Exemplo n.º 1
0
//    $link,
//    $host,
//    $user,
//    $password,
//    $db,
//    $port
// );
// // echo $success;
// mysqli_query($link,"SET NAMES utf8");
$title = $_POST['title'];
$director = $_POST['director'];
$rating = $_POST['rating'];
$year = $_POST['year'];
$length = $_POST['length'];
$boxOffice = $_POST['boxOffice'];
$sql = "INSERT INTO Movies  (`title`, `director`, `year`, `rating`, `length`, `boxOffice`) VALUES (" . sqlPreprocess($title) . ", " . sqlPreprocess($director) . ", " . sqlPreprocess($year) . ", " . sqlPreprocess($rating) . ", " . sqlPreprocess($length) . ", " . sqlPreprocess($boxOffice) . ")";
$result = mysqli_query($link, $sql);
echo $result;
echo '<script type="text/javascript">
           window.location = "index.html"</script>';
function sqlPreprocess($origin)
{
    if (get_magic_quotes_gpc()) {
        $origin = stripslashes($origin);
    }
    $origin = "'" . mysql_real_escape_string($origin) . "'";
    return $origin;
}
?>

  </tbody>
Exemplo n.º 2
0
<body>

   <?php 
$user = '******';
$password = '';
$db = 'movie';
$host = 'localhost';
$port = 3306;
$link = mysqli_init();
$success = mysqli_real_connect($link, $host, $user, $password, $db, $port);
// echo $success;
mysqli_query($link, "SET NAMES utf8");
$movieTitle = $_POST['movieTitle'];
$review = $_POST['review'];
$reviewerName = $_POST['reviewerName'];
$sql = "INSERT INTO Reviews  (`movieTitle`, `reviewerName`, `review`) VALUES (" . sqlPreprocess($movieTitle) . ", " . sqlPreprocess($reviewerName) . ", " . sqlPreprocess($review) . ")";
$result = mysqli_query($link, $sql);
echo $result;
echo '<script type="text/javascript">
           window.location = "index.html"</script>';
function sqlPreprocess($origin)
{
    if (get_magic_quotes_gpc()) {
        $origin = stripslashes($origin);
    }
    $origin = "'" . mysql_real_escape_string($origin) . "'";
    return $origin;
}
?>

  </tbody>
Exemplo n.º 3
0
        echo $key;
        echo "</td>";
        echo "<td>";
        if ($key == "length)") {
            echo " minutes";
        }
        echo $row[$value];
        echo "</td>";
        echo "</tr>";
    }
    echo '</table>';
    // echo $row['rate'];
    // echo $row['Driver.carId'];
}
// echo "good";
$sql = "select * from Reviews where  movieTitle = " . sqlPreprocess($movieTitle);
// echo $sql;
if ($result = mysqli_query($link, $sql)) {
    while ($row = mysqli_fetch_assoc($result)) {
        echo "<p>";
        echo $row['review'];
        echo "</p>";
    }
    mysqli_free_result($result);
}
function sqlPreprocess($origin)
{
    if (get_magic_quotes_gpc()) {
        $origin = stripslashes($origin);
    }
    $origin = "'" . mysql_real_escape_string($origin) . "'";