} if ($_POST['formSubmit'] == "Submit") { $varAnu_contenido = $_POST['anu_contingut']; $varAnu_nom = $_POST['anu_nom']; $varData_nom = $_POST['anu_data']; $varAnu_foto = $_POST['anu_foto']; $varAnu_tipus = $_POST['anu_tipus']; $varRaca_id = $_POST['raca_id']; $varMun_id = $_POST['mun_id']; } $db = mysqli_connect("localhost", "root", ""); if (!$db) { die("Error connecting to MySQL database."); } mysqli_select_db("bd_botiga_animals", $db); $sql = "INSERT INTO tbl_anunci (anu_contingut, anu_nom, anu_data, anu_foto, anu_tipus, raca_id, mun_id) VALUES (" . PrepSQL($anu_contingut) . ", " . PrepSQL($anu_nom) . ", " . PrepSQL($anu_data) . ", " . PrepSQL($anu_foto) . ", " . PrepSQL($anu_tipus) . ", " . PrepSQL($raca_id) . ", " . PrepSQL($mun_id) . ")"; mysqli_query($sql); header("Location: insertar.php"); exit; } function PrepSQL($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote $value = "'" . mysqli_real_escape_string($value) . "'"; return $value; } ?>
//connect to database if (!$db) { die("Error connecting to MySQL database."); } mysql_select_db("thenovaleague", $db); $username_check = "SELECT * FROM user WHERE username="******"<div class='alert alert-dismissible alert-danger'>\n \t\t\t\t<button type='button' class='close' data-dismiss='alert'>×</button><span class='glyphicon glyphicon-exclamation-sign' aria-hidden='true'></span>\n \t\t\t\t<strong> Oops!</strong> Username has been taken.\n\t\t\t\t</div>"; echo "<a href='signup.html' class='btn btn-primary' role='button'>TRY AGAIN</a>"; exit; } if ($num == 0) { $sql = "INSERT INTO user (username, userpass, ogs_userid, rating, rank, about) VALUES (" . PrepSQL($username) . ", " . PrepSQL($password) . ", " . PrepSQL($ogs_userid) . ", " . PrepSQL($rating) . ", " . PrepSQL($rank) . ", " . PrepSQL($about) . ")"; mysql_query($sql); echo "<div class='alert alert-dismissible alert-success'>\n <button type='butto' class='close' data-dismiss='alert'>×</button><span class='glyphicon glyphicon-ok-sign' aria-hidden='true'></span>\n <strong> Yay!</strong> Sign up successful! You'll be redirected to the homepage in 3 seconds.\n\t\t</div>"; header('Refresh:3; url=index.php'); exit; } } else { echo "<div class='alert alert-dismissible alert-danger'>\n <button type='button' class='close' data-dismiss='alert'>×</button><span class='glyphicon glyphicon-exclamation-sign' aria-hidden='true'></span>\n <strong> Oh snap!</strong> There has been a failure.\n</div>"; echo "<a href='signup.html' class='btn btn-primary' role='button'>TRY AGAIN</a>"; } } // function: PrepSQL() // use stripslashes and mysql_real_escape_string PHP functions // to sanitize a string for use in an SQL query // also puts single quotes around the string //
if (empty($username)) { $errorMessage .= "username"; header("location: index.php"); } if (empty($password)) { $errorMessage .= "password"; header("location: index.php"); } if (empty($errorMessage)) { $db = mysql_connect("localhost", "root", ""); //connect to database if (!$db) { die("Error connecting to MySQL database."); } mysql_select_db("thenovaleague", $db); $sql = "SELECT * FROM user WHERE username="******" AND userpass="******"user"; $cookie_value = $username; setcookie($cookie_name, $_COOKIE[$cookie_name] = $cookie_value, time() + 86400 * 30, "/"); header("location: profile.php"); } else { header("location: index.php"); } } } // function: PrepSQL() // use stripslashes and mysql_real_escape_string PHP functions