public function SignUpUser()
{
$user = addslashes(trim($_POST['username']));
$psw = addslashes(trim($_POST['password']));
$fname = addslashes(trim($_POST['fname']));
$lname = addslashes(trim($_POST['lname']));
$email = addslashes(trim($_POST['email']));
$sex = addslashes(trim($_POST['sex']));
$birthday = addslashes(trim($_POST['birthday']));
$phone = addslashes(trim($_POST['phone']));
$name = addslashes(trim($_POST['nameshow']));
$address = addslashes(trim($_POST['address']));
$district = addslashes(trim($_POST['district']));
$province = addslashes(trim($_POST['province']));
$postcode = addslashes(trim($_POST['postcode']));
$sql = "INSERT INTO member ";
$sql .= " VALUES(0, '{$user}' , '{$psw}' , '{$fname}' , '{$lname}' , '{$email}' , '{$sex}' , '{$birthday}' , '{$phone}')";
$db = new dbConnection();
$this->callback = $db->insert($sql);
}
<?php
session_start();
require_once 'dbConnection.php';
$connection = new dbConnection();
if (isset($_SESSION['UserID']) && $_SESSION['UserID'] != 0) {
if ($_POST['act'] == 'plus') {
$wishID = mysqli_real_escape_string($mysqli, $_POST['wishID']);
$connection->insert("REPLACE INTO `WishRating` SET `WishID` = " . $_POST['wishID'] . ", `UserID`=" . $_SESSION['UserID'] . ", `PlusMinus`=1");
} elseif ($_POST['act'] == 'minus') {
$connection->insert("REPLACE INTO `WishRating` SET `WishID` = " . $_POST['wishID'] . ", `UserID`=" . $_SESSION['UserID'] . ", `PlusMinus`=0");
} elseif ($_POST['act'] == 'setNull') {
$connection->insert("DELETE FROM `WishRating` WHERE `WishID` = " . $_POST['wishID'] . " AND `UserID`=" . $_SESSION['UserID']);
}
echo true;
} else {
echo false;
}
require_once 'dbConnection.php';
$connection = new dbConnection();
$email = $connection->escape($_POST['email']);
$pass = $connection->escape($_POST['pass']);
$fname = $connection->escape($_POST['fname']);
$lname = $connection->escape($_POST['lname']);
$phone = $connection->escape($_POST['phone']);
$err = 0;
# проверяем, не сущестует ли пользователя с таким именем
$result = $connection->select("SELECT COUNT(UserID) FROM Users WHERE Email='" . $email . "'");
$row = $result->fetch_row();
if ($row[0] !== 0) {
$err = 1;
}
//"Пользователь с таким логином уже существует в базе данных"
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$err = 2;
}
//" invalid emailaddress
# Если нет ошибок, то добавляем в БД нового пользователя
if ($err == 0) {
$result = $connection->insert("INSERT INTO `Users`(`Email`, `Password`, `FirstName`, `LastName`, `Phone`) VALUES ('" . $email . "','" . $pass . "','" . $fname . "','" . $lname . "','" . $phone . "')");
if ($result != 0) {
echo 0;
session_regenerate_id();
$_SESSION['UserID'] = $connection->getLastInsertedID();
$_SESSION['Login'] = $email;
}
} else {
echo $err;
}
