Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!doctype html>
- <?php
- if(isset($_SESSION['status'])) {
- echo "session running";
- echo "<br>currently logged in: " . $_SESSION["name"] . ".<br>";
- }
- else
- {
- session_destroy();
- header("Location: auctionLoginForm.html");
- }
- ?>
- <html>
- <head>
- <meta charset="utf-8">
- <title>Untitled Document</title>
- </head>
- <body>
- <?php
- function logout() {
- session_destroy();
- //echo "refreshing";
- header("Location: auctionLoginForm.html");
- }
- if (isset($_GET['hello']))
- {
- logout();
- //setcookie("user", "", time() - 3600);
- }
- echo "<br>currently logged in: " . $_SESSION["name"] . "<br>";
- function sanitize($data)
- {
- // apply stripslashes if magic_quotes_gpc is enabled
- if(get_magic_quotes_gpc())
- {
- $data = stripslashes($data);
- }
- return $data;
- }
- $postman = $_SESSION["name"];
- $servername = "localhost";
- $username = "playground18";
- $password = "Cdz5SOVrY2p8fnWS";
- $dbname = "playground18";
- $itemname = sanitize($_GET['item']);
- $description = sanitize($_GET['description']);
- $price = sanitize($_GET['price']);
- $expiration = sanitize($_GET['expiration']);
- try {
- $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
- // set the PDO error mode to exception
- $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $sql = "INSERT INTO tanay_auction_items (item, description, price, poster, expiration_date)
- VALUES ('$itemname', '$description', '$price', '$postman', '$expiration')";
- // use exec() because no results are returned
- $conn->exec($sql);
- echo "New item posted successfully";
- }
- catch(PDOException $e)
- {
- echo $sql . "<br>" . $e->getMessage();
- }
- $conn = null;
- ?>
- <br><a href="auctionHome.php">back to auction home</a>
- <br><a href='auctionPost.php?hello=true'>Logout</a>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement