ajax_formular_echo.php

Dateigrösse: 2.39 kb

 1 <?php
 2 
 3 $datum     = date('d.m.Y');
 4 $data     = array();
 5 $data     = array_map('_filterData', $_POST);
 6 
 7 if($data['fam_name'] != '' && $data['msg'] != '')
 8 {
 9     if(preg_match("/pharm/i", $data['fam_name']) || preg_match("/smith/i", $data['fam_name'])) 
10     die();
11     
12     echo '<h3>Danke f&uuml;r die Mitteilung!</h3>';
13     print('<br /><b>'. $data['fam_name'] .'</b> schreibt am '. $datum .':<br /><br /><div style="line-height:1.5em;">'. $data['msg'] .'</div><br />');
14     
15     if(stristr($_SERVER['HTTP_HOST'], 'localhost') || stristr($_SERVER['HTTP_HOST'], '127.0.0.1')) {
16         $link = mysqli_connect("localhost", "root", "", "cms");
17     } else {
18         $link = mysqli_connect("localhost", "user_cms", "pass_cms", "klik_cms");
19     }
20     if(!$link) {
21         printf("dbConnect failed: %s\n", mysqli_connect_error() );
22         exit();
23     }
24     
25     $db_data = array();
26     $db_data = array_map('trim', array_map('strip_tags', array_map('utf8_encode', $_POST)));
27     // XAMPP: `cms`.`msgdata`
28     $sql = "INSERT INTO `klik_cms`.`msgdata` (`id`, `datum`, `fam_name`, `msg`) 
29             VALUES (NULL, NOW(), '". $db_data['fam_name'] ."', '". $db_data['msg'] ."')";
30     /**/
31     if(mysqli_query($link, $sql)===FALSE)
32     {
33         print('<b><h5 style="font-size:0.9em;color:red;>ACTION FAILED - TRY AGAIN LATER!</h5></b>'); 
34     }
35     
36     /************************************************************************
37     from: http://www.php-resource.de/handbuch/function.mysqli-fetch-array.htm
38     ************************************************************************/
39     
40     mysqli_close($link);
41     
42 } else {
43     $error = '<h3>Bitte beide Felder ausf&uuml;llen!</h3>';
44     $error.= '<b><input type="button" class="back" onclick="location.href=\'./\';" onfocus="if(this.blur)this.blur();" value="back" /></b>';
45     echo $error;
46 }
47 
48 function _filterData ($value)
49 {
50     if(get_magic_quotes_gpc())
51     {
52         $value = stripslashes($value);
53     }
54        $value = str_replace("javascript", "", $value);
55        $value = str_replace("location", "", $value);
56        $value = str_replace("DELETE", "", $value);
57        $value = str_replace("UPDATE", "", $value);
58        $value = str_replace("SELECT", "", $value);
59        $value = str_replace("INSERT", "", $value);
60        $value = str_replace("WHERE", "", $value);
61        $value = str_replace("LIKE", "", $value);
62     $value = trim($value);
63     $value = strip_tags($value);
64     $value = utf8_encode($value);
65     return $value;
66 }
67 
68 ?>
69