From 96e6bc8356e552313c93909bafb3d6cc1bf07258 Mon Sep 17 00:00:00 2001 From: Patryk Date: Mon, 17 Dec 2018 11:54:35 +0100 Subject: [PATCH] Adding fix --- admin-zone/add_post.php | 5 ++++- admin-zone/index.php | 24 +++++++++++++----------- admin-zone/insert.php | 20 ++++++++++++-------- 3 files changed, 29 insertions(+), 20 deletions(-) diff --git a/admin-zone/add_post.php b/admin-zone/add_post.php index cc8ecd1..f89e122 100644 --- a/admin-zone/add_post.php +++ b/admin-zone/add_post.php @@ -42,13 +42,16 @@ else{ -
+

Meta opis

Treść posta

+

Zdjęcie posta

+ +
diff --git a/admin-zone/index.php b/admin-zone/index.php index 73a0a2a..0c0761a 100644 --- a/admin-zone/index.php +++ b/admin-zone/index.php @@ -52,6 +52,7 @@ $_SESSION['user_blog_id']=$user_blog_id; ID Postu Tytuł Meta Description + Obraz postu Data dodania Data modyfikacji @@ -64,17 +65,18 @@ if ($sql = $mysqli->prepare("SELECT * FROM post WHERE blog_id IN (SELECT user_i $sql->execute(); $sql->bind_result($post_id,$trash,$title,$description,$main,$img,$date,$mod_date); while ($sql->fetch()) - { - echo " - $post_id - $title - $description - $date - $mod_date - Edytuj - Usuń - "; - } + {?> + + + + + + + + Edytuj + Usuń + + close(); } else die( "Błąd w zapytaniu SQL! Sprawdź kod SQL w PhpMyAdmin. $user $password" ); diff --git a/admin-zone/insert.php b/admin-zone/insert.php index f76fc50..f50e8a2 100644 --- a/admin-zone/insert.php +++ b/admin-zone/insert.php @@ -5,20 +5,24 @@ $title = $_POST["title"]; $meta_desc = $_POST["meta_desc"]; $text = $_POST["post_text"]; $userlogin=$_SESSION['user']; +$avatar_path = $mysqli->real_escape_string('../blog-post/img/post/'.$_FILES['avatar']['name']); $query="SELECT user_id FROM user WHERE username='$userlogin'"; if ($result=mysqli_query($mysqli,$query)){ while ($row=mysqli_fetch_row($result)){ $userid=$row[0]; } } -$sql = $mysqli->prepare("INSERT INTO post VALUES (NULL,?, ?, ?, ?,NOW(),NOW());"); -if ($sql) -{ - $sql->bind_param("isss",$userid,$title,$meta_desc,$text); - $sql->execute(); - $sql->close(); +if (preg_match("!image!", $_FILES['avatar']['type'])){ + if(copy($_FILES['avatar']['tmp_name'], $avatar_path)){ + $sql = $mysqli->prepare("INSERT INTO post VALUES (NULL,?, ?, ?, ?, ?,NOW(),NOW());"); + if ($sql){ + $sql->bind_param("issss",$userid,$title,$meta_desc,$text,$avatar_path); + $sql->execute(); + $sql->close(); + } +else echo "ERROR"; + } } $mysqli->close(); - -header ("Location: ./"); +header('Location: index.php'); ?> \ No newline at end of file