I have project of create something like blog. The problem am facing now.
- trying to post articles within there are php, html code and contain some character keep failed.
- later on it try to use
htmlspecialchars($_POST['body']). it change but in frontend the results isdont ' me i s't (opsdd) <====> saya whatis ? ! ---
My code:
session_start();
include('../../conn/connect.php');
if (isset($_POST["submit"])) {
$for_query = '';
if (!empty($_POST["sub"])) {
$subject = $_POST['subject'];
$body = htmlspecialchars($_POST['body']);
$menu = $_POST['menu'];
foreach ($_POST["sub"] as $language) {
$for_query .= $language . ',';
}
$year = date("Y");
foreach ($_FILES['file']['name'] as $key => $name) {
$size = $_FILES['file']['size'][$key];
$file = $_FILES['file']['name'][$key];
$extension = explode('.', $name);
$extension = end($extension);
$extension = strtolower($extension);
$random_name = rand();
$images = $subject . "." . $extension;
$save = $_SESSION['folder'] . '/' . $images;
$url = $images;
if (
$_FILES['file']['error'][$key] == 0 &&
move_uploaded_file($_FILES['file']['tmp_name'][$key], "../users/{$_SESSION['folder']}/{$images}")
) {
$uploaded[]=$images;
$for_query = substr($for_query, 0, -2);
$query = "INSERT INTO content (subject,body,menu,sub,files) VALUES ('$subject','$body','$menu','$for_query','$save')";
$q = $db->prepare($query);
$q->execute();
} else {
echo "<label class='text-danger'>* Please Select Atleast one</label>";
}
}
}
}
