Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $html = file_get_contents("guestbook.html");
- $username="usr_10746419";
- $password="746419";
- $database="db_10746419";
- $db = mysql_connect("atlas.dsv.su.se", $username,$password)
- or die("Unable to connect to sql server");
- mysql_select_db($database,$db) or die("Unable to select database");
- if(isset($_POST['submit'])){
- $comment =mysql_real_escape_string( htmlentities($_POST['comment']));
- $homepage = mysql_real_escape_string( htmlentities($_POST['homepage']));
- $name = mysql_real_escape_string( htmlentities($_POST['name']));
- $email = mysql_real_escape_string( htmlentities($_POST['email']));
- $form_data = $_FILES['file']['tmp_name'];
- $data_type = $_FILES['file']['filetype'];
- if ($_FILES['file']['name'] == "" || $_FILES['file']['error'] > 0) echo "phail";
- $file = fopen($form_data, "rb");
- $data = addslashes(fread($file, filesize($form_data)));
- fclose($file);
- @mysql_query("BEGIN");
- $query1 = "INSERT INTO picture (bin_data,filetype) ".
- "VALUES ('$data','$data_type')";
- mysql_query($query1,$db) or die ("insert bild funkade inte");
- $id = mysql_insert_id();
- $query2 = "INSERT INTO guestbook (pid,email, comment, name, surname, homepage)
- VALUES ('$id','$email','$comment','$name','default','$homepage')";
- mysql_query($query2,$db) or die("kek");
- @mysql_query("COMMIT");
- header("Location: ".$_SERVER['PHP_SELF']);
- }
- $query = "SELECT * FROM guestbook, picture WHERE picture.id = pid";
- eval("print \"" . addcslashes(preg_replace("/(---(.+?)---)/", "\\2", $html), '"') . "\";");
- if ($results = mysql_query($query, $db)) {
- while ($row = mysql_fetch_assoc($results)) {
- $name=$row['name'];
- $comment=$row['comment'];
- $email=$row['email'];
- $date=$row['date'];
- $id=$row['id'];
- $pid = $row['pid'];
- header("Content-Type: ".$row['filetype']);
- $image = ($pid == NULL) ? "" : "<img src=\"guestbook.php?pid=$pid\" />";
- echo "<b>Inlägg ".$id." </b> <br /> <br />";
- echo "<b>Tid: </b> ".$date."<br />";
- echo "<b>Från:</b> ".$name." <br />";
- echo "<b>E-post: </b> ".$email." <br /> <br />";
- echo "<b>Kommentar:</b> ".$comment."<br /> <br /> ";
- echo $row['bin_data'];
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement