// $link, // $host, // $user, // $password, // $db, // $port // ); // // echo $success; // mysqli_query($link,"SET NAMES utf8"); $title = $_POST['title']; $director = $_POST['director']; $rating = $_POST['rating']; $year = $_POST['year']; $length = $_POST['length']; $boxOffice = $_POST['boxOffice']; $sql = "INSERT INTO Movies (`title`, `director`, `year`, `rating`, `length`, `boxOffice`) VALUES (" . sqlPreprocess($title) . ", " . sqlPreprocess($director) . ", " . sqlPreprocess($year) . ", " . sqlPreprocess($rating) . ", " . sqlPreprocess($length) . ", " . sqlPreprocess($boxOffice) . ")"; $result = mysqli_query($link, $sql); echo $result; echo '<script type="text/javascript"> window.location = "index.html"</script>'; function sqlPreprocess($origin) { if (get_magic_quotes_gpc()) { $origin = stripslashes($origin); } $origin = "'" . mysql_real_escape_string($origin) . "'"; return $origin; } ?> </tbody>
<body> <?php $user = '******'; $password = ''; $db = 'movie'; $host = 'localhost'; $port = 3306; $link = mysqli_init(); $success = mysqli_real_connect($link, $host, $user, $password, $db, $port); // echo $success; mysqli_query($link, "SET NAMES utf8"); $movieTitle = $_POST['movieTitle']; $review = $_POST['review']; $reviewerName = $_POST['reviewerName']; $sql = "INSERT INTO Reviews (`movieTitle`, `reviewerName`, `review`) VALUES (" . sqlPreprocess($movieTitle) . ", " . sqlPreprocess($reviewerName) . ", " . sqlPreprocess($review) . ")"; $result = mysqli_query($link, $sql); echo $result; echo '<script type="text/javascript"> window.location = "index.html"</script>'; function sqlPreprocess($origin) { if (get_magic_quotes_gpc()) { $origin = stripslashes($origin); } $origin = "'" . mysql_real_escape_string($origin) . "'"; return $origin; } ?> </tbody>
echo $key; echo "</td>"; echo "<td>"; if ($key == "length)") { echo " minutes"; } echo $row[$value]; echo "</td>"; echo "</tr>"; } echo '</table>'; // echo $row['rate']; // echo $row['Driver.carId']; } // echo "good"; $sql = "select * from Reviews where movieTitle = " . sqlPreprocess($movieTitle); // echo $sql; if ($result = mysqli_query($link, $sql)) { while ($row = mysqli_fetch_assoc($result)) { echo "<p>"; echo $row['review']; echo "</p>"; } mysqli_free_result($result); } function sqlPreprocess($origin) { if (get_magic_quotes_gpc()) { $origin = stripslashes($origin); } $origin = "'" . mysql_real_escape_string($origin) . "'";