fost introduse date in database!')";
  } else {
    //sql success
    print $_POST['mamapegheata']." a fost introdus in baza de date cu succes.<br />
    <center><input type='button' onClick='javascript:history.back(-1);' value='Adauga Fisier Nou'></center>";
  }
}
?>
Image
Top
Post Reply

Return to “Discutii generale”

  • Information