From 1bad4fc00814e2c03ecadaa7faf93c6372f5bd30 Mon Sep 17 00:00:00 2001
From: Kyle Kaminski <kyle@kkaminsk.com>
Date: Sun, 16 Jun 2013 03:25:26 -0500
Subject: initial commit

---
 insert.php | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 insert.php

(limited to 'insert.php')

diff --git a/insert.php b/insert.php
new file mode 100644
index 0000000..f3c9652
--- /dev/null
+++ b/insert.php
@@ -0,0 +1,75 @@
+<?php
+    error_reporting(E_ALL | E_STRICT);
+    ini_set("display_errors", 1);
+
+    /* create connection */
+    $connection = mysql_connect("localhost", "sandbox", "brotato333");
+    if (!$connection)
+        die("Could not connect to the database: " . mysql_error());
+
+    /* once you get the handle, select a database to use */
+    $db_select = mysql_select_db("sandbox", $connection);
+    if (!$db_select)
+        die("Failed to select a database: " . mysql_error());
+?>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Hacker's Corner</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<h2>Fire fire fire!</h2>
+<?php
+    $menu_name = mysql_real_escape_string($_POST['menu_name']);
+    $position = mysql_real_escape_string($_POST['position']);
+    $visible = $_POST['visible'];
+
+    $requirements = array("menu_name" => 30);
+    if (empty($menu_name) || !validation($requirements, $_POST) || !isset($_POST['visible'])) /* visible is a boolean AFAIK */
+    {
+        header("Location: forms.php");
+        exit;
+    }
+
+    /* string needs single quotes */
+    $query = "insert into subjects (
+                menu_name, position, visible
+            ) VALUES (
+                '{$menu_name}', {$position}, {$visible}
+            )";
+
+    $result = mysql_query($query, $connection);
+    if ($result)
+    {
+        header("Location: fetch.php");
+        exit;
+    }
+    else
+    {
+        echo "<p>Subject creation failed.</p>\n";
+        echo "<p>" . mysql_error() . "</p>\n";
+    }
+
+    /* kinda went freestyle, check to make sure not overflow the sql */
+    function validation($rules, $source)
+    {
+        foreach ($rules as $rule => $max_length)
+        {
+            if (strlen($source[$rule]) > $max_length)
+            {
+                echo "{$rule} is over {$max_length} characters long!<br />\n";
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    mysql_close($connection);
+?>
+</body>
+</html>
+
-- 
cgit v1.2.3