$lpse = anti_sql($_POST['lpse']); $komite = anti_sql($_POST['komite']); $kode_proyek = anti_sql($_POST['kode_proyek']); $mulai = anti_sql($_POST['mulai']); $provider = anti_sql($_POST['provider']); $budget = anti_sql($_POST['budget']); $cost = anti_sql($_POST['cost']); $kategori = anti_sql($_POST['kategori']); $kota = anti_sql($_POST['kota']); $skpd = anti_sql($_POST['skpd']); $agent = anti_sql($_POST['agent']); $sumber_dana = anti_sql($_POST['sumber_dana']); $selesai = anti_sql($_POST['selesai']); $npwp = anti_sql($_POST['npwp']); $estimation = anti_sql($_POST['estimation']); $lampiran = $_FILES['lampiran']; $photo = $_FILES['photo']; $keterangan = anti_sql($_POST['keterangan']); $q = mysql_query("INSERT INTO data_pembangunan VALUES(\n\t\t'',\n\t\t'{$nama_proyek}',\n\t\t'{$provinsi}',\n\t\t'{$lpse}',\n\t\t'{$komite}',\n\t\t'{$kode_proyek}',\n\t\t'{$mulai}',\n\t\t'{$provider}',\n\t\t'{$budget}',\n\t\t'{$cost}',\n\t\t'{$kategori}',\n\t\t'{$kota}',\n\t\t'{$skpd}',\n\t\t'{$agent}',\n\t\t'{$sumber_dana}',\n\t\t'{$selesai}',\n\t\t'{$npwp}',\n\t\t'{$estimation}',\n\t\t'{$lampiran}',\n\t\t'{$photo}',\n\t\t'{$keterangan}'\n\n\t\t)"); if ($q) { $qry = mysql_fetch_array(mysql_query("SELECT * FROM data_pembangunan ORDER BY id DESC LIMIT 1")); $id = $qry['id']; header("Location: /post.html?id={$id}"); } else { print "Error bro" . mysql_error(); die; } } else { header('Location: /'); print "Ngopo bro ?"; }
include '../../scripts/connection.php'; $page = $_GET['page']; session_start(); if ($page == '' || $page == 1) { $page = 'login.php'; } if ($page == 2) { $email = $_POST['email']; $password = sha1($_POST['password']); $_SESSION['valid'] = false; function anti_sql($txt) { $txt = get_magic_quotes_gpc() == 0 ? addslashes($txt) : $txt; return preg_replace("@(--|\\#|\\*|;|=)@s", "", $txt); } $email = anti_sql($email); $password = anti_sql($password); $query = "select * from tb_usuario where (email = '{$email}') and (senha = '{$password}')"; $results = mysql_query($query); if (mysql_num_rows($results) == 1) { $_SESSION['valid'] = true; $array = mysql_fetch_array($results); $_SESSION['id_usuario'] = $array['id_usuario']; $_SESSION['nome'] = $array['nome']; print "<script> location.href = '../../index.php';</script>"; } else { $_SESSION['valid'] = false; print "<script> location.href = 'login.php';</script>"; } }