From 82be92a4ceeb9bf7ebbf61eb98882bd6333ee50f Mon Sep 17 00:00:00 2001
From: wibyweb <49052850+wibyweb@users.noreply.github.com>
Date: Wed, 10 Aug 2022 02:21:13 -0400
Subject: [PATCH] Add files via upload

---
 html/insert/insert.php | 64 +++++++++++++++++++++---------------------
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/html/insert/insert.php b/html/insert/insert.php
index 207744b..8033dbe 100755
--- a/html/insert/insert.php
+++ b/html/insert/insert.php
@@ -41,39 +41,39 @@
 		  exit(); 
 		}
  
-//	    $url = mysqli_real_escape_string($link, $_POST['url']);
-		$url = str_replace("\'", "\'\'", $_POST['url']);
-		$url = str_replace("\"", "\"\"", $url);
-//		$title = mysqli_real_escape_string($link, $_POST['title']);
-		$title = str_replace("\'", "\'\'", $_POST['title']);
-		$title = str_replace("\"", "\"\"", $title);
-//		$tags = mysqli_real_escape_string($link, $_POST['tags']);
-		$tags = str_replace("\'", "\'\'", $_POST['tags']);
-		$tags = str_replace("\"", "\"\"", $tags);
-//		$description = mysqli_real_escape_string($link, $_POST['description']);
-		$description = str_replace("\'", "\'\'", $_POST['description']);
-		$description = str_replace("\"", "\"\"", $description);
-//		$body = mysqli_real_escape_string($link, $_POST['body']);
-		$body = str_replace("\'", "\'\'", $_POST['body']);
-		$body = str_replace("\"", "\"\"", $body);
-//		$http = mysqli_real_escape_string($link, $_POST['http']);
-		$http = str_replace("\'", "\'\'", $_POST['http']);
-		$http = str_replace("\"", "\"\"", $http);
-//		$surprise = mysqli_real_escape_string($link, $_POST['surprise']);
-		$surprise = str_replace("\'", "\'\'", $_POST['surprise']);
-		$surprise = str_replace("\"", "\"\"", $surprise);
-//		$worksafe = mysqli_real_escape_string($link, $_POST['worksafe']);
-		$worksafe = str_replace("\'", "\'\'", $_POST['worksafe']);
-		$worksafe = str_replace("\"", "\"\"", $worksafe);
-//    	$enable = mysqli_real_escape_string($link, $_POST['enable']);
-		$enable = str_replace("\'", "\'\'", $_POST['enable']);
-		$enable = str_replace("\"", "\"\"", $enable);
-//		$updatable = mysqli_real_escape_string($link, $_POST['updatable']);
-		$updatable = str_replace("\'", "\'\'", $_POST['updatable']);
-		$updatable = str_replace("\"", "\"\"", $updatable);
+	    $url = mysqli_real_escape_string($link, $_POST['url']);
+//		$url = str_replace("\'", "\'\'", $_POST['url']);
+//		$url = str_replace("\"", "\"\"", $url);
+		$title = mysqli_real_escape_string($link, $_POST['title']);
+//		$title = str_replace("\'", "\'\'", $_POST['title']);
+//		$title = str_replace("\"", "\"\"", $title);
+		$tags = mysqli_real_escape_string($link, $_POST['tags']);
+//		$tags = str_replace("\'", "\'\'", $_POST['tags']);
+//		$tags = str_replace("\"", "\"\"", $tags);
+		$description = mysqli_real_escape_string($link, $_POST['description']);
+//		$description = str_replace("\'", "\'\'", $_POST['description']);
+//		$description = str_replace("\"", "\"\"", $description);
+		$body = mysqli_real_escape_string($link, $_POST['body']);
+//		$body = str_replace("\'", "\'\'", $_POST['body']);
+//		$body = str_replace("\"", "\"\"", $body);
+		$http = mysqli_real_escape_string($link, $_POST['http']);
+//		$http = str_replace("\'", "\'\'", $_POST['http']);
+//		$http = str_replace("\"", "\"\"", $http);
+		$surprise = mysqli_real_escape_string($link, $_POST['surprise']);
+//		$surprise = str_replace("\'", "\'\'", $_POST['surprise']);
+//		$surprise = str_replace("\"", "\"\"", $surprise);
+		$worksafe = mysqli_real_escape_string($link, $_POST['worksafe']);
+//		$worksafe = str_replace("\'", "\'\'", $_POST['worksafe']);
+//		$worksafe = str_replace("\"", "\"\"", $worksafe);
+    	$enable = mysqli_real_escape_string($link, $_POST['enable']);
+//		$enable = str_replace("\'", "\'\'", $_POST['enable']);
+//		$enable = str_replace("\"", "\"\"", $enable);
+		$updatable = mysqli_real_escape_string($link, $_POST['updatable']);
+//		$updatable = str_replace("\'", "\'\'", $_POST['updatable']);
+//		$updatable = str_replace("\"", "\"\"", $updatable);
 
-		$sql = 'INSERT INTO windex (url,title,tags,description,body,http,surprise,worksafe,enable,updatable,approver) 
-	VALUES ("'.$url.'","'.$title.'","'.$tags.'","'.$description.'","'.$body.'","'.$http.'","'.$surprise.'","'.$worksafe.'","'.$enable.'","'.$updatable.'","'.$_SESSION["user"].'")';
+		$sql = "INSERT INTO windex (url,title,tags,description,body,http,surprise,worksafe,enable,updatable,approver) 
+	VALUES ('".$url."','".$title."','".$tags."','".$description."','".$body."','".$http."','".$surprise."','".$worksafe."','".$enable."','".$updatable."','".$_SESSION["user"]."')";
 
 
 		if (!mysqli_query($link, $sql))