-
Notifications
You must be signed in to change notification settings - Fork 0
/
save.php
53 lines (41 loc) · 1.29 KB
/
save.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
mysql_select_db("canvas", $con);
$firstname = clean($_GET['firstname']);
$lastname = clean($_GET['lastname']);
$username = clean($_GET['username']);
$picture = clean($_GET['picture']);
$content = clean($_GET['content']);
$sql = "INSERT INTO post SET username='$username', firstname='$firstname', lastname='$lastname', friend='$username', friend_firstname='$firstname', friend_lastname='$lastname', picture='$picture', content='$content', date_created='".strtotime(date("Y-m-d H:i:s"))."'";
mysql_query("UPDATE post SET picture = '$picture' WHERE username='$username'");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
header("location: profile.php");
exit();
mysql_close($con)
?>
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("canvas", $con);
$username=$_GET['username'];
$picture=$_GET['picture'];
mysql_query("UPDATE post SET picture = '$picture' WHERE username='$username'");
mysql_close($con);
?>