Ooops i dont know if that works because i dont want it to continue the rest of the script, and it has when i use echo
here is the whole the script
Code: Select all
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$total_cost = round(($_POST['amountworkers'] * $_POST['perperson']) * 1.05, 2);
$user_cost = $_SESSION['user_money'];
$userid = $_SESSION['user_id'];
if($total_cost > $user_cost)
{
echo ("You have insufficient funds to create this job, please allow room for a 5% charge onto your job total cost.");
}
else{
$_SESSION['user_money'] = round($user_cost - $total_cost, 2);
$sql = "SELECT `fulldata`.*
FROM `fulldata`
WHERE fulldata.createuser_id = $userid";
$result = mysql_query($sql)
or die('Invalid query: ' . $sql . ' - Error is ' . mysql_error());
$sql = "UPDATE `users`
SET users.user_money = round($user_cost - $total_cost, 2)
WHERE users.id = $userid";
$result = mysql_query($sql)
or die('Invalid query: ' . $sql . ' - Error is ' . mysql_error());
}
//Function definition
function onlyLetters($str){
$text = str_replace("\n", "xyxy", $str);
$pattern = '/[^0-9a-zA-Z-. ]*/';
$text = preg_replace($pattern, '', $text);
return str_replace("xyxy", "<br />\n", $text);
}
function onlyNumbers($str){
$pattern = '/[^0-9.]*/';
return preg_replace($pattern, '', $str);
}
// Get and strip values from form
$title=onlyLetters($_POST['title']);
$descript=onlyLetters($_POST['descript']);
$proof=onlyLetters($_POST['proof']);
$min=onlyNumbers($_POST['min']);
$amountworkers=onlyNumbers($_POST['amountworkers']);
$perperson=onlyNumbers($_POST['perperson']);
$createuser_id=onlyNumbers($_POST['createuser_id']);
$user_name=onlyLetters($_POST['user_name']);
// Insert data into mysql
$sql="INSERT INTO $tbl_name(title, descript, proof, min, amountworkers, perperson, createuser_id, user_name)VALUES('$title', '$descript', '$proof', '$min', '$amountworkers', '$perperson', '$createuser_id', '$user_name')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Thank you for submiting your job, our team will now take a look and approve very soon ";
echo "<BR>";
echo "<a href='http://miniworkers.justfree.com/jobs.php'>Click here to go back to Minute Workers</a>";
}
else {
echo "ERROR";
}
?>
</h1>
<p>
<br />
</p>
</div>
<br class="clearFloat" />
</div>
</div>
</div>
<div style="width: 890px; background: #fff; margin: auto; padding: 0; position: relative;">
<div id="outerWrapper">
<div id="footer">
<p><a href="#">Home</a>| <a href="#">Services</a> | <a href="#">About Us</a> | <a href="#">Contact Us</a> | <a href="#">Terms & Conditons</a> | <a href="#">Privacy</a></p>
<p>This site is copyright © 2009</p>
</div>
</div>
</div>
</body>
</html>
when i took out the die and used echo this part of the whole script still works which means inserting data into the db what shouldnt be.