<?php
include_once 'db_conn.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_SESSION["user_id"];
$title = $_POST['title'];
$title = pg_real_escape_string($username);
$title = strip_tags($title);
$ts = new DateTime();
$content = $_POST['content'];
$content = pg_real_escape_string($content);
$content = strip_tags($content);
$password = $_POST['password'];
$pwd = md5($password);
$query = "INSERT INTO question_forum(ts, asker, title, content) VALUES ('{$ts}', '{$username}', '{$title}', '{$content}')";
$result = pg_query($query);
}
<?php
require_once "config.php";
$auth_host = $GLOBALS['auth_host'];
$auth_user = $GLOBALS['auth_user'];
$auth_pass = $GLOBALS['auth_pass'];
$auth_dbase = $GLOBALS['auth_dbase'];
$db = pg_connect($auth_host, $auth_user, $auth_pass) or die(pg_error());
pg_select_db($auth_dbase, $db);
$username = pg_real_escape_string($_POST['name']);
$password = pg_real_escape_string($_POST['password']);
$email = pg_real_escape_string($_POST['email']);
$sql = pg_query("SELECT * FROM account WHERE user = '******'");
$rows = pg_num_rows($sql);
if ($rows > 0) {
echo "false";
} else {
$activation = md5(uniqid(rand(), true));
pg_query("INSERT INTO account(user,password,email) VALUES ('{$username}',MD5('" . $password . "'),'{$email}')");
echo "true";
}
pg_close($db);
?>
public function sql_real_escape_string($data)
{
return pg_real_escape_string($this->link, $data);
}
<?php
require_once "config.php";
$auth_host = $GLOBALS['auth_host'];
$auth_user = $GLOBALS['auth_user'];
$auth_pass = $GLOBALS['auth_pass'];
$auth_dbase = $GLOBALS['auth_dbase'];
$db = pg_connect($auth_host, $auth_user, $auth_pass) or die(pg_error());
pg_select_db($auth_dbase, $db);
$user_name = pg_real_escape_string($_POST['name']);
$user_password = pg_real_escape_string($_POST['password']);
$sql = pg_query("SELECT * FROM account WHERE (user = '******' AND password = MD5('" . $user_password . "')) ") or die(pg_error());
$rows = pg_num_rows($sql);
if ($rows > 0) {
echo "true";
} else {
echo "false";
}
pg_close($db);
?>