prog/add_inscription.php

71 lines
2 KiB
PHP
Raw Normal View History

2020-11-11 13:19:45 +00:00
<?php
include("./boffice/access.php");
function securitsearch($mastr) {
$retour = preg_replace("[\||\t|#|;|or |and |sleep |select |delete |update |insert |--|>|<|=|:|\+|\"|(|)|\\\|\/|\*|&|\^|%|\\$]", '', $mastr);
$retour = addslashes($retour);
return $retour;
}
$querad = "INSERT INTO intervenants SET
nom='".securitsearch($_POST['nom'])."',
prenom='".securitsearch($_POST['prenom'])."',
mobile='".securitsearch($_POST['mobile'])."',
email='".securitsearch($_POST['email'])."'";
$resultad = mysqli_query($connect,$querad);
$lacle = mysqli_insert_id($connect);
/*
if(($_POST['theme']=='10')&&($_POST['themey']!=''))
{
$querad1 = "INSERT INTO themes SET
nom='".securitsearch($_POST['themey'])."'";
$resultad1 = mysqli_query($connect,$querad1);
$letheme = mysqli_insert_id($connect);
}
else $letheme = $_POST['theme'];
if(($_POST['type']=='10')&&($_POST['typey']!=''))
{
$querad2 = "INSERT INTO type SET
nom='".securitsearch($_POST['typey'])."'";
$resultad2 = mysqli_query($connect,$querad2);
$letype = mysqli_insert_id($connect);
}
else $letype = $_POST['type'];
*/
$queradd = "INSERT INTO planning SET
jour='".$_POST['jour']."',
heure='".$_POST['heure']."',
heurefin='".$_POST['heurefin']."',
theme='3',
intervenant='".$lacle."',
titre='".securitsearch($_POST['titre'])."',
description='".securitsearch($_POST['description'])."',
valid='1',
type='1',
online='1'";
$resultadd = mysqli_query($connect,$queradd);
$fiche = mysqli_insert_id($connect);
if(isset($_POST['dateheure'])&&($_POST['dateheure']!=''))
{
$querad1 = "INSERT INTO datesup SET
cle='".$fiche."',
intervenant='".$lacle."',
datehoraire='".securitsearch($_POST['dateheure'])."'";
$resultad1 = mysqli_query($connect,$querad1);
}
envoiunmail("brunomv@hotmail.fr","TdC inscription en ligne","".$_POST['titre'].", intervention de : ".$_POST['prenom']." ".$_POST['nom']."");
header("location: inscription.php?m=1");
?>