Codice PHP:
<?php
function detect_cyr_utf8($content)
{
return preg_match('/
[78]\d/', mb_encode_numericentity($content, array(0x0, 0x2FFFF, 0, 0xFFFF), 'UTF-8'));
}
function mysqli_result($result,$row=0,$field=0){
$numrows = mysqli_num_rows($result);
if ($numrows && $row <= ($numrows-1) && $row >=0){
mysqli_data_seek($result,$row);
$resrow = (is_numeric($field)) ? mysqli_fetch_row($result) : mysqli_fetch_assoc($result);
if (isset($resrow[$field])){return $resrow[$field];}
}
return false;
}
error_reporting(E_ALL);
@session_start(); // start session if not started yet
if ($_SESSION['AntiSpamImage'] != $_REQUEST['anti_spam_code']) {
// set antispam string to something random, in order to avoid reusing it once again
$_SESSION['AntiSpamImage'] = rand(1,9999999);
?>
<br> <img src='imm/stop.gif'><br>...
<?php
}
else {
// set antispam string to something random, in order to avoid reusing it once again
$_SESSION['AntiSpamImage'] = rand(1,9999999);
$nome=$_POST["fullname"];
$aaemail=$_POST["email"];
//$commento=htmlspecialchars ($_POST["comments"], ENT_QUOTES);
$commento=$_POST["comments"]; // l'uso di htmlspecialchars crea caratteri che spesso nei browser vengono visualizzati male
$localita=$_POST["location"];
$indirizzoip=$_SERVER['REMOTE_ADDR'];
//$tempo=getdate("d/m/Y H:i:s")); // non commntato da GraphOGLRisorse
//$tempo=getdate(); // non commntato da GraphOGLRisorse
//$tempo=getTimestamp(); // non commntato da GraphOGLRisorse
$tempo = date("Y-m-d H:i:s");
//$tempo = timestamp($current_date); // non commntato da GraphOGLRisorse
if (stristr($aaemail, 'smith'))
{
?>
<img src='imm/stop.gif'><br>...
<?php
}
else
{
if (empty($commento))
{
?>
<img src='imm/stop.gif'><br>...
<?php
}
else
{
$trovato=0;
$num_parole=0;
$stringhe= array('cialis', 'viagra', 'http','www','penis','girl');
while (($num_parole < count($stringhe)) and ($trovato==0))
{
If (stristr($commento, $stringhe[$num_parole])) $trovato=1;
$num_parole++;
}
if ($trovato==1)
{
?>
<img src='imm/stop.gif'><br>...
<?php
}
else
{
if (detect_cyr_utf8($commento))
{
?>
<img src='imm/stop.gif'><br>...
<?php
}
else
{
?>
<?php
$db_host = "localhost";
$db_user = "xxxxxx";
$db_name = "my_xxxxxx";
//$db = mysql_connect($db_host, $db_user);
$mysqli = mysqli_connect($db_host, $db_user, $db_name);
if ($mysqli == FALSE)
die ("Errore nella connessione.");
// imposto charset utf8
if (!mysqli_set_charset($mysqli, 'utf8')) {
die ("Error: Unable to set the character set.\n");
exit;
}
//$res = mysql_select_db($db_name);
$res = mysqli_select_db($mysqli, $db_name);
if ($res == FALSE)
die ("Errore nella selezione del DB.");
// query per vedere se c'è già un commento uguale
//$query="SELECT * FROM guestbook WHERE Email='$aaemail' AND Comments='$commento'";
//$result = mysql_query($query);
//$result = mysqli_query($mysqli,"SELECT * FROM guestbook WHERE Email='$aaemail' AND Comments='$commento'");
$stmt = $mysqli->prepare("SELECT * FROM guestbook WHERE Email=? AND Comments=?");
$stmt->bind_param("ss", $aaemail, $commento);
//$result = $stmt->execute();
$result = $stmt->execute() ? $stmt->get_result() : false;
//$numero = mysql_num_rows($result);
$stmt->close();
if($result) {$numero = mysqli_num_rows($result);}else {$numero = 0;}
//$stmt->close();
if ($numero>0){
// messaggio di errore
?>
<br> <img src='imm/stop.gif'><br>...
