diff --git a/.gitignore b/.gitignore index 177b1d6..5368a1a 100755 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *.*~ *.db +test* diff --git a/databaseOperations.php b/databaseOperations.php index 8fdf242..d662fbc 100755 --- a/databaseOperations.php +++ b/databaseOperations.php @@ -265,6 +265,19 @@ function getEventsSince($db,$date) } } +/** + * @brief add an event into the database + * @param $db: the PDO connection to the database + * @param $titre: title of the event + * @param $catArray: an array containing the categories related to this event + * @param $localisation: localisation of the event + * @param $dtstart: datetime of the beginning of the event + * @param $dtend: datetime of the end of the event + * @param $description: description of the event + * @param $url: url of the event + * @param $urlImage: url of the image of the event + * @param $contact: name of the contact + */ function addEvent($db, $titre, $catArray, $localisation, $dtstart, $dtend, $description, $url, $urlImage, $contact) { try diff --git a/eventAdded.php b/eventAdded.php index ba2b60a..a7026c6 100644 --- a/eventAdded.php +++ b/eventAdded.php @@ -2,39 +2,16 @@ include_once('databaseOperations.php'); include('datetimeOperations.php'); $db = connect(); -$titre = $_POST['title']; -$localisation = $_POST['address']; +$titre = htmlentities($_POST['title']); +$localisation = htmlentities($_POST['address']); $dtstart = strtotime($_POST['dtstart']); $dtend = strtotime($_POST['dtend']); -$description = $_POST['description']; +$description = htmlentities($_POST['description']); $url = $_POST['site']; $urlImage = $_POST['urlImage']; $contact = $_POST['contact']; $catArray = $_POST['chk_group']; addEvent($db, $titre, $catArray, $localisation, $dtstart, $dtend, $description, $url, $urlImage, $contact); +header('Location:./'); +exit; ?> - - - - Kiwi Calendar : Ajouter un évènement - - - - - - - - - - -
- logo ESIR - -
- -
- Ok ! -
- -