74 lines
2 KiB
PHP
74 lines
2 KiB
PHP
<?php
|
|
|
|
include("./boffice/access.php");
|
|
|
|
function securitsearch($mastr) {
|
|
$retour = preg_replace("[\||\t|#|;|or |and |sleep |select |delete |update |insert |--|>|<|=|:|\+|\"|(|)|\\\|\/|\*|&|\^|%|\\$]", '', $mastr);
|
|
$retour = addslashes($retour);
|
|
return $retour;
|
|
}
|
|
|
|
|
|
|
|
$querad = "INSERT INTO intervenants SET
|
|
nom='".securitsearch($_POST['nom'])."',
|
|
prenom='".securitsearch($_POST['prenom'])."',
|
|
mobile='".securitsearch($_POST['mobile'])."',
|
|
email='".securitsearch($_POST['email'])."'";
|
|
$resultad = mysqli_query($connect,$querad);
|
|
|
|
$lacle = mysqli_insert_id($connect);
|
|
|
|
/*
|
|
if(($_POST['theme']=='10')&&($_POST['themey']!=''))
|
|
{
|
|
$querad1 = "INSERT INTO themes SET
|
|
nom='".securitsearch($_POST['themey'])."'";
|
|
$resultad1 = mysqli_query($connect,$querad1);
|
|
|
|
$letheme = mysqli_insert_id($connect);
|
|
}
|
|
else $letheme = $_POST['theme'];
|
|
|
|
if(($_POST['type']=='10')&&($_POST['typey']!=''))
|
|
{
|
|
$querad2 = "INSERT INTO type SET
|
|
nom='".securitsearch($_POST['typey'])."'";
|
|
$resultad2 = mysqli_query($connect,$querad2);
|
|
|
|
$letype = mysqli_insert_id($connect);
|
|
}
|
|
else $letype = $_POST['type'];
|
|
*/
|
|
|
|
|
|
$queradd = "INSERT INTO planning SET
|
|
jour='".$_POST['jour']."',
|
|
heure='".$_POST['heure']."',
|
|
heurefin='".$_POST['heurefin']."',
|
|
intervenant='".$lacle."',
|
|
titre='".securitsearch($_POST['titre'])."',
|
|
description='".securitsearch($_POST['description'])."',
|
|
-- theme='3', -- default null
|
|
-- valid='1', -- default 1
|
|
-- type='1', -- default null
|
|
-- onoff='0', -- default 0
|
|
online='1'
|
|
";
|
|
$resultadd = mysqli_query($connect,$queradd);
|
|
|
|
$fiche = mysqli_insert_id($connect);
|
|
|
|
if(isset($_POST['dateheure'])&&($_POST['dateheure']!=''))
|
|
{
|
|
$querad1 = "INSERT INTO datesup SET
|
|
cle='".$fiche."',
|
|
intervenant='".$lacle."',
|
|
datehoraire='".securitsearch($_POST['dateheure'])."'";
|
|
$resultad1 = mysqli_query($connect,$querad1);
|
|
}
|
|
|
|
envoiunmail("person-to-notify@domain.tld","[Prog] Inscription en ligne","".$_POST['titre']."\nIntervention de : ".$_POST['prenom']." ".$_POST['nom']."");
|
|
|
|
header("location: inscription.php?m=1");
|
|
?>
|