auctionPost.php

1. <!doctype html>
2. <?php
3. if(isset($_SESSION['status'])) {
4. echo "session running";
5. echo "<br>currently logged in: " . $_SESSION["name"] . ".<br>";
6. }
7. else
8. {
9. session_destroy();
10. header("Location: auctionLoginForm.html");
11. }
12. ?>
13. <html>
14. <head>
15. <meta charset="utf-8">
16. <title>Untitled Document</title>
17. </head>
18.  
19. <body>
20. <?php
21. function logout() {
22. session_destroy();
23. //echo "refreshing";
24. header("Location: auctionLoginForm.html");
25. }
26. if (isset($_GET['hello']))
27. {
28. logout();
29. //setcookie("user", "", time() - 3600);
30. }
31. echo "<br>currently logged in: " . $_SESSION["name"] . "<br>";
32. function sanitize($data)
33. {
34. // apply stripslashes if magic_quotes_gpc is enabled
35. if(get_magic_quotes_gpc())
36. {
37. $data = stripslashes($data);
38. }
39. return $data;
40. }
41. $postman = $_SESSION["name"];
42. $servername = "localhost";
43. $username = "playground18";
44. $password = "Cdz5SOVrY2p8fnWS";
45. $dbname = "playground18";
46. $itemname = sanitize($_GET['item']);
47. $description = sanitize($_GET['description']);
48. $price = sanitize($_GET['price']);
49. $expiration = sanitize($_GET['expiration']);
50.  
51. try {
52. $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
53. // set the PDO error mode to exception
54. $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
55. $sql = "INSERT INTO tanay_auction_items (item, description, price, poster, expiration_date)
56. VALUES ('$itemname', '$description', '$price', '$postman', '$expiration')";
57. // use exec() because no results are returned
58. $conn->exec($sql);
59. echo "New item posted successfully";
60. }
61. catch(PDOException $e)
62. {
63. echo $sql . "<br>" . $e->getMessage();
64. }
65.  
66. $conn = null;
67.  
68. ?>
69. <br><a href="auctionHome.php">back to auction home</a>
70. <br><a href='auctionPost.php?hello=true'>Logout</a>
71. </body>
72. </html>