- extract: documentation ( source)
- session_start: documentation ( source)
<?php
session_start();
extract(@$_SESSION);
include('mysql.php');
extract($_POST);
require_once 'tools/HTMLPurifier.standalone.php';
if (@$editFlag != "1"){
$author = $userID;
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($userContent);
$clean_html = mysqli_real_escape_string($link, $clean_html);
$stmt = $link->prepare("INSERT INTO userContent (section, author, content) VALUES (?, ?, ?)");
$stmt->bind_param("iis", $section, $author, $clean_html);
if ($stmt->execute() === TRUE) {
} else {
echo "Error: " . $sql . "<br>" . $link->error;
}
}
?>