protected function cleanAndPost()
{
for ($n = 0; $n < count($this->message_information); $n++) {
//clean left and white white space, escape the string for the Database
$this->message_information[$n] = Sanitize::prepForDatabase(Sanitize::clearWhiteSpaceLR($this->message_information[$n]));
}
$d = new Database();
$d->open('hacker_blog');
//check for duplicates
$chx = $d->q("SELECT * FROM user_messages WHERE user_messages.message = '{$this->message_information[2]}'");
if ($chx && $d->numrows() <= 0) {
// id in the messages field is for the user's uid or user_id, depending on how you are moving forward with your code
$s = $d->q("INSERT into user_messages\n\t\t\t\t \t\t(user_message_id,first_name,last_name,id,message,type,added_on) VALUES\n\t\t\t\t\t\t(NULL,'{$this->message_information[0]}','{$this->message_information[1]}',NULL,'{$this->message_information[2]}','{$this->type}',now())");
if ($s) {
//echo 'made it through gauntlet. Added info into Database.';
$this->passed = true;
} else {
$this->passed = false;
}
} else {
//echo 'You have already made a comment like this.';
$this->passed = false;
}
$d->close();
//print_r($this->message_information);
}
<?php
require_once '../blog/includes/session.php';
require_once '../blog/classes/clsDatabase.php';
require_once '../blog/classes/clsSanitize.php';
if ($_POST['login']) {
//print_r($_POST);
// sanitize
$login = Sanitize::clearWhiteSpaceLR($_POST['login']);
//$password = Sanitize::clearWhiteSpaceLR($_POST['password']);
$password = strtolower(Sanitize::clearWhiteSpaceLR($_POST['password']));
//echo $login.' '.$password;
// test if in Database as well
$d = new Database();
$d->open('hacker_blog');
$s = $d->q("SELECT * FROM user WHERE user.username = '******' AND user.password = sha1('{$password}') LIMIT 0,1");
if ($s && $d->numrows() > 0) {
//mysql fetch assoc
$info = $d->mfa();
//print_r($info);
//$info = associative array
$_SESSION['loggedin'] = true;
// concat first and last name
$name = $info['user_first_name'] . ' ' . $info['user_last_name'];
//echo "NAME: $name";
$_SESSION['loggedin'] = true;
$_SESSION['user_full_name'] = $name;
$_SESSION['user_quick_name'] = $info['user_first_name'];
$_SESSION['user_id'] = $info['id'];
//echo '<a href="/week_eight/secret_loggedin_area.php">Manual Override</a>';
header("Location: /week_eight/secret_loggedin_area.php");
<?php
//main application methods
require_once 'classes/clsNavigation.php';
require_once 'classes/clsSanitize.php';
//require_once 'helpers/application_helper.php';//used for some neat tricks and what not (db side of things!)
$nav = new Navigation();
$simple_navigation = "<ul><li><a href=\"javascript:void(0);\">Action</a></li></ul>";
//$new = $nav->createNavigation("Box Office", "/blog/box_office", 1,2);
//use php to have gui access to your database
$bad_string = " chicken little ";
// good string
$good = Sanitize::clearWhiteSpaceLR($bad_string);
if (Sanitize::checkSize($good)) {
echo 'Our Word has passed the length test';
}
if (Sanitize::isEmailFormat('*****@*****.**')) {
echo 'Your Email is valid';
}
