http://www.ils.unc.edu/~lstacey/inls992test/sqlTest.php
<?php
include ('header.php');
?>
<!-- metadata that we want crawl-able or different -->
<link rel='stylesheet' type='text/css' href='styles/print.css' media='print' />
<link rel='stylesheet' type='text/css' href='styles/fire.css' media='screen' />
<meta name='keywords' content='storytelling, story, folktale, fairy tale, database' />
<meta name="copyright" content="January 2008, S Lunden" />
<meta name="description" content="A database to collect and share information on stories and folktales" />
<title>Storytime: A Database for Storytellers, Submit Stories</title>
<script type="text/javascript" src="test2.js" ></script>
</head>
<body>
<!-- OUTER container for background art -->
<div id="outer">
<!-- CONTENT is for entire content box -->
<div id="content">
<!-- TEXT is for actual content -->
<div id="text">
<span class="title">Submit Stories...</span>
<form action="sqlTest2.php" method="post">
<div id="one">
<div id="oneleft">
<span class="topics">User Information</span>
<p>Username</p>
<p><input type="text" name="username" /></p>
<p>Email Address</p>
<p><input type="text" name="email" /></p>
<p>Are you a storytelling student?</p>
<p><input type="radio" name="student" value="1" checked />Yes
<input type="radio" name="student" value="0" />No</p>
</div>
<div id="oneright">
<span class="topics">Bibliographic Information (best version for telling)</span>
<p>Title of Story</p>
<p><input type="text" name="title" /></p>
<p>Author of Story</p>
<p><input type="text" name="author" /></p>
<p>Title of Book/Collection</p>
<p><input type="text" name="book" /></p>
</div>
</div>
<div id="eight">
<br />
<p><input type="reset" value="Clear All" />
<input type="submit" value="Next" /></p>
<br />
</div>
</form>
</div>
<!-- MAINMENU is for the menu buttons -->
<?php
include ('menu.php');
?>
<!-- close CONTENT -->
</div>
<!-- FOOTER -->
<?php
include ('footer.php');
?>
<!-- close OUTER -->
</div>
</body>
</html>
http://www.ils.unc.edu/~lstacey/inls992test/sqlTest2.php
<?php
include ('header.php');
?>
<!-- metadata that we want crawl-able or different -->
<link rel='stylesheet' type='text/css' href='styles/print.css' media='print' />
<link rel='stylesheet' type='text/css' href='styles/fire.css' media='screen' />
<meta name='keywords' content='storytelling, story, folktale, fairy tale, database' />
<meta name="copyright" content="January 2008, S Lunden" />
<meta name="description" content="A database to collect and share information on stories and folktales" />
<title>Storytime: A Database for Storytellers, Submit Stories</title>
<script type="text/javascript" src="test2.js" ></script>
</head>
<body>
<!-- OUTER container for background art -->
<div id="outer">
<!-- CONTENT is for entire content box -->
<div id="content">
<!-- TEXT is for actual content -->
<div id="text">
<span class="title">Submit Stories...</span>
<?php
/*--Match all fields to known fields--*/
$allowed = array( 'username' , 'email' , 'student', 'title' , 'author', 'book' );
$form = array_keys( $_POST );
if ( $form === $allowed )
{
/*--Clean for html--*/
$clean_title = htmlentities($_POST[title]);
$clean_author = htmlentities($_POST[author]);
$clean_book = htmlentities($_POST[book]);
$clean_username = htmlentities($_POST[username]);
/*--Only applicable in PHP5
if(filter_var($_POST[email], FILTER_VALIDATE_EMAIL))
{*/
$clean_email = htmlentities($_POST[email]);
/*}*/
$student_options = array ( 0 , 1 );
if (in_array($_POST[student], $student_options))
{
$clean_student = ($_POST[student]);
}
/*--Tested for magicquotes - They are enabled.
if (get_magic_quotes_gpc())
{
echo "Magic quotes enabled";
}
else
{
echo "Magic quotes diabled";
}--*/
/*--Open connection, select database, select table--*/
include ('db_login.php');
$connection = mysql_connect($db_host, $db_username, $db_password);
if (!$connection)
{
die ("<p>Could not connect to the database: </p>". mysql_error());
}
else
{
echo "<p>DB opened</p>";
$db_select=mysql_select_db($db_database);
if (!$db_select)
{
die ("<p>Could not select the database: </p>". mysql_error());
}
else
{
echo "<p>Connected to table</p>";
/*--Clean for mySQL: reverse magic quotes and use mysqlrealescape string to prevent SQL injection--*/
if (get_magic_quotes_gpc())
{
$clean_title = stripslashes($clean_title);
$clean_author = stripslashes($clean_author);
$clean_book = stripslashes($clean_book);
$clean_username = stripslashes($clean_username);
$clean_email = stripslashes($clean_email);
$clean_student = stripslashes($clean_student);
}
$clean_title = mysql_real_escape_string($clean_title);
$clean_author = mysql_real_escape_string($clean_author);
$clean_book = mysql_real_escape_string($clean_book);
$clean_username = mysql_real_escape_string($clean_username);
$clean_email = mysql_real_escape_string($clean_email);
$clean_student = mysql_real_escape_string($clean_student);
/*--Query0 used to determine if username exists--*/
$query0 = "select username from users";
/*--Query1 and 2 used to add data to table--*/
$query1 = "insert into users values ('$clean_username', '$clean_email', $clean_student)";
$query2 = "insert into stories values (null, '$clean_title', '$clean_author', '$clean_book', '$clean_username')";
/*--Result0 is used to determine of the username already exists. If so, only story table is added. If not, story and user tables are added--*/
$result0 = mysql_query($query0);
if (!$result0)
{
die ("<p>Could not query0 the database: </p>". mysql_error());
}
echo "<p>Current Usernames:";
while ($array0 = mysql_fetch_array($result0, MYSQL_ASSOC))
{
echo $array0['username'];
echo "<br />";
$newarray[] = $array0['username'];
}
echo "</p>";
if (in_array($clean_username, $newarray))
{
echo "<p>Username $clean_username exists</p>";
$result2 = mysql_query($query2);
if (!result2)
{
die ("<p>Could not query2 the database: </p>". mysql_error());
}
else
{
echo "<p>Story added</p>";
}
}
else
{
$result1 = mysql_query($query1);
if (!$result1)
{
die ("<p>Could not query1 the database: </p>". mysql_error());
}
else
{
echo "<p>User added </p>";
}
$result2 = mysql_query($query2);
if (!result2)
{
die ("<p>Could not query2 the database: </p>". mysql_error());
}
else
{
echo "<p>Story added</p>";
}
}
}
}
mysql_close($connection);
}
?>
</div>
<!-- MAINMENU is for the menu buttons -->
<?php
include ('menu.php');
?>
<!-- close CONTENT -->
</div>
<!-- FOOTER -->
<?php
include ('footer.php');
?>
<!-- close OUTER -->
</div>
</body>
</html>