forked from SecareLupus/fc_pos
-
Notifications
You must be signed in to change notification settings - Fork 0
/
submitquote.php
51 lines (44 loc) · 1.21 KB
/
submitquote.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
// submitquote.php
// allows any user with reg authority to add quotes
include('funcs.inc');
include('header.php');
$cxn = open_stream();
if($_SESSION['reg'] != 1)
{
echo "You need Register Permission to add quotes.<p>";
include('footer.php');
die();
}
if(strlen($_POST['quote']) > 5)
{
$quote = strip_tags($_POST['quote']);
$quote = ereg_replace("\n", "<br>", $quote);
$stmt = $cxn->prepare("INSERT INTO quotes (quote, author) VALUES (?,?)");
$stmt->bind_param("sd", $quote, $_SESSION['ID']);
if($stmt->execute())
{
echo "Quote Submitted<br>$quote<hr>";
}
else
{
echo "Error submitting quote<hr>";
}
}
echo "<h1>Submit Quote</h1><br>
These quotes will go on the main page, and we keep track of who entered them, so don't be stupid.<br>
<form action='submitquote.php' method='post'>
Quote:<br>
<textarea rows=5 cols=40 name='quote'></textarea><br>
<input name='submit' value='submit' type='submit'>
</form><hr>";
echo "<h2>Quotes in database</h2><br>";
$sql = "SELECT quote FROM quotes";
$result = query($cxn, $sql);
while($row = mysqli_fetch_assoc($result))
{
extract($row);
echo "$quote<hr>";
}
include('footer.php');
?>