prog/add_inscription.php

<?php

include("./boffice/access.php");

function securitsearch($mastr) {
  $retour = preg_replace("[\||\t|#|;|or |and |sleep |select |delete |update |insert |--|>|<|=|:|\+|\"|(|)|\\\|\/|\*|&|\^|%|\\$]", '', $mastr);
  $retour = addslashes($retour);
  return $retour;
}



 $querad = "INSERT INTO intervenants SET
 nom='".securitsearch($_POST['nom'])."',
 prenom='".securitsearch($_POST['prenom'])."',
 mobile='".securitsearch($_POST['mobile'])."',
 email='".securitsearch($_POST['email'])."'";
 $resultad = mysqli_query($connect,$querad);

$lacle = mysqli_insert_id($connect);

/*
if(($_POST['theme']=='10')&&($_POST['themey']!=''))
{
 $querad1 = "INSERT INTO themes SET
 nom='".securitsearch($_POST['themey'])."'";
 $resultad1 = mysqli_query($connect,$querad1);

$letheme = mysqli_insert_id($connect);
}
else $letheme = $_POST['theme'];

if(($_POST['type']=='10')&&($_POST['typey']!=''))
{
 $querad2 = "INSERT INTO type SET
 nom='".securitsearch($_POST['typey'])."'";
 $resultad2 = mysqli_query($connect,$querad2);

$letype = mysqli_insert_id($connect);
}
else $letype = $_POST['type'];
*/


 $queradd = "INSERT INTO planning SET
 jour='".$_POST['jour']."',
 heure='".$_POST['heure']."',
 heurefin='".$_POST['heurefin']."',
 intervenant='".$lacle."',
 titre='".securitsearch($_POST['titre'])."',
 description='".securitsearch($_POST['description'])."',
-- theme='3', -- default null
-- valid='1', -- default 1
-- type='1',  -- default null
-- onoff='0', -- default 0
 online='1'
";
 $resultadd = mysqli_query($connect,$queradd);

 $fiche = mysqli_insert_id($connect);

 if(isset($_POST['dateheure'])&&($_POST['dateheure']!=''))
{
 $querad1 = "INSERT INTO datesup SET
 cle='".$fiche."',
 intervenant='".$lacle."',
 datehoraire='".securitsearch($_POST['dateheure'])."'";
 $resultad1 = mysqli_query($connect,$querad1);
}

envoiunmail("person-to-notify@domain.tld","[Prog] Inscription en ligne","".$_POST['titre']."\nIntervention de : ".$_POST['prenom']." ".$_POST['nom']."");

  header("location: inscription.php?m=1");
?>