Dateigrösse: 2.39 kb
1 <?php 2 3 $datum = date('d.m.Y'); 4 $data = array(); 5 $data = array_map('_filterData', $_POST); 6 7 if($data['fam_name'] != '' && $data['msg'] != '') 8 { 9 if(preg_match("/pharm/i", $data['fam_name']) || preg_match("/smith/i", $data['fam_name'])) 10 die(); 11 12 echo '<h3>Danke für die Mitteilung!</h3>'; 13 print('<br /><b>'. $data['fam_name'] .'</b> schreibt am '. $datum .':<br /><br /><div style="line-height:1.5em;">'. $data['msg'] .'</div><br />'); 14 15 if(stristr($_SERVER['HTTP_HOST'], 'localhost') || stristr($_SERVER['HTTP_HOST'], '127.0.0.1')) { 16 $link = mysqli_connect("localhost", "root", "", "cms"); 17 } else { 18 $link = mysqli_connect("localhost", "user_cms", "pass_cms", "klik_cms"); 19 } 20 if(!$link) { 21 printf("dbConnect failed: %s\n", mysqli_connect_error() ); 22 exit(); 23 } 24 25 $db_data = array(); 26 $db_data = array_map('trim', array_map('strip_tags', array_map('utf8_encode', $_POST))); 27 // XAMPP: `cms`.`msgdata` 28 $sql = "INSERT INTO `klik_cms`.`msgdata` (`id`, `datum`, `fam_name`, `msg`) 29 VALUES (NULL, NOW(), '". $db_data['fam_name'] ."', '". $db_data['msg'] ."')"; 30 /**/ 31 if(mysqli_query($link, $sql)===FALSE) 32 { 33 print('<b><h5 style="font-size:0.9em;color:red;>ACTION FAILED - TRY AGAIN LATER!</h5></b>'); 34 } 35 36 /************************************************************************ 37 from: http://www.php-resource.de/handbuch/function.mysqli-fetch-array.htm 38 ************************************************************************/ 39 40 mysqli_close($link); 41 42 } else { 43 $error = '<h3>Bitte beide Felder ausfüllen!</h3>'; 44 $error.= '<b><input type="button" class="back" onclick="location.href=\'./\';" onfocus="if(this.blur)this.blur();" value="back" /></b>'; 45 echo $error; 46 } 47 48 function _filterData ($value) 49 { 50 if(get_magic_quotes_gpc()) 51 { 52 $value = stripslashes($value); 53 } 54 $value = str_replace("javascript", "", $value); 55 $value = str_replace("location", "", $value); 56 $value = str_replace("DELETE", "", $value); 57 $value = str_replace("UPDATE", "", $value); 58 $value = str_replace("SELECT", "", $value); 59 $value = str_replace("INSERT", "", $value); 60 $value = str_replace("WHERE", "", $value); 61 $value = str_replace("LIKE", "", $value); 62 $value = trim($value); 63 $value = strip_tags($value); 64 $value = utf8_encode($value); 65 return $value; 66 } 67 68 ?> 69