Файл: Kagao-v3.0/upload/add.php
Строк: 78
<?php
session_start();
require('classes/config.php');
error_reporting(0);
ini_set('max_execution_time', 300);
if(empty($_FILES['file']['tmp_name']))
{
$e->location('2create.php?k1='.$_POST['kate1'].'&k2='.$_POST['kate2'].'&k3='.$_POST['kate3'].'&k4='.$_POST['kate4'].'');
die;
}
include "inc/db.php";
include "inc/photo.php";
$db = new db();
$sdk = new photohost();
$photo = uniqid();
$count = count($_FILES['file']['name']);
for($i=0; $i<$count; $i++){
if(!empty( $_FILES['file']['tmp_name'][$i] )){
$randInt = mt_rand(1,24);
$createInt = md5(time()*$randInt);
$sdk->upload(false, 0, 0, 0, 'upload', $createInt, 'file', ''.$i.'');
$photos[] = $createInt;
}
}
$fotos = join('|-|', $photos);
$fotos = str_replace($photos[0] . '|-|', '', $fotos);
$fotos = str_replace($photos[0], '', $fotos);
$ean = $_POST['eanSearch'] ? $_POST['eanSearch'] : '';
$e->query('INSERT INTO produkte SET
titel = "'.$e->real_escape(htmlspecialchars($_POST['titel'])).'",
preis = "'.$e->real_escape($_POST['preis']).'",
bild = "'.$e->real_escape($photos[0]).'",
fotos = "'.$e->real_escape($fotos).'",
postleitzahl = "'.$e->real_escape($_POST['plz']).'",
erstellung = "'.time().'",
kategorie = "'.$e->real_escape($_POST['kate1']).'",
beschreibung = "'.$e->real_escape(htmlspecialchars($_POST['beschreibung'])).'",
youtubelink = "'.$e->real_escape(htmlspecialchars($_POST['youtube'])).'",
impressum = "'.$e->real_escape(htmlspecialchars($_POST['impressum'])).'",
anzeigeart = "'.$e->real_escape($_POST['type']).'",
anzeigeart2 = "'.$e->real_escape($_POST['mtype2']).'",
preisart = "'.$e->real_escape($_POST['geldart']).'",
strasse = "'.$e->real_escape($_POST['strasse']).'",
hausnummer = "'.$e->real_escape($_POST['nummer']).'",
telefon = "'.$e->real_escape($_POST['telefon']).'",
stadt = "'.htmlspecialchars( $_POST['ort'] ).'",
highlightanzeige = "'.htmlspecialchars($ean).'",
unterkategorie = "'.$e->real_escape($_POST['kate2']).'",
unterkategorie1 = "'.$e->real_escape($_POST['kate3']).'",
unterkategorie2 = "'.$e->real_escape($_POST['kate4']).'",
uid = "'.$e->real_escape($_SESSION['login']).'",
zustand = "'.$e->real_escape($_POST['zustand']).'",
shipcost = "'.$e->real_escape(htmlspecialchars($_POST['shipcost'])).'",
versandart = "'.$e->real_escape($_POST['versandart']).'",
garantie = "'.$e->real_escape($_POST['garantie']).'",
accpaypal = "'.$e->real_escape($_POST['accpaypal']).'",
i_zimmer = "'.$e->real_escape($_POST['i_zimmer']).'",
i_flache = "'.$e->real_escape($_POST['i_flache']).'",
i_bezugfrei = "'.$e->real_escape(htmlspecialchars($_POST['i_bezugfrei'])).'",
i_miete = "'.$e->real_escape($_POST['i_miete']).'",
i_nebenkosten = "'.$e->real_escape($_POST['i_nebenkosten']).'",
i_heizkosten = "'.$e->real_escape($_POST['i_heizkosten']).'",
i_kaution = "'.$e->real_escape($_POST['i_kaution']).'",
i_provision = "'.$e->real_escape($_POST['i_provision']).'",
i_einbaukuche = "'.$e->real_escape($_POST['i_einbaukuche']).'",
i_keller = "'.$e->real_escape($_POST['i_keller']).'",
i_balkon = "'.$e->real_escape($_POST['i_balkon']).'",
i_garten = "'.$e->real_escape($_POST['i_garten']).'",
a_kw = "'.$e->real_escape($_POST['a_kw']).'",
a_ps = "'.$e->real_escape($_POST['a_ps']).'",
a_zustand = "'.$e->real_escape($_POST['a_zustand']).'",
a_getriebe = "'.$e->real_escape($_POST['a_getriebe']).'",
a_kraftstoff = "'.$e->real_escape(htmlspecialchars($_POST['a_kraftstoff'])).'",
a_kilometer = "'.$e->real_escape($_POST['a_kilometer']).'",
a_zulassung = "'.$e->real_escape($_POST['a_zulassung']).'",
statuscode = "'.$e->real_escape($statusSystem).'",
createip = "'.$_SERVER['REMOTE_ADDR'].'"
');
$e->location('itm' . $e->insert_id() . '-create');
?>