summaryrefslogtreecommitdiff
path: root/www/createfolder.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/createfolder.php')
-rw-r--r--www/createfolder.php12
1 files changed, 6 insertions, 6 deletions
diff --git a/www/createfolder.php b/www/createfolder.php
index bba776d..00d6d43 100644
--- a/www/createfolder.php
+++ b/www/createfolder.php
@@ -36,7 +36,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){
$db = new SQLite3("../database/sqlite.db");
- $id_db = $db->query("SELECT id FROM user WHERE name='$sname';");
+ $id_db = $db->query("SELECT id FROM user WHERE name='" . $sname . "';");
$id_ar = $id_db->fetchArray(SQLITE3_NUM);
$id = $id_ar[0];
@@ -49,9 +49,9 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){
$folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
if($absolutpath){
if($db->exec("
- INSERT INTO files (id, parent, owner, name, folder, share) VALUES (NULL, $k, $id, '$folder_array[$i]', '$type', '$public');
+ INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $k . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', '');
")){
- $primary_key_db = $db->query("SELECT id FROM files WHERE name='$folder_array[$i]'");
+ $primary_key_db = $db->query("SELECT id FROM files WHERE name='" . $folder_array[$i] . "';");
$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
$primary_key = $primary_key_ar[0];
$k=$primary_key;
@@ -59,12 +59,12 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){
database_error();
}
} else {
- $primary_key_db = $db->query("SELECT id FROM files WHERE name='$pwd'");
+ $primary_key_db = $db->query("SELECT id FROM files WHERE name='" . $pwd . "';");
$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
$primary_key = $primary_key_ar[0];
if($db->exec("
BEGIN TRANSACTION;
- INSERT INTO files (id, parent, owner, name, folder, share) VALUES (NULL, $primary_key, $id, '$folder_array[$i]', '$type', '$public');
+ INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, " . $primary_key . ", " . $id . ", '" . $folder_array[$i] . "', '" . $type . "', 0, '" . $public . "', '');
COMMIT;
")){
$pwd='$folder_array[$i]';
@@ -76,7 +76,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){
}
- header("Refresh: 0; /$name");
+ header("Refresh: 0; /" . $name);
} else {