function database_add_user($username, $password, $picture, $phone) { global $mysqli; // Sanitize the variables you passed in $username = sanitize_input($username); $password = sanitize_input($password); // NOTE: Add another variable to be sanitized here: $phone = sanitize_input($phone); // Hash the password so that it is not stored in the database as plain text $password = create_hash($password); // Process the picture for putting it in the database $picture = process_picture($picture); // NOTE: modify this query to also include the newfield // Insert the new user into the database $q1 = "INSERT INTO users (username, password, picture, phone)"; $q2 = "VALUES ('{$username}','{$password}','{$picture}', '{$phone}')"; $q = $q1 . $q2; $userID = 0; if (isUsernameTaken($username) == false) { // Add the user to the database mysqli_query($mysqli, $q); // Set this userID as logged in $userID = mysqli_insert_id($mysqli); set_user_logged_in($userID, $password); } return $userID; }
switch ($cmd) { case 'login': output_header(); form_login(); output_footer(); break; case 'process_login': output_header(); process_login(); output_footer(); break; case 'publish': output_header(); form_publish(); output_footer(); break; case 'create_album': output_header(); create_album(); output_footer(); break; case 'add_picture': process_picture(); break; case 'send_reg': send_reg_file(); break; default: display_instructions(); } // switch