2024-10-10
This commit is contained in:
33
web/bsadmin/news_add.php
Normal file
33
web/bsadmin/news_add.php
Normal file
@@ -0,0 +1,33 @@
|
||||
<?php
|
||||
require_once ("header-files.php");
|
||||
require_once("../include/check_post_key.php");
|
||||
if ($mod=='hacker') {
|
||||
header("Location:index.php");
|
||||
}
|
||||
|
||||
require_once("../include/db_info.inc.php");
|
||||
require_once("../include/my_func.inc.php");
|
||||
|
||||
//contest_id
|
||||
$title = $_POST['title'];
|
||||
$content = $_POST['content'];
|
||||
|
||||
$user_id = $_SESSION[$OJ_NAME.'_'.'user_id'];
|
||||
|
||||
if(false){
|
||||
$title = stripslashes($title);
|
||||
$content = stripslashes($content);
|
||||
}
|
||||
|
||||
$content = str_replace("<p>", "", $content);
|
||||
$content = str_replace("</p>", "<br />", $content);
|
||||
$content = str_replace(",", ",", $content);
|
||||
|
||||
$title=RemoveXSS($title);
|
||||
$content=RemoveXSS($content);
|
||||
|
||||
$sql = "INSERT INTO news(`user_id`,`title`,`content`,`time`) VALUES(?,?,?,now())";
|
||||
pdo_query($sql,$user_id,$title,$content);
|
||||
|
||||
echo "<script>window.location.href=\"news_list.php\";</script>";
|
||||
?>
|
||||
Reference in New Issue
Block a user