public function SignUpUser() { $user = addslashes(trim($_POST['username'])); $psw = addslashes(trim($_POST['password'])); $fname = addslashes(trim($_POST['fname'])); $lname = addslashes(trim($_POST['lname'])); $email = addslashes(trim($_POST['email'])); $sex = addslashes(trim($_POST['sex'])); $birthday = addslashes(trim($_POST['birthday'])); $phone = addslashes(trim($_POST['phone'])); $name = addslashes(trim($_POST['nameshow'])); $address = addslashes(trim($_POST['address'])); $district = addslashes(trim($_POST['district'])); $province = addslashes(trim($_POST['province'])); $postcode = addslashes(trim($_POST['postcode'])); $sql = "INSERT INTO member "; $sql .= " VALUES(0, '{$user}' , '{$psw}' , '{$fname}' , '{$lname}' , '{$email}' , '{$sex}' , '{$birthday}' , '{$phone}')"; $db = new dbConnection(); $this->callback = $db->insert($sql); }
<?php session_start(); require_once 'dbConnection.php'; $connection = new dbConnection(); if (isset($_SESSION['UserID']) && $_SESSION['UserID'] != 0) { if ($_POST['act'] == 'plus') { $wishID = mysqli_real_escape_string($mysqli, $_POST['wishID']); $connection->insert("REPLACE INTO `WishRating` SET `WishID` = " . $_POST['wishID'] . ", `UserID`=" . $_SESSION['UserID'] . ", `PlusMinus`=1"); } elseif ($_POST['act'] == 'minus') { $connection->insert("REPLACE INTO `WishRating` SET `WishID` = " . $_POST['wishID'] . ", `UserID`=" . $_SESSION['UserID'] . ", `PlusMinus`=0"); } elseif ($_POST['act'] == 'setNull') { $connection->insert("DELETE FROM `WishRating` WHERE `WishID` = " . $_POST['wishID'] . " AND `UserID`=" . $_SESSION['UserID']); } echo true; } else { echo false; }
require_once 'dbConnection.php'; $connection = new dbConnection(); $email = $connection->escape($_POST['email']); $pass = $connection->escape($_POST['pass']); $fname = $connection->escape($_POST['fname']); $lname = $connection->escape($_POST['lname']); $phone = $connection->escape($_POST['phone']); $err = 0; # проверяем, не сущестует ли пользователя с таким именем $result = $connection->select("SELECT COUNT(UserID) FROM Users WHERE Email='" . $email . "'"); $row = $result->fetch_row(); if ($row[0] !== 0) { $err = 1; } //"Пользователь с таким логином уже существует в базе данных" if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $err = 2; } //" invalid emailaddress # Если нет ошибок, то добавляем в БД нового пользователя if ($err == 0) { $result = $connection->insert("INSERT INTO `Users`(`Email`, `Password`, `FirstName`, `LastName`, `Phone`) VALUES ('" . $email . "','" . $pass . "','" . $fname . "','" . $lname . "','" . $phone . "')"); if ($result != 0) { echo 0; session_regenerate_id(); $_SESSION['UserID'] = $connection->getLastInsertedID(); $_SESSION['Login'] = $email; } } else { echo $err; }