Location: PHPKode > projects > php Blogger > insert.php
<?php session_start();
/* * ********************************************************************
*  Copyright notice PHP Blogger 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpblogger[dot]org
*  All rights reserved
*
*  This script is part of the PHP Blogger project. 
*  The PHP Blogger project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
##############################
# insert.php     version 1.1.#
##############################
include ('settings.php');
require_once ('languages/lang_english.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'ESALT_';
$ss->regenerate_id = true;
if(!$ss->Check() || !isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) {
	include ('form.php');
	die();
} 
include 'libs/pagination.class.php';
$pagination = new pagination;
$cusid = $_POST['cusid'];
$incuser = $_POST['incuser'];
$incimage = $_POST['incimage'];
$amess = $_POST['amess'];
$time = date("mis");
$time = "1".$time - $timelimit;
if(@$_SESSION["cloadser"] > $time) {
	echo "<div id='errormes'>Sorry your posting too fast please try again later.</div>";
	die();
}
$times = date("mis");
$_SESSION["cloadser"] = "1".$times;
if(get_magic_quotes_gpc()) {
	$cusid = stripslashes($_POST['cusid']);
	$incuser = stripslashes($_POST['incuser']);
	$incimage = stripslashes($_POST['incimage']);
	$amess = stripslashes($_POST['amess']);
} else {
	$cusid = $_POST['cusid'];
	$incuser = $_POST['incuser'];
	$incimage = $_POST['incimage'];
	$amess = $_POST['amess'];
}
if(preg_match("/</",$amess)) {
	echo "Invalid Characters '<' ";
	die();
}
if(preg_match("/]/",$amess)) {
	echo "Invalid Characters '[' ";
	die();
}
if(strlen($amess) < 5) {
	echo "Field must be at least 5 characters long:";
	die();
}
if(strlen($amess) > $maxtopic) {
	echo "Max Characters Field: $maxtopic";
	die();
}
$cusid = mysql_real_escape_string($cusid);
$incuser = mysql_real_escape_string($incuser);
$incimage = mysql_real_escape_string($incimage);
$amess = mysql_real_escape_string($amess);
$erecordSet = &$conn->Execute("INSERT INTO comment (userid,texty,imgs,date,amess) VALUES ('$cusid','$incuser','$incimage',NOW(),'$amess')");
$frecordSet = &$conn->Execute("UPDATE users SET nofposts = nofposts + '".mysql_real_escape_string(1)."' WHERE usid = '".mysql_real_escape_string($cusid)."' ");
$drecordSet = &$conn->Execute("SELECT * FROM comment ORDER by commid desc");
if(!$drecordSet)
	print $conn->ErrorMsg();
else
	while(!$drecordSet->EOF) {
		$dcval[] = $drecordSet->fields;
		$drecordSet->MoveNext();
	}
$erecordSet = &$conn->Execute("SELECT * FROM reviews");
if(!$erecordSet)
	print $conn->ErrorMsg();
else
	while(!$erecordSet->EOF) {
		$bcval[] = $erecordSet->fields;
                
		$erecordSet->MoveNext();
	}

/**
 * intergrate()
 * 
 * @param mixed $comment
 * @return
 */
if($rewritemod == 2){
function intergrate($comment) {
        $comment = preg_replace("#(([a-zA-Z]+://)([a-zA-Z0-9?&%.;:/=\-_+\#]*))#e","'<a href=\"$1\" target=\"_blank\">$0</a>'",$comment);
	$comment = preg_replace("/@([A-Za-z0-9_]+)/","<a href='$1'>$0</a> ",$comment).'';
return $comment;
}
}
if($rewritemod == 1){
function intergrate($comment) {
        $comment = preg_replace("#(([a-zA-Z]+://)([a-zA-Z0-9?&%.;:/=\-_+\#]*))#e","'<a href=\"$1\" target=\"_blank\">$0</a>'",$comment);
	$comment = preg_replace("/@([A-Za-z0-9_]+)/","<a href='profile.php?cid=$1'>$0</a> ",$comment).'';
return $comment;
}
}
@$dataPages = $pagination->generate($dcval,12);
$smarty->assign('comment',$dataPages);
$smarty->assign('pagination',$pagination->links());
$smarty->assign('reviews',@$bcval);
$smarty->display('cline.php');
$recordSet->Close();
$erecordSet->Close();
$frecordSet->Close();
$drecordSet->Close();
$conn->Close();
?>
Return current item: php Blogger