Location: PHPKode > projects > PHP Enter > www/comment.php
<?php
include ('settings.php');
@$main = $_POST['main'];
$main = addslashes($main);
@$comrev = $_POST['comrev'];
$comrev = addslashes($comrev);
@$text = $_POST['text'];
$text = addslashes($text);
@$newimg = $_POST['newimg'];
$newimg = addslashes($newimg);
@$chomes = $_POST['chomes'];
$chomes = addslashes($chomes);
@$ccuid = $_POST['ccuid'];
$ccuid = addslashes($ccuid);
@$text1 = $_POST['text1'];
$text1 = addslashes($text1);
$realmessage = "New Story Comment By " . $text;
$realmessage = addslashes($realmessage);
if (ereg("^\.",$text1)) {
echo "<center>Invalid Characters:<a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (ereg("\<", $text1)) {
echo "<center>Invalid Characters: <font color = \"red\"><strong><</strong></font> <a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (ereg("\>", $text1)) {
echo "<center>Invalid Characters: <font color = \"red\"><strong>></strong></font> <a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (ereg("\[", $text1)) {
echo "<center>Invalid Characters: <font color = \"red\"><strong>[</strong></font> <a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (ereg("\]", $text1)) {
echo "<center>Invalid Characters: <font color = \"red\"><strong>]</strong></font> <a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
///////
if (ereg("\<", $chomes)) {
echo "<center>Invalid Characters: <font color = \"red\"><strong><</strong></font> <a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (ereg("\>", $chomes)) {
echo "<center>Invalid Characters: <font color = \"red\"><strong>></strong></font> <a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (ereg("\[", $chomes)) {
echo "<center>Invalid Characters: <font color = \"red\"><strong>[</strong></font> <a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (ereg("\]", $chomes)) {
echo "<center>Invalid Characters: <font color = \"red\"><strong>]</strong></font> <a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (strlen($chomes) > 200) {
echo "<center>Max Characters URL Field: 200
<a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (strlen($text1) < 25) {
echo "<center>Field must be at least 25 characters long:
<a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
if (strlen($text1) > 800) {
echo "<center>Max Characters Field: 580
<a href=\"javascript:history.go(-1)\">Go Back</a></center>";  
 Die();
}
$main = mysql_real_escape_string($main);
$comrev = mysql_real_escape_string($comrev);
$text = mysql_real_escape_string($text);
$newimg = mysql_real_escape_string($newimg);
$chomes = mysql_real_escape_string($chomes);
$ccuid = mysql_real_escape_string($ccuid);
$text1 = htmlspecialchars($text1);
$text1 = mysql_real_escape_string($text1);
$realmessage = mysql_real_escape_string($realmessage);
if (empty($comrev)) { echo 'Error'; die;} 
$resultb = mysql_query("INSERT INTO publictime (userid,texty,imgs,date,amess) 
VALUES ('$ccuid','$text','$newimg',NOW(),'$realmessage')")
or die(mysql_error());
$resulty = mysql_query("UPDATE newser SET commno = commno + 1 WHERE univer = '" . mysql_real_escape_string($comrev) ."'") 
or die(mysql_error());
$result = mysql_query("INSERT INTO reviews (comrev,cmain,comenter,comimage,chomes,ctexte)
VALUES ('$comrev','1','$text','$newimg','$chomes','$text1')")
or die(mysql_error());
$asty = $_SERVER['HTTP_REFERER'];
?>
<head>
<script type="text/javascript">
<!--
function delayer(){
    window.location = "<?php echo $asty ?>"
}
//-->
</script>
</head>
<body onLoad="setTimeout('delayer()', 2000)">
<center><b><font style="font-family:verdana;font-size:13px;color:#555;">Thank You. You will be redirected to the previous page</b></font></center>
Return current item: PHP Enter