Last active
December 21, 2015 22:19
-
-
Save byronwade/6374295 to your computer and use it in GitHub Desktop.
what i want to do is give EACH person there OWN 4 digit code that increments by 1 every time someone NEW signs up and it starts at 0001 and ends at 9999 how can i do this with the script i have?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $host = "**********"; // Host firstname | |
| $name = "****************"; // Mysql userfirstname | |
| $password = "***********"; // Mysql password | |
| $db_name = "************"; // Database firstname | |
| $tbl_name = "users"; // Table firstname | |
| // Connect to server and select database. | |
| mysql_connect("$host", "$username", "$password") or die("cannot connect"); | |
| mysql_select_db("$db_name") or die("cannot select DB"); | |
| // Get values from form | |
| $firstname = $_POST['firstname']; | |
| $lastname = $_POST['lastname']; | |
| $email = $_POST['email']; | |
| $resumewebsitename = $_POST['resumewebsitename']; | |
| $website = 'http://www.thorbis.com/onlineresumes/users/' . $resumewebsitename; | |
| $email = mysql_query("SELECT * FROM users WHERE email='$email'"); | |
| if (mysql_num_rows($email) > 0) { | |
| echo "Sorry That Email Has Been Taken Please Try Again :D"; | |
| } //mysql_num_rows($email) > 0 | |
| else { | |
| $dbunames = mysql_query("SELECT * FROM users WHERE website='$website'"); | |
| if (mysql_num_rows($dbunames) > 0) { | |
| echo "Sorry That Resume Name Has Been Taken Please Try Again :D"; | |
| } //mysql_num_rows($dbunames) > 0 | |
| else { | |
| // function to recursively copy | |
| // a directory and its subdirectories | |
| function copyRecursive($source, $destination) | |
| { | |
| // check if source exists | |
| if (!file_exists($source)) { | |
| die("'$source' is not valid"); | |
| } //!file_exists($source) | |
| if (!is_dir($destination)) { | |
| mkdir($destination); | |
| } //!is_dir($destination) | |
| // open directory handle | |
| $dh = opendir($source) or die("Cannot open directory '$source'"); | |
| // iterate over files in directory | |
| while (($file = readdir($dh)) !== false) { | |
| // filter out "." and ".." | |
| if ($file != "." && $file != "..") { | |
| if (is_dir("$source/$file")) { | |
| // if this is a subdirectory | |
| // recursively copy it | |
| copyRecursive("$source/$file", "$destination/$file"); | |
| } //is_dir("$source/$file") | |
| else { | |
| // if this is a file | |
| // copy it | |
| copy("$source/$file", "$destination/$file") or die("Cannot copy file '$file'"); | |
| } | |
| } //$file != "." && $file != ".." | |
| } //($file = readdir($dh)) !== false | |
| // close directory | |
| closedir($dh); | |
| } | |
| $source_directory = "Interactive Resume/"; | |
| $destination_directory = "users/"; | |
| copyRecursive($source_directory, $destination_directory); | |
| rename("users/user", "users/" . $resumewebsitename); | |
| $to = "bcw1995@gmail.com"; | |
| $subject = 'hi'; | |
| $message = "Name: " . $firstname . "<br>" . "Last: " . $lastname . "<br>" . "Email: " . $email . "<br>" . "Website: " . $website . "<br>" . "Pin: " . $pin; | |
| $headers = "From: $from\r\n"; | |
| $headers .= "Content-type: text/html\r\n"; | |
| if (mail($to, $subject, $message, $headers)) { | |
| echo ("<p>Since You Have Used My services I will get an email stating that you have filled out this form and i will contact you back within 6 hours of you submiting the form!</p>"); | |
| } //mail($to, $subject, $message, $headers) | |
| else { | |
| echo ("<p>I dident get a message stating that you have filled out the form can you manualy send me your email and info so i can customize your website please my email is bcw1996@gmail.com thank you :D</p>"); | |
| } | |
| // Insert data into mysql | |
| $sql = "INSERT INTO $tbl_name(firstname, lastname, email, website)VALUES('$firstname', '$lastname', '$email', '$website')"; | |
| $result = mysql_query($sql); | |
| // if successfully insert data into database, displays message "Successful". | |
| if ($result) { | |
| echo "Successful"; | |
| echo "<BR>"; | |
| echo "This is your new resume site i will edit it with your info ASAP once i have contected you: " . $website; | |
| echo "<BR>"; | |
| echo "<a href='http://www.thorbis.com'>Back to Home Page</a>"; | |
| } //$result | |
| } | |
| } | |
| ?> |
is there anything else i should fix?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
add this after mysql_select_db();
foreach($_POST as &$v)
$v = mysql_real_escape_string($v);
this will prevent the possibility of sql injections through data that are sent by post http method