diff options
| author | Kyle Kaminski <kyle@kkaminsk.com> | 2013-06-16 03:25:26 -0500 |
|---|---|---|
| committer | Kyle Kaminski <kyle@kkaminsk.com> | 2013-06-16 03:25:26 -0500 |
| commit | 1bad4fc00814e2c03ecadaa7faf93c6372f5bd30 (patch) | |
| tree | 88104590feefcb804f5fa0ca57ee1a6c76cbf0a7 /insert.php | |
| download | phpsandbox-1bad4fc00814e2c03ecadaa7faf93c6372f5bd30.tar.gz phpsandbox-1bad4fc00814e2c03ecadaa7faf93c6372f5bd30.tar.bz2 phpsandbox-1bad4fc00814e2c03ecadaa7faf93c6372f5bd30.zip | |
initial commit
Diffstat (limited to 'insert.php')
| -rw-r--r-- | insert.php | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/insert.php b/insert.php new file mode 100644 index 0000000..f3c9652 --- /dev/null +++ b/insert.php @@ -0,0 +1,75 @@ +<?php
+ error_reporting(E_ALL | E_STRICT);
+ ini_set("display_errors", 1);
+
+ /* create connection */
+ $connection = mysql_connect("localhost", "sandbox", "brotato333");
+ if (!$connection)
+ die("Could not connect to the database: " . mysql_error());
+
+ /* once you get the handle, select a database to use */
+ $db_select = mysql_select_db("sandbox", $connection);
+ if (!$db_select)
+ die("Failed to select a database: " . mysql_error());
+?>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Hacker's Corner</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<h2>Fire fire fire!</h2>
+<?php
+ $menu_name = mysql_real_escape_string($_POST['menu_name']);
+ $position = mysql_real_escape_string($_POST['position']);
+ $visible = $_POST['visible'];
+
+ $requirements = array("menu_name" => 30);
+ if (empty($menu_name) || !validation($requirements, $_POST) || !isset($_POST['visible'])) /* visible is a boolean AFAIK */
+ {
+ header("Location: forms.php");
+ exit;
+ }
+
+ /* string needs single quotes */
+ $query = "insert into subjects (
+ menu_name, position, visible
+ ) VALUES (
+ '{$menu_name}', {$position}, {$visible}
+ )";
+
+ $result = mysql_query($query, $connection);
+ if ($result)
+ {
+ header("Location: fetch.php");
+ exit;
+ }
+ else
+ {
+ echo "<p>Subject creation failed.</p>\n";
+ echo "<p>" . mysql_error() . "</p>\n";
+ }
+
+ /* kinda went freestyle, check to make sure not overflow the sql */
+ function validation($rules, $source)
+ {
+ foreach ($rules as $rule => $max_length)
+ {
+ if (strlen($source[$rule]) > $max_length)
+ {
+ echo "{$rule} is over {$max_length} characters long!<br />\n";
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ mysql_close($connection);
+?>
+</body>
+</html>
+
|