Adding fix

This commit is contained in:
Patryk 2018-12-17 11:54:35 +01:00
parent 31155fb925
commit 96e6bc8356
3 changed files with 29 additions and 20 deletions

View File

@ -42,13 +42,16 @@ else{
</div> </div>
</div> </div>
</nav> </nav>
<form method="post" action="insert.php"> <form method="post" action="insert.php" ENCTYPE="multipart/form-data">
<div class="addPostForm"> <div class="addPostForm">
<input type="text" name="title" size="120"> <input type="text" name="title" size="120">
<p>Meta opis</p> <p>Meta opis</p>
<input name="meta_desc" size="120"> <input name="meta_desc" size="120">
<p>Treść posta</p> <p>Treść posta</p>
<textarea name="post_text" id="editor1" rows="10" cols="80"></textarea> <textarea name="post_text" id="editor1" rows="10" cols="80"></textarea>
<p>Zdjęcie posta</p>
<label>Wybierz zdjęcie:</label>
<input type="file" name="avatar" accept="image/*" required />
<input type="submit" class="btn btn-success" value="Dodaj post"> <input type="submit" class="btn btn-success" value="Dodaj post">
</div> </div>
</form> </form>

View File

@ -52,6 +52,7 @@ $_SESSION['user_blog_id']=$user_blog_id;
<th>ID Postu</th> <th>ID Postu</th>
<th>Tytuł</th> <th>Tytuł</th>
<th>Meta Description</th> <th>Meta Description</th>
<th>Obraz postu</th>
<th>Data dodania</th> <th>Data dodania</th>
<th>Data modyfikacji</th> <th>Data modyfikacji</th>
</tr> </tr>
@ -64,17 +65,18 @@ if ($sql = $mysqli->prepare("SELECT * FROM post WHERE blog_id IN (SELECT user_i
$sql->execute(); $sql->execute();
$sql->bind_result($post_id,$trash,$title,$description,$main,$img,$date,$mod_date); $sql->bind_result($post_id,$trash,$title,$description,$main,$img,$date,$mod_date);
while ($sql->fetch()) while ($sql->fetch())
{ {?>
echo "<tr> <tr>
<td>$post_id</td> <td><?php echo $post_id;?></td>
<td>$title</td> <td><?php echo $title; ?></td>
<td>$description</td> <td><?php echo $description; ?></td>
<td>$date</td> <td><img style="margin-left:20px;" width="50" height= "50" src="<?php echo $img; ?>"></td>
<td>$mod_date</td> <td><?php echo $date; ?></td>
<td><a href=\"edit.php?post_id=$post_id\" class=\"btn btn-info\">Edytuj</a></td> <td><?php echo $mod_date; ?></td>
<td><a href=\"delete_post.php?post_id=$post_id\" class=\"btn btn-danger\" onclick=\"javascript:return confirm('Czy na pewno usunąć?'); \">Usuń</a></td> <td><a href="edit.php?post_id=<?php echo $post_id; ?>" class="btn btn-info">Edytuj</a></td>
</tr>"; <td><a href="delete_post.php?post_id=<?php echo $post_id; ?>" class="btn btn-danger" onclick="javascript:return confirm('Czy na pewno usunąć?'); ">Usuń</a></td>
} </tr>
<?php }
$sql->close(); $sql->close();
} }
else die( "Błąd w zapytaniu SQL! Sprawdź kod SQL w PhpMyAdmin. $user $password" ); else die( "Błąd w zapytaniu SQL! Sprawdź kod SQL w PhpMyAdmin. $user $password" );

View File

@ -5,20 +5,24 @@ $title = $_POST["title"];
$meta_desc = $_POST["meta_desc"]; $meta_desc = $_POST["meta_desc"];
$text = $_POST["post_text"]; $text = $_POST["post_text"];
$userlogin=$_SESSION['user']; $userlogin=$_SESSION['user'];
$avatar_path = $mysqli->real_escape_string('../blog-post/img/post/'.$_FILES['avatar']['name']);
$query="SELECT user_id FROM user WHERE username='$userlogin'"; $query="SELECT user_id FROM user WHERE username='$userlogin'";
if ($result=mysqli_query($mysqli,$query)){ if ($result=mysqli_query($mysqli,$query)){
while ($row=mysqli_fetch_row($result)){ while ($row=mysqli_fetch_row($result)){
$userid=$row[0]; $userid=$row[0];
} }
} }
$sql = $mysqli->prepare("INSERT INTO post VALUES (NULL,?, ?, ?, ?,NOW(),NOW());"); if (preg_match("!image!", $_FILES['avatar']['type'])){
if ($sql) if(copy($_FILES['avatar']['tmp_name'], $avatar_path)){
{ $sql = $mysqli->prepare("INSERT INTO post VALUES (NULL,?, ?, ?, ?, ?,NOW(),NOW());");
$sql->bind_param("isss",$userid,$title,$meta_desc,$text); if ($sql){
$sql->execute(); $sql->bind_param("issss",$userid,$title,$meta_desc,$text,$avatar_path);
$sql->close(); $sql->execute();
$sql->close();
}
else echo "ERROR";
}
} }
$mysqli->close(); $mysqli->close();
header('Location: index.php');
header ("Location: ./");
?> ?>