25 lines
1.3 KiB
PHP
25 lines
1.3 KiB
PHP
<?php
|
|
|
|
if( isset( $_POST[ 'btnSign' ] ) ) {
|
|
// Get input
|
|
$message = trim( $_POST[ 'mtxMessage' ] );
|
|
$name = trim( $_POST[ 'txtName' ] );
|
|
|
|
// Sanitize message input
|
|
$message = strip_tags( addslashes( $message ) );
|
|
$message = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $message ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
|
|
$message = htmlspecialchars( $message );
|
|
|
|
// Sanitize name input
|
|
$name = preg_replace( '/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t/i', '', $name );
|
|
$name = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $name ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
|
|
|
|
// Update database
|
|
$query = "INSERT INTO guestbook ( comment, name ) VALUES ( '$message', '$name' );";
|
|
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
|
|
|
|
//mysql_close();
|
|
}
|
|
|
|
?>
|