Location: PHPKode > projects > Guestbook! > guestbook/post.php
<?php
include_once( "./inc/nocache.inc" );
include_once( "./dbopen.php" );
include_once( "./common.php" );

 if ($isSecurityImage) {
     session_start();

     if (!isset($_SESSION["SecurityCode"])) {
         //echo("Íåò íåîáõîäèìîé ñåññèîííîé ïåðåìåííîé !");
	 header("Location: ".$URL."?status=errorcode");
         exit();
     }
 }

 $USER_NAME=((!isset($_POST["USER_NAME"]))?"":trim($_POST["USER_NAME"]));
 $EMAIL=((!isset($_POST["EMAIL"]))?"":trim($_POST["EMAIL"]));
 $HREF=((!isset($_POST["HREF"]))?"":trim($_POST["HREF"]));
 $CONTENT=((!isset($_POST["CONTENT"]))?"":trim($_POST["CONTENT"]));
 $URL=((!isset($_POST["url"]))?"":trim($_POST["url"]));
 $securitycode=((!isset($_POST["securitycode"]))?"":strtoupper(trim($_POST["securitycode"])));

 if ($isSecurityImage) {
    if (!isset($_SESSION["SecurityCode"]) || $_SESSION["SecurityCode"] != $securitycode) {
	header("Location: ".$URL."?status=errorcode");
	exit();
    }
 }

 if ($Moderate == 1) 
     $pub = 0;
 else 
     $pub = 1;

 if ( get_magic_quotes_gpc() == 1 ) {
	 $USER_NAME = stripslashes($USER_NAME);
	 $EMAIL = stripslashes($EMAIL);
 	 $HREF = stripslashes($HREF);
	 $CONTENT = stripslashes($CONTENT);
 }
	 if (strlen($CONTENT) > 8096) { $CONTENT = substr($CONTENT, 0, 8096); }
	 if (strlen($USER_NAME) > 30) { $USER_NAME = substr($USER_NAME, 0, 30); }
	 if (strlen($HREF) > 70) { $HREF = substr($HREF, 0, 70); }
	 if (strlen($EMAIL) > 50) { $EMAIL = substr($EMAIL, 0, 50); }

 	 $USER_NAME = addslashes(htmlspecialchars($USER_NAME));
	 $EMAIL = addslashes(htmlspecialchars($EMAIL));
 	 $HREF = addslashes(htmlspecialchars($HREF));
	 $CONTENT = addslashes(htmlspecialchars($CONTENT));

 $REMOTE = addslashes(htmlspecialchars(getenv('REMOTE_ADDR')));
 $USER_AGENT = addslashes(htmlspecialchars(getenv('HTTP_USER_AGENT')));

 if ($HREF == "") 
	   $HREF = "http://";
	
 if (!eregi("^http://", $HREF)) 
           $HREF = "http://" . $HREF;

 if ($USER_NAME != "" && $CONTENT != "") {
    
	$sSQL = "SELECT MAX(num) AS mx FROM guestbook";
	$result = mysql_query($sSQL, $link);
	$row = mysql_fetch_array($result);
	$num = $row["mx"];
	if ($num == "")
	    $num = 0;

	$num++;
    
	$sSQL = "INSERT INTO guestbook (issuedate, content, user_name, email, href, remote_addr, user_agent, publication, num) VALUES 
		  (now(), '$CONTENT', '$USER_NAME', '$EMAIL', '$HREF', '$REMOTE', '$USER_AGENT', $pub, $num)";

	mysql_query($sSQL,$link);
 }

mysql_close($link);

header("Location: ".$URL."?status=ok");
exit();
?>
Return current item: Guestbook!