Adding fix

This commit is contained in:
Patryk 2018-12-17 11:54:35 +01:00
parent 31155fb925
commit 96e6bc8356
3 changed files with 29 additions and 20 deletions

View File

@ -42,13 +42,16 @@ else{
</div>
</div>
</nav>
<form method="post" action="insert.php">
<form method="post" action="insert.php" ENCTYPE="multipart/form-data">
<div class="addPostForm">
<input type="text" name="title" size="120">
<p>Meta opis</p>
<input name="meta_desc" size="120">
<p>Treść posta</p>
<textarea name="post_text" id="editor1" rows="10" cols="80"></textarea>
<p>Zdjęcie posta</p>
<label>Wybierz zdjęcie:</label>
<input type="file" name="avatar" accept="image/*" required />
<input type="submit" class="btn btn-success" value="Dodaj post">
</div>
</form>

View File

@ -52,6 +52,7 @@ $_SESSION['user_blog_id']=$user_blog_id;
<th>ID Postu</th>
<th>Tytuł</th>
<th>Meta Description</th>
<th>Obraz postu</th>
<th>Data dodania</th>
<th>Data modyfikacji</th>
</tr>
@ -64,17 +65,18 @@ if ($sql = $mysqli->prepare("SELECT * FROM post WHERE blog_id IN (SELECT user_i
$sql->execute();
$sql->bind_result($post_id,$trash,$title,$description,$main,$img,$date,$mod_date);
while ($sql->fetch())
{
echo "<tr>
<td>$post_id</td>
<td>$title</td>
<td>$description</td>
<td>$date</td>
<td>$mod_date</td>
<td><a href=\"edit.php?post_id=$post_id\" class=\"btn btn-info\">Edytuj</a></td>
<td><a href=\"delete_post.php?post_id=$post_id\" class=\"btn btn-danger\" onclick=\"javascript:return confirm('Czy na pewno usunąć?'); \">Usuń</a></td>
</tr>";
}
{?>
<tr>
<td><?php echo $post_id;?></td>
<td><?php echo $title; ?></td>
<td><?php echo $description; ?></td>
<td><img style="margin-left:20px;" width="50" height= "50" src="<?php echo $img; ?>"></td>
<td><?php echo $date; ?></td>
<td><?php echo $mod_date; ?></td>
<td><a href="edit.php?post_id=<?php echo $post_id; ?>" class="btn btn-info">Edytuj</a></td>
<td><a href="delete_post.php?post_id=<?php echo $post_id; ?>" class="btn btn-danger" onclick="javascript:return confirm('Czy na pewno usunąć?'); ">Usuń</a></td>
</tr>
<?php }
$sql->close();
}
else die( "Błąd w zapytaniu SQL! Sprawdź kod SQL w PhpMyAdmin. $user $password" );

View File

@ -5,20 +5,24 @@ $title = $_POST["title"];
$meta_desc = $_POST["meta_desc"];
$text = $_POST["post_text"];
$userlogin=$_SESSION['user'];
$avatar_path = $mysqli->real_escape_string('../blog-post/img/post/'.$_FILES['avatar']['name']);
$query="SELECT user_id FROM user WHERE username='$userlogin'";
if ($result=mysqli_query($mysqli,$query)){
while ($row=mysqli_fetch_row($result)){
$userid=$row[0];
}
}
$sql = $mysqli->prepare("INSERT INTO post VALUES (NULL,?, ?, ?, ?,NOW(),NOW());");
if ($sql)
{
$sql->bind_param("isss",$userid,$title,$meta_desc,$text);
if (preg_match("!image!", $_FILES['avatar']['type'])){
if(copy($_FILES['avatar']['tmp_name'], $avatar_path)){
$sql = $mysqli->prepare("INSERT INTO post VALUES (NULL,?, ?, ?, ?, ?,NOW(),NOW());");
if ($sql){
$sql->bind_param("issss",$userid,$title,$meta_desc,$text,$avatar_path);
$sql->execute();
$sql->close();
}
else echo "ERROR";
}
}
$mysqli->close();
header ("Location: ./");
header('Location: index.php');
?>