nicht angemeldet
Hallo Tom,
hier also der bereinigte Code
<?
@session_start();
/************************************************************************************************/
if (($_SESSION['myusername'] == "") OR ($_SESSION['mypassword'] == "")) {
include ("login.php");
}
/************************************************************************************************/
include("./include/db_vars.php");
include("./include/db_connect.php");
$speicherdatum = date("d. M Y - H:i:s");
$unix_time = time();
$updir = "..";
$dir = "shop";
$subdir = "articles";
if(isset($_POST['submit']) && $_POST['submit']=="hochladen"){
if($_FILES['userfile']['tmp_name'] == ""){
header("Location: article_upload_antw.php?flag=userfile");
exit;
}
if($_POST['artikelName'] == ""){
header("Location: article_upload_antw.php?flag=artikelName");
exit;
}
if($_POST['Preis'] != ""){
if(is_numeric($_POST['Preis'])){
$_POST['preis'] = intval($_POST['Preis']);
}
else {
header("Location: article_upload_antw.php?flag=nonumeric");
exit;
}
}
if($_POST['Preis'] == ""){
header("Location: article_upload_antw.php?flag=preis");
exit;
}
if($_POST['Versandkosten'] != ""){
if(is_numeric($_POST['Versandkosten'])){
$_POST['Versandkosten'] = intval($_POST['Versandkosten']);
}
else {
header("Location: article_upload_antw.php?flag=nonumeric");
exit;
}
}
if($_POST['Versandkosten'] == ""){
header("Location: article_upload_antw.php?flag=versandkosten");
exit;
}
if($_POST['Breite'] == ""){
header("Location: article_upload_antw.php?flag=breite");
exit;
}
if($_POST['Hoehe'] == ""){
header("Location: article_upload_antw.php?flag=hoehe");
exit;
}
if($_POST['Tiefe'] == ""){
header("Location: article_upload_antw.php?flag=tiefe");
exit;
}
else {
$_FILES['userfile']['name'] = str_replace("ä","ae",$_FILES['userfile']['name']);
$_FILES['userfile']['name'] = str_replace("ö","oe",$_FILES['userfile']['name']);
$_FILES['userfile']['name'] = str_replace("ü","ue",$_FILES['userfile']['name']);
if (file_exists($updir."/".$dir."/".$subdir."/".mysql_real_escape_string($_FILES['userfile']['name']))) {
header("Location: article_upload_antw.php?flag=already");
exit;
}
if (!@move_uploaded_file($_FILES['userfile']['tmp_name'], $updir."/".$dir."/".$subdir."/".mysql_real_escape_string($_FILES['userfile']['name']))){
header("Location: article_upload_antw.php?flag=nosaved");
exit;
}
if(!mysql_query("INSERT INTO artikel (dateiName,artikelName,Breite,Hoehe,Tiefe,currency,Preis,centimes,Versandkosten,Ordner,mime,speicherdatum,unix_time) VALUES ('" . mysql_real_escape_string($_FILES['userfile']['name']) . "', 'tonform_" . mysql_real_escape_string($_POST['artikelName']) . "','" . mysql_real_escape_string($_POST['Breite']) . "','" . mysql_real_escape_string($_POST['Hoehe']) . "','" . mysql_real_escape_string($_POST['Tiefe']) . "','CHF', '" . mysql_real_escape_string($_POST['Preis']) . "', '.--','" . mysql_real_escape_string($_POST['Versandkosten']) . "', '" . mysql_real_escape_string($subdir) . "', '" . mysql_real_escape_string($_FILES['userfile']['type']) . "', '" . mysql_real_escape_string($speicherdatum) . "', '" . mysql_real_escape_string($unix_time) . "')")){
unlink("../shop/pics/".$_FILES['userfile']['name']);
header("Location: article_upload_antw.php?flag=noDB");
exit;
}
else {
mysql_query("UPDATE artikel SET total=Preis+Versandkosten");
header("Location: article_upload_antw.php?flag=io");
exit;
}
}
exit;
}
?>
Wenn du mal Zeit und Gelegenheit hast, reinzuschauen, bin ich dir dankbar. Keine Eile!
Gruss
hannes
Der Martin