include("dbinfo.inc.php"); $daynumber = $_GET['dayno']; $ip=$_SERVER['REMOTE_ADDR']; /*$daynumber="day02" */ // wanneer alles ingevuld if($_POST['addmes']) { mysql_connect($localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); //enters omzetten $reactietekst = nl2br($reactietekst); //geen html tekens toelaten $reactietekst=htmlspecialchars($_POST['reactietekst']); $naam=htmlspecialchars($_POST['nmmessager']); $pageno=$_POST['pageno']; //sql misbruiken voorkomen $reactietekst = mysql_real_escape_string($reactietekst); $reactietekst = trim($reactietekst); $naam = mysql_real_escape_string($naam); $naam = trim($naam); if($reactietekst != '' && $naam != '') { //wegschrijven naar database $sql = "INSERT INTO gs_messages SET insertdt = now(), external_id ='$pageno', name='$naam', message='$reactietekst', ip='$ip'"; $query = mysql_query($sql) or die("Error inserting message into database."); //database sluiten }; mysql_close(); }; mysql_connect($localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query="SELECT DATE_FORMAT(startdate, '%d %M %Y') as startdatum, destination as destination FROM gs_main WHERE url = '$daynumber'"; $result=mysql_query($query); $num=mysql_numrows($result); $query="SELECT description, maplink, isactive FROM gs_dayheader WHERE external_id = '$daynumber'"; $headerresult=mysql_query($query); $headernum=mysql_numrows($headerresult); $query="SELECT DATE_FORMAT(insertdt, '%d %M %Y %H:%i') as insertdatum, name, message FROM gs_messages WHERE external_id = '$daynumber' AND insertdt > '2008-07-05' ORDER BY insertdt"; $messageresult=mysql_query($query); $messagenum=mysql_numrows($messageresult); mysql_close(); ?>
echo "$destination"; ?> echo "$description"; ?> |
echo "$maplink" ?> |
Name | Message | ||
---|---|---|---|
*/ ?> |
echo "$name"; ?> echo "$insertdatum"; ?> |
/* */ ?> | echo nl2br("$message"); ?> |
|
|