Skip to content

S
sfcode
Commit 4cc6c998 authored by Paarth's avatar Paarth
Browse files
Options

minor

parent 8ac1e61f
Show whitespace changes
Inline Side-by-side
Showing with 13 additions and 11 deletions
backend/filedelete.php
View file @ 4cc6c998
...@@ -18,9 +18,10 @@ if (isset($postData) && !empty($postData)) { ...@@ -18,9 +18,10 @@ if (isset($postData) && !empty($postData)) {
$request = json_decode($postData, true); $request = json_decode($postData, true);
$isFile = trim($request['isFile']); $isFile = trim($request['isFile']);
if($isFile){ if($isFile){
$username = trim($request['file']['username']); $username = mysqli_real_escape_string($mysqli, trim($request['file']['username']));
$filename = trim($request['file']['filename']); $filename = trim($request['file']['filename']);
$lang = trim($request['file']['language']); $lang = trim($request['file']['language']);
$nFiles = trim($request['nFiles']);
$path = '../users/' . $username . '/' . trim($request['file']['path']) . '/' . $filename . $lang; $path = '../users/' . $username . '/' . trim($request['file']['path']) . '/' . $filename . $lang;
$exec_path = '../user_execs/' . $username . '/' . trim($request['file']['path']) . '/' . $filename; $exec_path = '../user_execs/' . $username . '/' . trim($request['file']['path']) . '/' . $filename;
...@@ -47,7 +48,8 @@ if (isset($postData) && !empty($postData)) { ...@@ -47,7 +48,8 @@ if (isset($postData) && !empty($postData)) {
$username = trim($request['username']); $username = trim($request['username']);
$dirname = trim($request['file']['name']); $dirname = trim($request['file']['name']);
$path = '../users/' . $username . '/' . trim($request['file']['path']) . '/' . $dirname; $path = '../users/' . $username . '/' . trim($request['file']['path']) . '/' . $dirname;
$sql = "UPDATE users SET n_files=n_files-$nFiles WHERE username = '$username'";
mysqli_query($mysqli,$sql);
$exec_path = '../user_execs/' . $username . '/' . trim($request['file']['path']) . '/' . $dirname; $exec_path = '../user_execs/' . $username . '/' . trim($request['file']['path']) . '/' . $dirname;
$ret_stat = 0; $ret_stat = 0;
......
backend/questions/question_save.php
View file @ 4cc6c998
...@@ -16,15 +16,15 @@ $postData = file_get_contents("php://input"); ...@@ -16,15 +16,15 @@ $postData = file_get_contents("php://input");
if(isset($postData) && !empty($postData)){ if(isset($postData) && !empty($postData)){
$request = json_decode($postData); $request = json_decode($postData);
$title = trim($request->title); $title = mysqli_real_escape_string($mysqli, trim($request->title));
$username = trim($request->username); //string $username = mysqli_real_escape_string($mysqli, trim($request->username)); //string
$statement = trim($request->statement); //string $statement = mysqli_real_escape_string($mysqli, trim($request->statement)); //string
$tc1 = trim($request->tc1); $tc1 = mysqli_real_escape_string($mysqli, trim($request->tc1));
$out1 = trim($request->out1); $out1 = mysqli_real_escape_string($mysqli, trim($request->out1));
$tc2 = trim($request->tc2); $tc2 = mysqli_real_escape_string($mysqli, trim($request->tc2));
$out2 = trim($request->out2); $out2 = mysqli_real_escape_string($mysqli, trim($request->out2));
$stime = trim($request->stime); //string $stime = mysqli_real_escape_string($mysqli, trim($request->stime)); //string
$etime = trim($request->etime); $etime = mysqli_real_escape_string($mysqli, trim($request->etime));
$sql = "INSERT INTO questions(title,username,statement,tc1,out1,tc2,out2,stime,etime) VALUES ('$title','$username','$statement','$tc1','$out1','$tc2','$out2','$stime','$etime')"; $sql = "INSERT INTO questions(title,username,statement,tc1,out1,tc2,out2,stime,etime) VALUES ('$title','$username','$statement','$tc1','$out1','$tc2','$out2','$stime','$etime')";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment