| ";
if(isset($_POST['submit'])) {
$usrname=$_POST['tusrname'];
$course=$_POST['tcourse'];
$newcourse=$_POST['tnewcourse'];
$book=$_POST['tbook'];
$prof=$_POST['tprof'];
$edition=$_POST['tedition'];
$isbn=$_POST['tisbn'];
$price=$_POST['tprice'];
$desc=$_POST['tdesc'];
$scourse=strip_tags($course);
$snewcourse=strip_tags($newcourse);
if(strlen($usrname)<1) {
print "You did not type in your user name."; //no name entered
} else if (strlen($course)<1){
print "You did not enter course name.";
} else if(strlen($book)<1) {
print "You did not enter the book's title."; //no subject entered
} else if(strlen($edition)<1) {
print "You did not enter the book's edition."; //no subject entered
} else if(strlen($prof)<1) {
print "You did not enter the professor's name."; //no subject entered
} else if(strlen($isbn)>13) {
print "ISBN entered is incorrenct"; //no subject entered
} else {
// $thedate=date("U"); //get unix timestamp
// $displaytime=date("F j, Y, g:i a");
//we now strip HTML injections
$susrname=strip_tags($usrname);
$snewcourse=strip_tags($newcourse);
$scourse=strip_tags($course);
$sbook=strip_tags($book);
$sedition=strip_tags($edition);
$sprof=strip_tags($prof);
$sisbn=strip_tags($isbn);
$sdesc=strip_tags($desc);
$sprice=strip_tags($price);
$thedate=date("U"); //get unix timestamp
$displaytime=date("Ymd");
if ($scourse=='OTHER') {
$scourse=$snewcourse;
$updatecourses="INSERT INTO courses (`course`) VALUES ('$scourse')";
mysql_query($updatecourses);
}
$insertpost="INSERT INTO books_table(`usrname`,`course`,`book`,`prof`,`edition`, `isbn`, `price`, `desc`,`timeposted`) VALUES('$susrname','$scourse','$sbook','$sprof','$sedition', '$sisbn','$sprice','$sdesc','$displaytime')";
mysql_query($insertpost) or die("Could not insert post"); //insert post
print "Book was successfuly posted for sale, go back to MiddBook.com.";
}
}
else
{
print "";
}
print " |