\r
//add_picture.php\r
include('../../../config.php');\r
-include_once('config.php'); //gallery config\r
+include_once(dirname(__FILE__).'/config.php'); //gallery config\r
include_once($DIR_LIBS . 'ITEM.php');\r
\r
\r
else {\r
$j=0;\r
while($ids[$j]) {\r
- $query = 'insert into '.sql_table('plug_gallery_promo').' values ('.$ids[$j].', '.$result['itemid'].')';\r
+ $query = 'insert into '.sql_table('plug_gallery_promo').' values ('.intval($ids[$j]).', '.intval($result['itemid']).')';\r
sql_query($query);\r
$j++;\r
}\r
$query = 'insert into '\r
.$temp_table\r
.'(tempid,memberid,albumid,filename,intfilename,thumbfilename,title,description,promote,error)'\r
- ." values (NULL, $memberid, $albumid, '$filename', '$int_filename', '$thumb_filename', '$defaulttitle', '$description', 0, '$error') ";\r
+ ." values (NULL, ".intval($memberid).", ".intval($albumid).", '".addslashes($filename)."', '".addslashes($int_filename)."', '".addslashes($thumb_filename)."', '".addslashes($defaulttitle)."', '".addslashes($description)."', 0, '".addslashes($error)."') ";\r
//echo $query.'<br/>';\r
$result = sql_query($query);\r
\r