last update: Mon, 05 Sep 2011 17:16:55 +0000
  1. <?
  2. require_once('add_smarty.php');
  3. require_once('session.php');
  4. require_once('mysql_cfg.php');
  5. require_once('code_css.php');
  6. //main template
  7. $smarty->assign('main_template', 'text.tpl');
  8. //title
  9. $smarty->assign('title', 'Text');
  10. //set default = nothing
  11. $smarty->assign('html_code', false);
  12. $smarty->assign('id', false);
  13. function escape_string($s)
  14. {
  15. //$result = $s;
  16. //$result = str_replace('\\', '\\\\', $result);
  17. //$result = str_replace('"', '###anfuehrunszeichen###', $result);
  18. //return $result;
  19. return mysql_real_escape_string($s);
  20. }
  21. function unescape_string($s)
  22. {
  23. return $s;
  24. }
  25. if (isset($_POST['text']))
  26. {
  27. $query = 'SELECT `id` as x FROM `mapping_nopaste_text` ORDER BY `id` DESC;';
  28. $count = mysql_fetch_array(mysql_query($query, $mysqlconnection));
  29. $id = $count['x'] + 1;
  30. //$text = "<pre>".htmlspecialchars($_POST['text'])."</pre>";
  31. $text = htmlspecialchars(stripslashes($_POST['text']));
  32. $text = str_replace(" ", " ", $text);
  33. $text = str_replace(" ", "  ", $text);
  34. $text = str_replace("\r\n", "\r\n<br />", $text); //remove double linebreak
  35. //check if code contains url:
  36. if (strpos($text, "http://") !== false) {
  37. if (session_get_userid_secure() <= 0) {
  38. die('Um Spam zu vermeiden dürfen Posts, die Internet-Addressen enthalten nur von angemeldeten Benutzerstellt werden.');
  39. }
  40. }
  41. $query = 'INSERT INTO
  42. `mapping_nopaste_text` (`id`, `text`, `html_code`, `datum` )
  43. VALUES ("'.$id.'", "'.escape_string($_POST['text']).'", "'.escape_string($text).'", NOW())
  44. ';
  45. $temp = mysql_query($query, $mysqlconnection);
  46. echo mysql_error();
  47. if (mysql_error())
  48. {
  49. echo "<pre>$query</pre><br />";
  50. }
  51. $smarty->assign('html_code', $text);
  52. $smarty->assign('id', $id);
  53. }
  54. elseif (isset($_GET['id']))
  55. {
  56. $id = $_GET['id'];
  57. $query = 'SELECT * FROM `mapping_nopaste_text` WHERE `id` LIKE "'.$id.'";';
  58. //echo "$query<br>";
  59. $data = mysql_query($query, $mysqlconnection);
  60. echo mysql_error();
  61. $row = mysql_fetch_array($data);
  62. $smarty->assign('html_code', unescape_string($row['html_code']));
  63. $smarty->assign('id', $id);
  64. }
  65. $smarty->assign("compileTime",sprintf("%.4f",(microtime(true) - $sript_start_time))); $smarty->display('site.tpl');
  66. ?>

goto line:
Compare with:
text copy window edit this code post new code