prog/add_inscription.php
Lab 8916100448256 320a5ecc2e Fix #9
2020-11-12 18:48:45 +01:00

74 lines
2 KiB
PHP

<?php
include("./boffice/access.php");
function securitsearch($mastr) {
$retour = preg_replace("[\||\t|#|;|or |and |sleep |select |delete |update |insert |--|>|<|=|:|\+|\"|(|)|\\\|\/|\*|&|\^|%|\\$]", '', $mastr);
$retour = addslashes($retour);
return $retour;
}
$querad = "INSERT INTO intervenants SET
nom='".securitsearch($_POST['nom'])."',
prenom='".securitsearch($_POST['prenom'])."',
mobile='".securitsearch($_POST['mobile'])."',
email='".securitsearch($_POST['email'])."'";
$resultad = mysqli_query($connect,$querad);
$lacle = mysqli_insert_id($connect);
/*
if(($_POST['theme']=='10')&&($_POST['themey']!=''))
{
$querad1 = "INSERT INTO themes SET
nom='".securitsearch($_POST['themey'])."'";
$resultad1 = mysqli_query($connect,$querad1);
$letheme = mysqli_insert_id($connect);
}
else $letheme = $_POST['theme'];
if(($_POST['type']=='10')&&($_POST['typey']!=''))
{
$querad2 = "INSERT INTO type SET
nom='".securitsearch($_POST['typey'])."'";
$resultad2 = mysqli_query($connect,$querad2);
$letype = mysqli_insert_id($connect);
}
else $letype = $_POST['type'];
*/
$queradd = "INSERT INTO planning SET
jour='".$_POST['jour']."',
heure='".$_POST['heure']."',
heurefin='".$_POST['heurefin']."',
intervenant='".$lacle."',
titre='".securitsearch($_POST['titre'])."',
description='".securitsearch($_POST['description'])."',
-- theme='3', -- default null
-- valid='1', -- default 1
-- type='1', -- default null
-- onoff='0', -- default 0
online='1'
";
$resultadd = mysqli_query($connect,$queradd);
$fiche = mysqli_insert_id($connect);
if(isset($_POST['dateheure'])&&($_POST['dateheure']!=''))
{
$querad1 = "INSERT INTO datesup SET
cle='".$fiche."',
intervenant='".$lacle."',
datehoraire='".securitsearch($_POST['dateheure'])."'";
$resultad1 = mysqli_query($connect,$querad1);
}
envoiunmail("person-to-notify@domain.tld","[Prog] Inscription en ligne","".$_POST['titre']."\nIntervention de : ".$_POST['prenom']." ".$_POST['nom']."");
header("location: inscription.php?m=1");
?>