1515 }
1616
1717 // Remove after debug
18- echo "Connected successfully " ;
18+ echo "<p>Connected successfully</p> " ;
19+
20+ // Placeholders for variables from form
21+ $ username = $ password = $ first_name = $ last_name = $ company = $ phone = "" ;
22+
23+ // Prevent XSS hacks / exploits by stripping the data
24+ if ($ _SERVER ["REQUEST_METHOD " ] == "POST " ) {
25+ $ username = test_input ($ _POST ["username " ]);
26+ $ password = test_input ($ _POST ["password " ]);
27+ $ first_name = test_input ($ _POST ["first_name " ]);
28+ $ last_name = test_input ($ _POST ["last_name " ]);
29+ $ company = test_input ($ _POST ["company " ]);
30+ $ phone = test_input ($ _POST ["phone " ]);
31+ }
32+
33+ // Removes unwanted and potentially malicious characters
34+ // from the form data
35+ function test_input ($ data ) {
36+ $ data = trim ($ data );
37+ $ data = stripslashes ($ data );
38+ $ data = htmlspecialchars ($ data );
39+ return $ data ;
40+ }
1941
2042 // Adds a new user account with form data into the physician table of the database
21- // -- To do: form checking (e.g., username already exists, etc.)
22- $ sql = "INSERT INTO physician (group_id, username, password, first_name, last_name, company, phone) VALUES (1, ' " .$ _POST [ ' username ' ] ."', ' " .$ _POST [ ' password ' ] ."', ' " .$ _POST [ ' firstN ' ] ."', ' " .$ _POST [ ' lastN ' ] ."', ' " .$ _POST [ ' company ' ] ."', ' " .$ _POST [ ' phone ' ] ."') " ;
43+ // -- To do: form checking (e.g., username already exists, security, etc.)
44+ $ sql = "INSERT INTO physician (group_id, username, password, first_name, last_name, company, phone) VALUES (1, ' " .$ username ."', ' " .$ password ."', ' " .$ first_name ."', ' " .$ last_name ."', ' " .$ company ."', ' " .$ phone ."') " ;
2345
2446 // Probably keep even after debug
2547 if ($ conn ->query ($ sql ) === TRUE ) {
26- echo "Account created successfully. " ;
48+ echo "<p> Account created successfully.</p> " ;
2749 } else {
2850 echo "Error: " . $ sql . "<br /> " . $ conn ->error ;
2951 }
3052
53+ // Peace out
3154 $ conn ->close ();
3255?>
0 commit comments