<p><label for="lastname">Last name:</label><br /> <input type="text" id="lastname" name="lastname"></p> <button type="submit" name="form" value="submit">Go</button> </form> <br /> <?php if (isset($_GET["firstname"]) && isset($_GET["lastname"])) { $firstname = $_GET["firstname"]; $lastname = $_GET["lastname"]; if ($firstname == "" or $lastname == "") { echo "<font color=\"red\">Please enter both fields...</font>"; } else { echo "Welcome " . htmli($firstname) . " " . htmli($lastname); } } ?> </div> <div id="side"> <a href="http://twitter.com/MME_IT" target="blank_" class="button"><img src="./images/twitter.png"></a> <a href="http://be.linkedin.com/in/malikmesellem" target="blank_" class="button"><img src="./images/linkedin.png"></a> <a href="http://www.facebook.com/pages/MME-IT-Audits-Security/104153019664877" target="blank_" class="button"><img src="./images/facebook.png"></a> <a href="http://itsecgames.blogspot.com" target="blank_" class="button"><img src="./images/blogger.png"></a> </div>
case "1": $data = sqli_check_3($link, $data); // $data = xss_check_4($data); break; case "2": $data = sqli_check_3($link, $data); // $data = xss_check_3($data); break; default: $data = sqli_check_3($link, $data); break; } return $data; } if (isset($_POST["entry_add"])) { $entry = htmli($_POST["entry"]); $owner = $_SESSION["login"]; if ($entry == "") { $message = "<font color=\"red\">Please enter some text...</font>"; } else { $sql = "INSERT INTO blog (date, entry, owner) VALUES (now(),'" . $entry . "','" . $owner . "')"; $recordset = $link->query($sql); if (!$recordset) { die("Error: " . $link->error . "<br /><br />"); } // Debugging // echo $sql; $message = "<font color=\"green\">Your entry was added to our blog!</font>"; } } else { if (isset($_POST["entry_delete"])) {