Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $meno = $_POST['meno'];
- $meno = stripslashes($meno);
- $meno = mysql_real_escape_string($meno);
- $meno = htmlspecialchars($meno);
- $suma = $_POST['suma'];
- $suma = stripslashes($suma);
- $suma = mysql_real_escape_string($suma);
- $suma = htmlspecialchars($suma);
- $typ = $_POST['typ'];
- $typ = stripslashes($typ);
- $typ = mysql_real_escape_string($typ);
- $typ = htmlspecialchars($typ);
- $datum = $_POST['datum'];
- $datum = stripslashes($datum);
- $datum = mysql_real_escape_string($datum);
- $datum = htmlspecialchars($datum);
- $rok = substr($datum, 6, 4);
- $mes = substr($datum, 3, 2);
- $den = substr($datum, 0, 2);
- $datum = $rok . "." . $mes . "." . $den;
- $suma = str_replace(".", ",", $suma);
- if($meno == null || $suma == null || $typ == "error" || $datum == null){
- include("error_start.php");
- echo "Musite vyplnit vsetky polozky! <a href='javascript:javascript:history.go(-1)'>Spä</a>";;
- include("error_end.php");
- exit();
- }
- $host="localhost";
- $username="edoc_38754";
- $password="stal1n2011";
- $db_name="edoc_38754";
- $tbl_name=$_SESSION['meno'].$typ;
- // Connect to server and select databse.
- mysql_connect("$host", "$username", "$password")or die("Nepodarilo sa spoji so servrom.");
- mysql_select_db("$db_name")or die("Spojenie s databázou zlyhalo.");
- //*****************************
- //This function separates the extension from the rest of the file name and returns it
- function findexts ($filename) {
- $filename = strtolower($filename) ;
- $exts = split("[/\\.]", $filename) ;
- $n = count($exts)-1;
- $exts = $exts[$n];
- return $exts;
- } //This applies the function to our file
- $ext = findexts ($_FILES['uploaded']['name']) ;
- $zakazane = array('html','htm','xml','php');
- if(in_array($ext, $zakazane)){
- include('error_start.php');
- echo "Súbory tohto typu sú z bezpeènostných dovodov zakázané. <a href='javascript:javascript:history.go(-1)'>Spä</a>";
- include('error_end.php');
- exit();
- }
- //This line assigns a random number to a variable. You could also use a timestamp here if you prefer.
- $ran = rand () ; //This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended.
- $ran2 = $ran; //This assigns the subdirectory you want to save into... make sure it exists!
- $date = date("-d-m-Y-G-i-s").".";
- $target = "../files/";
- //This combines the directory, the random file name, and the extension
- $target = $target . $ran2 . $date . $ext;
- if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) {
- $subor=$target;
- $sql="INSERT INTO $tbl_name(meno, suma, datum, subor)VALUES('$meno', '$suma', '$datum', '$subor')";
- $result=mysql_query($sql);
- mysql_close();
- header("location:docadd.php");
- } else {
- include("error_start.php");
- echo "Probém pri nahrávani súboru. Uistite sa že ste vybrali súbor a jeho ve¾kos je menšia ako 5MB. <a href='javascript:javascript:history.go(-1)'>Spä</a>";
- include("error_end.php");
- exit();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement