Dateigrösse: 2.39 kb
<?php
$datum = date('d.m.Y');
$data = array();
$data = array_map('_filterData', $_POST);
if($data['fam_name'] != '' && $data['msg'] != '')
{
if(preg_match("/pharm/i", $data['fam_name']) || preg_match("/smith/i", $data['fam_name']))
die();
echo '<h3>Danke für die Mitteilung!</h3>';
print('<br /><b>'. $data['fam_name'] .'</b> schreibt am '. $datum .':<br /><br /><div style="line-height:1.5em;">'. $data['msg'] .'</div><br />');
if(stristr($_SERVER['HTTP_HOST'], 'localhost') || stristr($_SERVER['HTTP_HOST'], '127.0.0.1')) {
$link = mysqli_connect("localhost", "root", "", "cms");
} else {
$link = mysqli_connect("localhost", "user_cms", "pass_cms", "klik_cms");
}
if(!$link) {
printf("dbConnect failed: %s\n", mysqli_connect_error() );
exit();
}
$db_data = array();
$db_data = array_map('trim', array_map('strip_tags', array_map('utf8_encode', $_POST)));
// XAMPP: `cms`.`msgdata`
$sql = "INSERT INTO `klik_cms`.`msgdata` (`id`, `datum`, `fam_name`, `msg`)
VALUES (NULL, NOW(), '". $db_data['fam_name'] ."', '". $db_data['msg'] ."')";
/**/
if(mysqli_query($link, $sql)===FALSE)
{
print('<b><h5 style="font-size:0.9em;color:red;>ACTION FAILED - TRY AGAIN LATER!</h5></b>');
}
/************************************************************************
from: http://www.php-resource.de/handbuch/function.mysqli-fetch-array.htm
************************************************************************/
mysqli_close($link);
} else {
$error = '<h3>Bitte beide Felder ausfüllen!</h3>';
$error.= '<b><input type="button" class="back" onclick="location.href=\'./\';" onfocus="if(this.blur)this.blur();" value="back" /></b>';
echo $error;
}
function _filterData ($value)
{
if(get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
$value = str_replace("javascript", "", $value);
$value = str_replace("location", "", $value);
$value = str_replace("DELETE", "", $value);
$value = str_replace("UPDATE", "", $value);
$value = str_replace("SELECT", "", $value);
$value = str_replace("INSERT", "", $value);
$value = str_replace("WHERE", "", $value);
$value = str_replace("LIKE", "", $value);
$value = trim($value);
$value = strip_tags($value);
$value = utf8_encode($value);
return $value;
}
?>