Wow, escape_string needs $db...
parent
73014ed1ac
commit
6e10f2f5d1
|
@ -8,7 +8,8 @@ $allok = 2;
|
||||||
$txt=$_POST["txt"];
|
$txt=$_POST["txt"];
|
||||||
$tim=$_POST["tim"];
|
$tim=$_POST["tim"];
|
||||||
|
|
||||||
$txt = preg_replace("#((http|https|ftp)://(\S*?\.\S*?))(\s|\;|\)|\]|\[|\{|\}|,|\"|'|:|\<|$|\.\s)#ie", "'<a href=\"$1\" target=\"_blank\">http://$3</a>$4'", $txt);
|
// Broken for some reason.
|
||||||
|
//$txt = preg_replace("#((http|https|ftp)://(\S*?\.\S*?))(\s|\;|\)|\]|\[|\{|\}|,|\"|'|:|\<|$|\.\s)#ie", "'<a href=\"$1\" target=\"_blank\">http://$3</a>$4'", $txt);
|
||||||
|
|
||||||
$txt = Parsedown::instance()->parse($txt);
|
$txt = Parsedown::instance()->parse($txt);
|
||||||
|
|
||||||
|
@ -34,12 +35,12 @@ die("File upload error");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_POST["txt"]) && isset($_POST["tim"])) {
|
if (isset($txt) && isset($tim)) {
|
||||||
|
|
||||||
include "../connect.php";
|
include "../connect.php";
|
||||||
|
|
||||||
$mysql_table = MYSQL_TABLE;
|
$mysql_table = MYSQL_TABLE;
|
||||||
$qry = "INSERT INTO `$mysql_table` (`id`, `txt`, `tim`) VALUES (NULL, '".mysqli_real_escape_string(nl2br($txt.$extrl))."', '".mysqli_real_escape_string($tim)."')";
|
$qry = "INSERT INTO `$mysql_table` (`id`, `txt`, `tim`) VALUES (NULL, '".mysqli_real_escape_string($db, nl2br($txt.$extrl))."', '".mysqli_real_escape_string($db, $tim)."')";
|
||||||
$result = mysqli_query($db, $qry);
|
$result = mysqli_query($db, $qry);
|
||||||
|
|
||||||
if (!$result) {
|
if (!$result) {
|
||||||
|
|
|
@ -5,7 +5,7 @@ include 'checklogin.php';
|
||||||
include "connect.php";
|
include "connect.php";
|
||||||
|
|
||||||
$mysql_table = MYSQL_TABLE;
|
$mysql_table = MYSQL_TABLE;
|
||||||
$qry="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
|
$qry="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($db, $_GET["id"])."'";
|
||||||
$result=mysqli_query($db, $qry);
|
$result=mysqli_query($db, $qry);
|
||||||
if($result) {
|
if($result) {
|
||||||
if(mysqli_num_rows($result) == 1) {
|
if(mysqli_num_rows($result) == 1) {
|
||||||
|
|
2
get.php
2
get.php
|
@ -5,7 +5,7 @@ include 'checklogin.php';
|
||||||
include "connect.php";
|
include "connect.php";
|
||||||
|
|
||||||
$mysql_table = MYSQL_TABLE;
|
$mysql_table = MYSQL_TABLE;
|
||||||
$qry="SELECT * FROM `$mysql_table` ORDER BY `$mysql_table`.`id` ASC LIMIT ".mysqli_real_escape_string($_GET["lastid"])." , 1000";
|
$qry="SELECT * FROM `$mysql_table` ORDER BY `$mysql_table`.`id` ASC LIMIT ".mysqli_real_escape_string($db, $_GET["lastid"])." , 1000";
|
||||||
$result=mysqli_query($db, $qry);
|
$result=mysqli_query($db, $qry);
|
||||||
$newlastid=$_GET["lastid"];
|
$newlastid=$_GET["lastid"];
|
||||||
$jspo=array();
|
$jspo=array();
|
||||||
|
|
4
like.php
4
like.php
|
@ -8,7 +8,7 @@ $stars=0;
|
||||||
$starred="";
|
$starred="";
|
||||||
|
|
||||||
$mysql_table = MYSQL_TABLE;
|
$mysql_table = MYSQL_TABLE;
|
||||||
$qrya="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
|
$qrya="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($db, $_GET["id"])."'";
|
||||||
$resulta=mysqli_query($db, $qrya);
|
$resulta=mysqli_query($db, $qrya);
|
||||||
if($resulta) {
|
if($resulta) {
|
||||||
if(mysqli_num_rows($resulta) == 1) {
|
if(mysqli_num_rows($resulta) == 1) {
|
||||||
|
@ -20,7 +20,7 @@ if($resulta) {
|
||||||
$stars=$stars+1;
|
$stars=$stars+1;
|
||||||
|
|
||||||
if (isset($_GET["plusone"])) {
|
if (isset($_GET["plusone"])) {
|
||||||
$qryb="UPDATE `$mysql_table` SET `pluses`='".($stars)."' WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
|
$qryb="UPDATE `$mysql_table` SET `pluses`='".($stars)."' WHERE `id`='".mysqli_real_escape_string($db, $_GET["id"])."'";
|
||||||
$resultb=mysqli_query($db, $qryb);
|
$resultb=mysqli_query($db, $qryb);
|
||||||
if($resultb) {
|
if($resultb) {
|
||||||
$starred="Thanks for a ★! ";
|
$starred="Thanks for a ★! ";
|
||||||
|
|
Loading…
Reference in New Issue