71 lines
2 KiB
PHP
71 lines
2 KiB
PHP
|
<?php
|
||
|
|
||
|
include("./boffice/access.php");
|
||
|
|
||
|
function securitsearch($mastr) {
|
||
|
$retour = preg_replace("[\||\t|#|;|or |and |sleep |select |delete |update |insert |--|>|<|=|:|\+|\"|(|)|\\\|\/|\*|&|\^|%|\\$]", '', $mastr);
|
||
|
$retour = addslashes($retour);
|
||
|
return $retour;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
$querad = "INSERT INTO intervenants SET
|
||
|
nom='".securitsearch($_POST['nom'])."',
|
||
|
prenom='".securitsearch($_POST['prenom'])."',
|
||
|
mobile='".securitsearch($_POST['mobile'])."',
|
||
|
email='".securitsearch($_POST['email'])."'";
|
||
|
$resultad = mysqli_query($connect,$querad);
|
||
|
|
||
|
$lacle = mysqli_insert_id($connect);
|
||
|
|
||
|
/*
|
||
|
if(($_POST['theme']=='10')&&($_POST['themey']!=''))
|
||
|
{
|
||
|
$querad1 = "INSERT INTO themes SET
|
||
|
nom='".securitsearch($_POST['themey'])."'";
|
||
|
$resultad1 = mysqli_query($connect,$querad1);
|
||
|
|
||
|
$letheme = mysqli_insert_id($connect);
|
||
|
}
|
||
|
else $letheme = $_POST['theme'];
|
||
|
|
||
|
if(($_POST['type']=='10')&&($_POST['typey']!=''))
|
||
|
{
|
||
|
$querad2 = "INSERT INTO type SET
|
||
|
nom='".securitsearch($_POST['typey'])."'";
|
||
|
$resultad2 = mysqli_query($connect,$querad2);
|
||
|
|
||
|
$letype = mysqli_insert_id($connect);
|
||
|
}
|
||
|
else $letype = $_POST['type'];
|
||
|
*/
|
||
|
|
||
|
$queradd = "INSERT INTO planning SET
|
||
|
jour='".$_POST['jour']."',
|
||
|
heure='".$_POST['heure']."',
|
||
|
heurefin='".$_POST['heurefin']."',
|
||
|
theme='3',
|
||
|
intervenant='".$lacle."',
|
||
|
titre='".securitsearch($_POST['titre'])."',
|
||
|
description='".securitsearch($_POST['description'])."',
|
||
|
valid='1',
|
||
|
type='1',
|
||
|
online='1'";
|
||
|
$resultadd = mysqli_query($connect,$queradd);
|
||
|
|
||
|
$fiche = mysqli_insert_id($connect);
|
||
|
|
||
|
if(isset($_POST['dateheure'])&&($_POST['dateheure']!=''))
|
||
|
{
|
||
|
$querad1 = "INSERT INTO datesup SET
|
||
|
cle='".$fiche."',
|
||
|
intervenant='".$lacle."',
|
||
|
datehoraire='".securitsearch($_POST['dateheure'])."'";
|
||
|
$resultad1 = mysqli_query($connect,$querad1);
|
||
|
}
|
||
|
|
||
|
envoiunmail("brunomv@hotmail.fr","TdC inscription en ligne","".$_POST['titre'].", intervention de : ".$_POST['prenom']." ".$_POST['nom']."");
|
||
|
|
||
|
header("location: inscription.php?m=1");
|
||
|
?>
|