$v) { // $$k = htmlspecialchars(stripslashes(trim($v))); $$k = trim($v); } function get_basename($filename) { return preg_replace('/^.+[\\\\\\/]/', '', $filename); } if ($_FILES["attatch1"]["error"] == 0) { $file_name = $_FILES["attatch1"]["name"]; $temp_file_name = $_FILES["attatch1"]["tmp_name"]; $file_size = $_FILES["attatch1"]["size"]; $target_dir = "board-attach/"; $target_file1 = strtolower($target_dir . get_basename($file_name)); $img_file_type = pathinfo($file_name, PATHINFO_EXTENSION); $upload_ok = 1; if (file_exists($target_file1)) unlink($target_file1); $upload_res_1 = move_uploaded_file($temp_file_name, $target_file1); } else $target_file1 = ""; if ($target_file1 && !$upload_res_1) { echo ""; } $db_query = "insert into board (title, content, attach, pin, creater, create_at) values ("; $db_query .= "'$title', '$content', '$target_file1', '1', '" . $user_id . "', NOW())"; $result = mysqli_query($link, $db_query); if (mysqli_affected_rows($link) > 0) { include "class/Cnotice.php"; $cn = new Cnotice(); $sql = " SELECT accountid FROM account WHERE accounttype IN ('B','C','D','E','M','W') "; $result = mysqli_query($link, $sql); foreach ($result as $row) { $permission = $row["accountid"]; $data = array( 'kind' => 1, 'related_id' => $id, 'title' => $title, 'content' => $content, 'permission' => $permission, 'creater' => $user_id, 'create_at' => date("Y-m-d H:i:s") ); $cn->sendx($data); } echo ""; } elseif (mysqli_affected_rows($link) == 0) { echo ""; } else { echo "{$db_query} 語法執行失敗，錯誤訊息SSS: " . mysqli_error($link); } mysqli_close($link); }