<?php
}
//else
//$query="SELECT * FROM guestbook";
//$risultati=mysql_query($query);
$risultati=mysqli_query($mysqli,"SELECT * FROM guestbook");
$num=mysqli_num_rows($risultati);
$i=0;
$valmax=0;
while ($i < $num) {
//$valore=mysql_result($risultati,$i,"Id");
$valore=mysqli_result($risultati,$i,"Id");
if ($valore>$valmax) {
$valmax=$valore;
}
$i++;
}
$ultimo=$valmax+1;
//$ultimo=mysql_numrows($risultati)+1; // non commntato da GraphOGLRisorse
// aggiungo record
// $query="INSERT IGNORE INTO guestbook (Id, Name, Email, Comments, Location, DateSent, IPAddress ) VALUES ('$ultimo','$nome', '$aaemail', '$commento', '$localita', '$tempo', '$indirizzoip')";
// $query="INSERT IGNORE INTO guestbook (Id, Name, Email, Comments, Location, DateSent, IPAddress ) VALUES ('".$ultimo."','".$nome."', '".$aaemail."', '".$commento."', '".$localita."', '".$tempo."', '".$indirizzoip."')";
$query="INSERT IGNORE INTO guestbook(Id, Name, Email, Comments, Location, DateSent, IPAddress) VALUES(?, ?, ?, ?, ?, ?, ?)";
$stmt2 = $mysqli->prepare($query);
$stmt2->bind_param("issssss", $ultimo, $nome, $aaemail, $commento, $localita, $tempo, $indirizzoip);
$result = $stmt2->execute();
//$result = mysql_query($query);
//$result = mysqli_query($mysqli, $query);
// controllo l'esito
if (!$result) {
//die("Errore nella query $query: " . mysql_error());
die("Errore nella query $query: " . mysqli_error($mysqli));
}
// chiudo la connessione a MySQLi
//mysql_close();
mysqli_close($mysqli);
// verifica funzionamento
if($result){
if($stmt2->num_rows > 0) {
echo "Righe generate: ".$stmt->affected_rows2."<br />";
echo "Ultimo ID inserito: ".$stmt->insert_id2 ."<br />";
}
}
?>
<p align="center"><font face="arial, Helvetica, sans-serif" size="4" color="#3366FF"><B>Grazie per aver firmato il Libro</B>...
<?php
}
}
}
}
}
?>
<?php
// dati di connessione al prprio database MySQL
$db_host = 'localhost';
$db_user = 'xxxxxx';
$db_name = 'my_xxxxxx';
// connessione al DB utilizzando MySQLi
$mysqli = new mysqli($db_host, $db_user, null, $db_name);
// verifica di eventuali errori della connessione
if ($mysqli->connect_errno) {
die ("Connessione fallita: ". $mysqli->connect_error . ".");
exit();
}
$result = $mysqli->query("SELECT * FROM guestbook");
echo "<table><tr>";
echo "<th>ID</th><th>Nome </th><th>email </th><th>commento </th><th>localita </th><th>tempo </th><th>indirizzoip</th>";
echo "</tr>";
while($riga=$result->fetch_assoc()){
?>
<!--<th><?php printf($riga['Id']);?></th>-->
<th><?php printf($riga['Name']);?></th>
<th><?php printf($riga['Email']);?></th>
<th><?php printf($riga['Comments']);?></th>
<th><?php printf($riga['Location']);?></th>
<th><?php printf($riga['DateSent']);?></th>
<th><?php printf($riga['IPAddress']);?></th><br>
<?php
}
echo "</table>";
// chiusura della connessione
$mysqli->close();
?>
cordiali saluti