}
if ($_POST['formSubmit'] == "Submit") {
$varAnu_contenido = $_POST['anu_contingut'];
$varAnu_nom = $_POST['anu_nom'];
$varData_nom = $_POST['anu_data'];
$varAnu_foto = $_POST['anu_foto'];
$varAnu_tipus = $_POST['anu_tipus'];
$varRaca_id = $_POST['raca_id'];
$varMun_id = $_POST['mun_id'];
}
$db = mysqli_connect("localhost", "root", "");
if (!$db) {
die("Error connecting to MySQL database.");
}
mysqli_select_db("bd_botiga_animals", $db);
$sql = "INSERT INTO tbl_anunci (anu_contingut, anu_nom, anu_data, anu_foto, anu_tipus, raca_id, mun_id) VALUES (" . PrepSQL($anu_contingut) . ", " . PrepSQL($anu_nom) . ", " . PrepSQL($anu_data) . ", " . PrepSQL($anu_foto) . ", " . PrepSQL($anu_tipus) . ", " . PrepSQL($raca_id) . ", " . PrepSQL($mun_id) . ")";
mysqli_query($sql);
header("Location: insertar.php");
exit;
}
function PrepSQL($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote
$value = "'" . mysqli_real_escape_string($value) . "'";
return $value;
}
?>
//connect to database
if (!$db) {
die("Error connecting to MySQL database.");
}
mysql_select_db("thenovaleague", $db);
$username_check = "SELECT * FROM user WHERE username="******"<div class='alert alert-dismissible alert-danger'>\n \t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button><span class='glyphicon glyphicon-exclamation-sign' aria-hidden='true'></span>\n \t\t\t\t<strong> Oops!</strong> Username has been taken.\n\t\t\t\t</div>";
echo "<a href='signup.html' class='btn btn-primary' role='button'>TRY AGAIN</a>";
exit;
}
if ($num == 0) {
$sql = "INSERT INTO user (username, userpass, ogs_userid, rating, rank, about) VALUES (" . PrepSQL($username) . ", " . PrepSQL($password) . ", " . PrepSQL($ogs_userid) . ", " . PrepSQL($rating) . ", " . PrepSQL($rank) . ", " . PrepSQL($about) . ")";
mysql_query($sql);
echo "<div class='alert alert-dismissible alert-success'>\n <button type='butto' class='close' data-dismiss='alert'>×</button><span class='glyphicon glyphicon-ok-sign' aria-hidden='true'></span>\n <strong> Yay!</strong> Sign up successful! You'll be redirected to the homepage in 3 seconds.\n\t\t</div>";
header('Refresh:3; url=index.php');
exit;
}
} else {
echo "<div class='alert alert-dismissible alert-danger'>\n <button type='button' class='close' data-dismiss='alert'>×</button><span class='glyphicon glyphicon-exclamation-sign' aria-hidden='true'></span>\n <strong> Oh snap!</strong> There has been a failure.\n</div>";
echo "<a href='signup.html' class='btn btn-primary' role='button'>TRY AGAIN</a>";
}
}
// function: PrepSQL()
// use stripslashes and mysql_real_escape_string PHP functions
// to sanitize a string for use in an SQL query
// also puts single quotes around the string
//
if (empty($username)) {
$errorMessage .= "username";
header("location: index.php");
}
if (empty($password)) {
$errorMessage .= "password";
header("location: index.php");
}
if (empty($errorMessage)) {
$db = mysql_connect("localhost", "root", "");
//connect to database
if (!$db) {
die("Error connecting to MySQL database.");
}
mysql_select_db("thenovaleague", $db);
$sql = "SELECT * FROM user WHERE username="******" AND userpass="******"user";
$cookie_value = $username;
setcookie($cookie_name, $_COOKIE[$cookie_name] = $cookie_value, time() + 86400 * 30, "/");
header("location: profile.php");
} else {
header("location: index.php");
}
}
}
// function: PrepSQL()
// use stripslashes and mysql_real_escape_string PHP functions
