PHP

1. <?php
2.  
3.    function query( $sql, $params = null )
4.     {
5.  $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
6.     // set the PDO error mode to exception
7.     $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
8.         if ( $params ) {
9.  
10.             $stmt   = $dbConn->prepare( $sql );
11.             $stmt->execute( $params );
12.             $result = $stmt;
13.         }
14.         else {
15.             $result = $dbConn->query( $sql );
16.         }
17.  
18.         return $result;
19.  
20.     }
21.  
22.   $to = 'tancerz1@o2.pl';
23.   $subj = 'Wiadomość od użytkownika Carmen Studio Tańca';
24.   $form_fields = array('name', 'email', 'message');
25.  
26.   include 'includes/db.php';
27.   if(isset($_POST['submit_form'])){
28.  
29.     foreach ($form_fields as $field) {
30.     $form[$field] = htmlspecialchars($_POST[$field]);
31.   }
32.  
33.     $message = "Imię i Nazwisko: " . $form['name'] . "\n";
34.     $message .= "Email: " . $form['email'] . "\n";
35.     $message .= "Wiadomość: " . $form['message'];
36.  
37.     $headers = "From: www.studiocarmen.pl <tancerz1@o2.pl>\r\n";
38.     $headers .= "X-Sender: <tancerz1@o2.pl>";
39.  
40.     mail($to, $subj, $message, $headers);
41.  
42.     $ins_sql = query("INSERT INTO Users (name, email, message) VALUES (name=:name, email=:email, message=:message)",array('name'=>$_POST[name],'email'=> $_POST[email],'message'=> $_POST[message]));
43.     $run_sql = mysqli_query($conn, $ins_sql);
44.   } else {
45.     foreach ($form_fields as $field) {
46.     $form[$field] = '';
47.     }
48.   }
49.  
50.  
51.  
52.  ?>