ENGO150/FabrikaHradekTour
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

using whole filename for photo_id

Browse Source
This commit is contained in:
Václav Šmejkal 2024-05-24 19:08:15 +02:00
parent 97555013a1
commit 51278caac3
Signed by: ENGO150
GPG Key ID: 4A57E86482968843
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
res/forum/api/upload_picture.php
View File

@ -60,11 +60,11 @@ if (!(file_exists($dir) && is_dir($dir)))
$safe_name = mysqli_real_escape_string($database, $_POST["name"]); $safe_name = mysqli_real_escape_string($database, $_POST["name"]);
$safe_desc = isset($_POST["desc"]) ? mysqli_real_escape_string($database, $_POST["desc"]) : null; $safe_desc = isset($_POST["desc"]) ? mysqli_real_escape_string($database, $_POST["desc"]) : null;
$photo_id = count(glob($dir . "/*")); $photo_id = count(glob($dir . "/*")) . "." . $file_format;
$database -> query("INSERT INTO post (title, description, author, photo_id) VALUES (\"" . $safe_name . "\", " . ($safe_desc == null ? "NULL" : "\"" . $safe_desc . "\"") . ", " . $user_id . ", " . $photo_id . ")"); $database -> query("INSERT INTO post (title, description, author, photo_id) VALUES (\"" . $safe_name . "\", " . ($safe_desc == null ? "NULL" : "\"" . $safe_desc . "\"") . ", " . $user_id . ", \"" . $photo_id . "\")");
move_uploaded_file($_FILES["file_upload"]["tmp_name"], $dir . "/" . $photo_id . "." . $file_format); move_uploaded_file($_FILES["file_upload"]["tmp_name"], $dir . "/" . $photo_id);
send: send:
header('Content-type: application/json'); header('Content-type: application/json');