minor

4cc6c998 · Paarth · 8ac1e61f · 4cc6c998 · 4cc6c998
Commit 4cc6c998 authored Dec 08, 2020 by Paarth
Show whitespace changes
Inline Side-by-side

Showing with 13 additions and 11 deletions

backend/filedelete.php backend/filedelete.php +4 -2

backend/questions/question_save.php backend/questions/question_save.php +9 -9

No files found.
--- a/backend/filedelete.php
+++ b/backend/filedelete.php
@@ -18,9 +18,10 @@ if (isset($postData) && !empty($postData)) {
  $request = json_decode($postData, true);
  $isFile = trim($request['isFile']);
  if($isFile){
-    $username = trim($request['file']['username']);
+    $username = mysqli_real_escape_string($mysqli, trim($request['file']['username']));
    $filename = trim($request['file']['filename']);
    $lang = trim($request['file']['language']);
+    $nFiles = trim($request['nFiles']);
    $path = '../users/' . $username . '/' . trim($request['file']['path']) . '/' . $filename . $lang;

    $exec_path = '../user_execs/' . $username . '/' . trim($request['file']['path']) . '/' . $filename;
@@ -47,7 +48,8 @@ if (isset($postData) && !empty($postData)) {
  $username = trim($request['username']);
  $dirname = trim($request['file']['name']);
  $path = '../users/' . $username . '/' . trim($request['file']['path']) . '/' . $dirname;
-
+  $sql = "UPDATE users SET n_files=n_files-$nFiles WHERE username = '$username'";
+  mysqli_query($mysqli,$sql);
  $exec_path = '../user_execs/' . $username . '/' . trim($request['file']['path']) . '/' . $dirname;

  $ret_stat = 0;

--- a/backend/questions/question_save.php
+++ b/backend/questions/question_save.php
@@ -16,15 +16,15 @@ $postData = file_get_contents("php://input");
 if(isset($postData) && !empty($postData)){
    $request = json_decode($postData);

-    $title = trim($request->title);
-    $username = trim($request->username);  //string
-    $statement = trim($request->statement); //string
-    $tc1 = trim($request->tc1);
-    $out1 = trim($request->out1);
-    $tc2 = trim($request->tc2);
-    $out2 = trim($request->out2);
-    $stime = trim($request->stime); //string
-    $etime = trim($request->etime);
+    $title = mysqli_real_escape_string($mysqli, trim($request->title));
+    $username = mysqli_real_escape_string($mysqli, trim($request->username));  //string
+    $statement = mysqli_real_escape_string($mysqli, trim($request->statement)); //string
+    $tc1 = mysqli_real_escape_string($mysqli, trim($request->tc1));
+    $out1 = mysqli_real_escape_string($mysqli, trim($request->out1));
+    $tc2 = mysqli_real_escape_string($mysqli, trim($request->tc2));
+    $out2 = mysqli_real_escape_string($mysqli, trim($request->out2));
+    $stime = mysqli_real_escape_string($mysqli, trim($request->stime)); //string
+    $etime = mysqli_real_escape_string($mysqli, trim($request->etime));

    $sql = "INSERT INTO questions(title,username,statement,tc1,out1,tc2,out2,stime,etime) VALUES ('$title','$username','$statement','$tc1','$out1','$tc2','$out2','$stime','$etime')";