<?php if ($_POST['author'] != "" && $_POST['secretword'] != "" && $_POST['text

1. <?php
2.     if ($_POST['author'] != "" && $_POST['secretword'] != "" && $_POST['text'] != "")
3.     {
4.         $author = $_POST['author'];
5.         $password = $_POST['secretword'];
6.         $text = $_POST['text'];
7.        
8.         $con = mysql_connect('localhost', '313795_postmkr', '*U4WAqUb#264@pA');
9.         if (!$con)
10.         {
11.             die('Could not connect to database. MySQL error: ' . mysql_error());
12.         }
13.        
14.         $db = mysql_select_db('xura_zxq_main', $con);
15.         $result = mysql_query('SELECT * FROM xuradev WHERE Username==' . $author . 'AND Password==' . md5($password));
16.         if (!$result)
17.         {
18.             die('That username/password does not exist!');
19.         }
20.        
21.         $result = mysql_query('SELECT PostID FROM xurablog ORDER BY PostID DESC LIMIT 1');
22.         $idarray = mysql_fetch_array($result);
23.        
24.         $result = mysql_query('INSERT INTO xurablog VALUES (' . $idarray['id'] + 1 . ', ' . $author . ', ' . date("d.m.y") . ', ' . $text);
25.         if (!$result)
26.         {
27.             die("Could not post your new blog post! MySQL error: " . mysql_error());
28.         }
29.     }
30. ?>