-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinsertItemPosting.php
74 lines (64 loc) · 2.06 KB
/
insertItemPosting.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
<?php
$errors = array();
//handle posting the name field
if (empty($_POST["name"])) {
$errors['name'] = 'name DNE';
} else {
$name = test_input($_POST["name"]);
// make sure name only has letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/", $name)){
$errors['name'] = 'name included invalid characters';
}
}
//handle posting the item name field
if (empty($_POST["itemName"])) {
$errors['itemName'] = 'itemName DNE';
} else {
$itemName = test_input($_POST["itemName"]);
// make sure name only has letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/", $itemName)){
$errors['itemName'] = 'itemName included invalid characters';
}
}
//handle posting the price field
if (empty($_POST["price"])) {
$errors['price'] = 'price DNE';
} else {
$price = test_input($_POST["price"]);
// make sure name only has letters and whitespace
if (!preg_match("/^[0-9\.]{1,}$/", $price)){
$errors['itemName'] = 'price not a valid integer';
}
}
if(!$errors){
//Setting up connection to database
$con=mysqli_connect("localhost","root","","wubooksdb");
//Check connection
if(mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="CREATE TABLE itemsForSale(sellerName CHAR(30),itemTitle CHAR(30),dollarValue INT)";
if (mysqli_query($con, $sql)){
echo "table itemsForSale created successfully";
} else {
echo "Error creating database: " . mysqli_error($con);
}
// escape variables for security
$name = mysqli_real_escape_string($con, $_POST['name']);
$itemName = mysqli_real_escape_string($con, $_POST['itemName']);
$price = mysqli_real_escape_string($con, $_POST['price']);
$sql="INSERT INTO itemsForSale (sellerName, itemTitle, dollarValue) VALUES ('$name', '$itemName', '$price')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
}
header("location:postItem.php");
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>