<?php

include_once 'db_conn.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $username = $_SESSION["user_id"];
    $title = $_POST['title'];
    $title = pg_real_escape_string($username);
    $title = strip_tags($title);
    $ts = new DateTime();
    $content = $_POST['content'];
    $content = pg_real_escape_string($content);
    $content = strip_tags($content);
    $password = $_POST['password'];
    $pwd = md5($password);
    $query = "INSERT INTO question_forum(ts, asker, title, content) VALUES ('{$ts}', '{$username}', '{$title}', '{$content}')";
    $result = pg_query($query);
}
Exemplo n.º 2
0
<?php

require_once "config.php";
$auth_host = $GLOBALS['auth_host'];
$auth_user = $GLOBALS['auth_user'];
$auth_pass = $GLOBALS['auth_pass'];
$auth_dbase = $GLOBALS['auth_dbase'];
$db = pg_connect($auth_host, $auth_user, $auth_pass) or die(pg_error());
pg_select_db($auth_dbase, $db);
$username = pg_real_escape_string($_POST['name']);
$password = pg_real_escape_string($_POST['password']);
$email = pg_real_escape_string($_POST['email']);
$sql = pg_query("SELECT * FROM account WHERE user = '******'");
$rows = pg_num_rows($sql);
if ($rows > 0) {
    echo "false";
} else {
    $activation = md5(uniqid(rand(), true));
    pg_query("INSERT INTO account(user,password,email) VALUES ('{$username}',MD5('" . $password . "'),'{$email}')");
    echo "true";
}
pg_close($db);
?>
 
 
Exemplo n.º 3
0
 public function sql_real_escape_string($data)
 {
     return pg_real_escape_string($this->link, $data);
 }
Exemplo n.º 4
0
<?php

require_once "config.php";
$auth_host = $GLOBALS['auth_host'];
$auth_user = $GLOBALS['auth_user'];
$auth_pass = $GLOBALS['auth_pass'];
$auth_dbase = $GLOBALS['auth_dbase'];
$db = pg_connect($auth_host, $auth_user, $auth_pass) or die(pg_error());
pg_select_db($auth_dbase, $db);
$user_name = pg_real_escape_string($_POST['name']);
$user_password = pg_real_escape_string($_POST['password']);
$sql = pg_query("SELECT * FROM account WHERE (user = '******' AND password = MD5('" . $user_password . "')) ") or die(pg_error());
$rows = pg_num_rows($sql);
if ($rows > 0) {
    echo "true";
} else {
    echo "false";
}
pg_close($db);
?>