Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $error = false;
- // FUNCTION TO CLEAN SQL INJECTIONS FROM POST DATA
- function clean($value){
- if ( get_magic_quotes_gpc() ){
- $value = stripslashes($value);
- }
- return mysql_real_escape_string($value);
- }
- if($_SERVER['REQUEST_METHOD'] == "POST"){
- // CONNECT DATABASE
- $db = new PDO('mysql:host=127.0.0.1;dbname=mysql_table', 'mysql_user', 'mysql_pass');
- //CHECK IF USER HAS FILLED BOTH FIELDS
- if(isset($_POST['var1']) && isset($_POST['var2'])){
- //CLEAN SQL INJECTION ATTEMPTS
- $var1 = clean($_POST['var1']);
- $var2 = clean($_POST['var2']);
- $link = $db->prepare("INSERT INTO user_data(var1, var2) VALUES(:v1, :v2)");
- $link->execute(array('v1' => $var1, 'v2' => $var2));
- $link = $db->prepare("SELECT * FROM user_data ORDER BY id DESC LIMIT 1");
- $link->execute();
- $data = $link->fetchAll();
- if(count($data) > 0){
- $id = $data[0]['id'];
- header('location: http://yourSite.com/'.$id);
- }
- }else{
- // USER DIDNT FILL BOTH FIELDS, SEND ERROR MESSAGE
- $error = true;
- $error_message = "Missing values";
- }
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- </head>
- <body>
- </body>
- <?php
- if($error){
- echo '<p>'.$error_message.'</p>';
- }
- ?>
- <form method="POST">
- <input type="text" name="var1" />
- <input type="text" name="var2" />
- <input type="submit" value="submit" />
- </form>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
