403Webshell
Server IP : 61.19.30.66  /  Your IP : 216.73.216.80
Web Server : Apache/2.2.22 (Ubuntu)
System : Linux klw 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:39:31 UTC 2014 x86_64
User : www-data ( 33)
PHP Version : 5.3.10-1ubuntu3.48
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/cooperative/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/cooperative/uploadproduct.php
<?
require_once "config/confiteacher.inc.php";
$teach=$objResult["teachcode"];
$signup = (date("Y")+543).date("/n/j/");
require_once "head.php";
?>
<?php 
    $connect = mysqli_connect("localhost", "root", "klw3322", "klw");
    if(isset($_POST["submit"]))
{
    if($_FILES['file']['name'])
    {
        $filename = explode(".", $_FILES['file']['name']);
        if($filename[1] == 'csv')
        {
            $handle = fopen($_FILES['file']['tmp_name'], "r");
            while($data = fgetcsv($handle))
            {
                $item1 = mysqli_real_escape_string($connect, $data[0]);
				$item2 = mysqli_real_escape_string($connect, $data[1]);
				$item3 = mysqli_real_escape_string($connect, $data[2]);
				$item4 = mysqli_real_escape_string($connect, $data[3]);
				$item5 = mysqli_real_escape_string($connect, $data[4]);
				$item6 = mysqli_real_escape_string($connect, $data[5]);
				$item7 = mysqli_real_escape_string($connect, $data[6]);
                $query = "INSERT into sell_product(sell_proid,sell_proname,sell_procost,sell_prosell,sell_bacode,sell_unit,sell_user) values('$item1','$item2','$item3','$item4','$item5','$item6','$item7')";
				mysqli_set_charset($connect, "tis620");
                mysqli_query($connect, $query);
				
            }
            fclose($handle);
            echo"<script>window.alert(\"ºÑ¹·Ö¡ÊÓàÃ稤Ð\");history.go (-1);</script>";
        }
    }
}
?>
<!DOCTYPE html>
<html>
<head>
    <title></title>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>  
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
</head>
<body>
    <form method="post" enctype="multipart/form-data">
        <div align="center">
            <label>Select CSV File:</label>
            <input type="file" name="file" />
            <br />
            <input type="submit" name="submit" value="Import" class="btn btn-info" />
			<br>
			<br>
			<a href="excellpro.php">Download data</a>
        </div>
    </form>

	<?
require_once "reportpro.php";
?>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit