<?php
require_once 'connect.php';
//check
$domain = $_SERVER['HTTP_HOST'];
$uri = parse_url($_SERVER['HTTP_REFERER']);
$r_domain = substr($uri['host'], strpos($uri['host'], "."), strlen($uri['host']));
if ($domain == $r_domain) {
$link = f_sqlConnect(DB_username, DB_password, DB_name);
$_POST = f_clean($_POST);
//define variables
//redirect
$redirect = $_POST["redirect_to"];
$referred = $_SERVER['HTTP_REFERER'];
$query = parse_url($referred, PHP_URL_QUERY);
$referred = str_replace(array('?', $query), '', $referred);
//extra fields: to add timestamp and ip
//insert data
/* if(f_tableExists($user) ) (optional line)
create fn f_tableExists($tablename) to check*/
$pwd = $_POST["password"];
$regID = $_POST["regID"];
$sql = "INSERT INTO user (id, password, user_type) VALUES ('{$regID}','{$pwd}', 'Employee')";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error());
}
$fname = $_POST["fname"];
$gender = $_POST["gender"];
$dob = $_POST["date"];
$address = $_POST["address"];
$category = $_POST["category"];
<?php
require_once "config.php";
require_once "functions.php";
session_start();
f_sqlConnect(DB_USER, DB_PASSWORD, DB_NAME);
if (isset($_SESSION["username"])) {
$username = $_SESSION["username"];
$list = $_POST["teammembers"];
$school = $_POST["schoolname"];
$list = filter_var($list, FILTER_SANITIZE_STRING);
$school = filter_var($school, FILTER_SANITIZE_STRING);
$sql = "UPDATE users SET teammembers = '{$list}', schoolname = '{$school}' WHERE username = '******'";
$result = mysql_query($sql);
if (!$result) {
echo "Error!";
}
} else {
echo "Not logged in!";
}