LaCReMeL adlı üyeden alıntı: mesajı görüntüle
mysql_real_escape_string uygula db ye girmeden önce
Anlaymadım hocam biraz açarmısınız...

Bunlarda admin panelde içerik eklediğim dosya;

<?php header("Content-Type: text/html; charset=windows-1254"); header("Content-language: TR;"); ?>

<?include("../inc.php");?>

<html>
<head>
<title>Yönetim Paneline Ho$ Geldiniz..</title>
<meta http-equiv="Content-Language" content="tr">
<meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1254">
<meta name="title" content=""> 
</head>
<?

function resim_yukle($resim,$hedef){

$kaynak = $_FILES[$resim]["tmp_name"];

$resimad = $_FILES[$resim]["name"];

$resimtipi = $_FILES[$resim]["type"];

$bul = explode(".",$resimad);

$say = count($bul);

$uzanti = $bul[$say-1];

if ($uzanti=="jpg" or $uzanti=="gif" or $uzanti=="jpeg" or $uzanti=="png" or $uzanti=="bmp" or $uzanti=="JPG" or $uzanti=="GIF" or $uzanti=="JPEG" or $uzanti=="PNG" or $uzanti=="BMP"){

$yeniad = substr(md5(rand()), 0,10);

$yeniresimadi = "$yeniad.$uzanti";

$yukle = move_uploaded_file($kaynak,$hedef.'/'.$yeniresimadi);

$resim = "$yeniresimadi";

return $resim;

}

else {

echo "Resim Yüklemede Hata!";

}



}

?>

<body style="background-color: #E1E1E1">

<TABLE id=table39 cellSpacing=0 cellPadding=0 width=923 align=center>
  <TBODY>
  <TR>
    <TD width=923 height=13>

    <IMG src="back_top.gif" width="922" height="23"></TD></TR>
  <TR>
    <TD>
      <TABLE id=table40 cellSpacing=0 cellPadding=0 bgColor=#ffffff width="923">
        <TBODY>
        <TR>
          <TD width=12>&nbsp; </TD>
          <TD vAlign=top width=911>

            <TABLE style="WIDTH: 904px" cellSpacing=0 cellPadding=0 border=0 id="table46">
              <TBODY>
              <TR>
                <TD style="WIDTH: 904px" 
        vAlign=top>
                &nbsp;<p><font size="7" face="Arial"><b>YÖNETİM PANELİNE 
                HOŞGELDİNİZ</b></font></p>
                <p>&nbsp;</TD></TR></TBODY></TABLE>
            </TD></TR></TBODY></TABLE></TD></TR>
  <TR>

    <TD align=middle width=923 bgColor=#ffffff height=16>
    <table border="1" width="100%" id="table64" cellspacing="0" cellpadding="0" style="border-collapse: collapse; border: 1px dotted #006666">
        <tr>
            <td>
                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254" />
<title>Sprite Menu</title>
<link rel="stylesheet" href="menu_style.css" type="text/css" media="all" />

</head>
<body>
        <div>
            <ul id='menu'>
            <li class="button"><a href="index.php">Anasayfa</a></li>
            
            

            </ul>
        </div><!-- End of Nav Div -->        
</body>
</html>
<?

$pw = $_POST['pw'];

if($pw == "1"){



$adi = guvenlik($_POST['adi']);

$hit = guvenlik($_POST['hit']);

$adi_s =trsil(guvenlik($_POST['adi']));

$haber = $_POST['haber'];

$kid = $_POST['kid'];

$durum = $_POST["durum"];

$resim = resim_yukle(resim,'../upload/haber');

$resim='upload/haber/'.$resim;



mysql_query("Insert Into haberler (haber,kid,resim,adi,hit,adi_s,tarih,durum) values ('$haber','$kid','$resim','$adi','$hit','$adi_s',now(),'$durum')");

echo "Haber eklendi | <a href='javascript:history.back()'>Geri Dön</a> veya <a href='genelekle.php'>Yeni Duyuru Ekle</a>";

}else{

?>
            </td>
        </tr>

    </table>
    </TD></TR>
  <TR>
    <TD align=middle width=923 bgColor=#ffffff height=16>  <TABLE cellSpacing=0 cellPadding=0 width=546 align=center 

              border=0><TBODY> <FORM action=genelekle.php enctype="multipart/form-data" method=post ><INPUT type=hidden 

                value=1 name=pw> 

              <TR height=25>

                <TD align=left><B>Başlık :</B></TD>

                <TD>

                <INPUT class=field style="WIDTH: 416; HEIGHT: 25" 

                  size=10 name=adi ></TD></TR>



                    



                <TR height=120>

                <TD align=left><B>Haber :</B></TD>

                <TD><TEXTAREA class=field style="WIDTH: 416px; HEIGHT: 250px" name=haber rows=6 cols=10></TEXTAREA></TD></TR>

                       <tr>

                        <font face="Trebuchet MS" size="3"><b>

                <TD align=left><b>Resim :</b></TD>

                <TD>

                <INPUT type="file" class=field style="WIDTH: 200px; HEIGHT: 25px"  value=""

                  size=10 name=resim ></TD>

                        </b></font>

                    </tr>

                  



            

                 



            

 <TR height=35>

                <TD align=left></TD>

                <TD><INPUT class=button type=submit value=Ekle name=send_button></TD></TR></TBODY></TABLE><?}?></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></FORM></td>

                    </tr>

                </table>

                </div>

                        <div class="clear"></div><p>&nbsp;</p>
    <p>
                &nbsp;</p>
    <p>&nbsp;</TD></TR></TBODY></TABLE>
<div align="center">
<TABLE height=5 cellSpacing=0 cellPadding=0 width=925 bgcolor="#000000" id="table60">
  <TBODY>

  <TR>
    <TD bgcolor="#993333">&nbsp;</TD></TR></TBODY></TABLE>
</div>
<TABLE cellSpacing=0 cellPadding=0 width=925 align=center id="table61">
  <TBODY>
  <TR>
    <TD align=left>
      <TABLE height=2 cellSpacing=0 cellPadding=0 width="100%" bgcolor="#A9170B" id="table62">
        <TBODY>
        <TR>

          <TD align=middle bgColor=#000000></TD></TR></TBODY></TABLE>
      <TABLE height=30 cellSpacing=0 cellPadding=0 width="100%" id="table63">
        <TBODY>
        <TR>
          <TD align=middle bgColor=#003366>
            <p align="right"><font face="Arial" color="#FFFFFF" size="2">Coded 
            by Gökhan Özdemir &amp; </font></TD></TR></TBODY></TABLE>
      </TD></TR></TBODY></TABLE>

</body>

</html>