p30online
جمعه 04 بهمن 1392, 12:25 عصر
دوستان این سورس امنیت داره یا خیر ؟
<?php
session_start();
ob_start();
if(isset($_POST['sendestate']))
{
$host="localhost"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="adbase"; // Database name
$tbl_name="tbname"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
//include('jdf.php');
//$day_number = jdate('j');
//$month_number = jdate('n');
//$year_number = jdate('y');
//$day_name = jdate('l');
//$date="$year_number/$month_number/$day_number";
mysql_query('SET NAMES \'utf8\'');
$namemelk=$_POST['namemelk'];
$noe =$_POST["noe"];
$foroshande=$_POST['foroshande'];
$metraj=$_POST['metraj'];
$gheymat=$_POST['gheymat'];
$phone=$_POST['phone'];
$address=$_POST['address'];
$email=$_POST['email'];
$tozihat=$_POST['tozihat'];
$namemelk=stripslashes($namemelk);
$noe =stripslashes($noe);
$foroshande=stripslashes($foroshande);
$metraj=stripslashes($metraj);
$gheymat=stripslashes($gheymat);
$phone=stripslashes($phone);
$address=stripslashes($address);
$email=stripslashes($email);
$tozihat=stripslashes($tozihat);
$namemelk=mysql_real_escape_string($namemelk);
$noe = mysql_real_escape_string($noe);
$foroshande=mysql_real_escape_string($foroshande);
$metraj=mysql_real_escape_string($metraj);
$gheymat=mysql_real_escape_string($gheymat);
$phone=mysql_real_escape_string($phone);
$address=mysql_real_escape_string($address);
$email=mysql_real_escape_string($email);
$tozihat=mysql_real_escape_string($tozihat);
if (!isset($_FILES['image']['tmp_name'])) {
echo "";
}
else{
$file=$_FILES['image']['tmp_name'];
$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name= addslashes($_FILES['image']['name']);
move_uploaded_file($_FILES["image"]["tmp_name"],"uploadestate/" . $_FILES["image"]["name"]);
$location="../businessonline/insert/uploadestate/" . $_FILES["image"]["name"];
}
mysql_query('SET NAMES \'utf8\'');
$qry=mysql_query("INSERT INTO `estate` (`namemelk`,`noe`,`foroshande`, `metraj`, `gheymat`, `phone`, `address`, `email`, `tozihat`,`image`) VALUES ('$namemelk','$noe','$foroshande', '$metraj', '$gheymat', '$phone', '$address', '$email', '$tozihat','$location');");
if($qry)
$_SESSION['y']='y';
header('location:../estate.php');
exit();
?>
}
else
{
header('location:../estate.php');
exit();
}
?>
<?php
session_start();
ob_start();
if(isset($_POST['sendestate']))
{
$host="localhost"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="adbase"; // Database name
$tbl_name="tbname"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
//include('jdf.php');
//$day_number = jdate('j');
//$month_number = jdate('n');
//$year_number = jdate('y');
//$day_name = jdate('l');
//$date="$year_number/$month_number/$day_number";
mysql_query('SET NAMES \'utf8\'');
$namemelk=$_POST['namemelk'];
$noe =$_POST["noe"];
$foroshande=$_POST['foroshande'];
$metraj=$_POST['metraj'];
$gheymat=$_POST['gheymat'];
$phone=$_POST['phone'];
$address=$_POST['address'];
$email=$_POST['email'];
$tozihat=$_POST['tozihat'];
$namemelk=stripslashes($namemelk);
$noe =stripslashes($noe);
$foroshande=stripslashes($foroshande);
$metraj=stripslashes($metraj);
$gheymat=stripslashes($gheymat);
$phone=stripslashes($phone);
$address=stripslashes($address);
$email=stripslashes($email);
$tozihat=stripslashes($tozihat);
$namemelk=mysql_real_escape_string($namemelk);
$noe = mysql_real_escape_string($noe);
$foroshande=mysql_real_escape_string($foroshande);
$metraj=mysql_real_escape_string($metraj);
$gheymat=mysql_real_escape_string($gheymat);
$phone=mysql_real_escape_string($phone);
$address=mysql_real_escape_string($address);
$email=mysql_real_escape_string($email);
$tozihat=mysql_real_escape_string($tozihat);
if (!isset($_FILES['image']['tmp_name'])) {
echo "";
}
else{
$file=$_FILES['image']['tmp_name'];
$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name= addslashes($_FILES['image']['name']);
move_uploaded_file($_FILES["image"]["tmp_name"],"uploadestate/" . $_FILES["image"]["name"]);
$location="../businessonline/insert/uploadestate/" . $_FILES["image"]["name"];
}
mysql_query('SET NAMES \'utf8\'');
$qry=mysql_query("INSERT INTO `estate` (`namemelk`,`noe`,`foroshande`, `metraj`, `gheymat`, `phone`, `address`, `email`, `tozihat`,`image`) VALUES ('$namemelk','$noe','$foroshande', '$metraj', '$gheymat', '$phone', '$address', '$email', '$tozihat','$location');");
if($qry)
$_SESSION['y']='y';
header('location:../estate.php');
exit();
?>
}
else
{
header('location:../estate.php');
exit();
}
?>