[AppleScript] 纯文本查看 复制代码
<pre><code>member/upload_edit.php
else if($dopost=='save')
{
$title = HtmlReplace($title,2);
if($mediatype==1) $utype = 'image';
else if($mediatype==2)
{
$utype = 'flash';
}
else if($mediatype==3)
{
$utype = 'media';
}
else
{
$utype = 'addon';
}
$title = HtmlReplace($title, 2);
$exname = preg_replace("#(.*)/#", "", $oldurl);// 文件名是获取.前面的
$exname = preg_replace("#\.(.*)$#", "", $exname);
echo $exname ;
$filename = MemberUploads('addonfile', $oldurl, $cfg_ml->M_ID,
$utype,$exname, -1, -1, TRUE);//返回上传的文件名
SaveUploadInfo($title, $filename, $mediatype);//利用返回的带入查询
ShowMsg("成功修改文件!", "uploads_edit.php?aid=$aid");
}
function SaveUploadInfo($title,$filename,$medaitype=1,$addinfos='')
{
global $dsql,$cfg_ml,$cfg_basedir;
if($filename=='')
{
return FALSE;
}
if(!is_array($addinfos))
{
$addinfos[0] = $addinfos[1] = $addinfos[2] = 0;
}
if($medaitype==1)
{
$info = '';
$addinfos = GetImageSize($cfg_basedir.$filename,$info);
}
$addinfos[2] = @filesize($cfg_basedir.$filename);
$row = $dsql->GetOne("SELECT aid,title,url FROM `#@__uploads` WHERE url
LIKE '$filename' AND mid='".$cfg_ml->M_ID."'; ");
$uptime = time();
if(is_array($row))
{
$query = "UPDATE `#@__uploads` SET
title='$title',mediatype='$medaitype',
width='{$addinfos[0]}',height='{$addinfos
[1]}',filesize='{$addinfos[2]}',uptime='$uptime'
WHERE aid='{$row['aid']}'; ";
$dsql->ExecuteNoneQuery($query);
}
else
{
$inquery = "INSERT INTO `#@__uploads`
(title,url,mediatype,width,height,playtime,filesize,uptime,mid)
VALUES ('$title','$filename','$medaitype','".$addinfos
[0]."','".$addinfos[1]."','0','".$addinfos[2]."','$uptime','".$cfg_ml-
>M_ID."'); ";echo $inquery ;//注入就在这里发生了!
$dsql->ExecuteNoneQuery($inquery);
}
$fid = $dsql->GetLastID();
AddMyAddon($fid, $filename);
return TRUE;
}</code></pre>
发表于 2014-2-28 03:04:56
