ob_start include config php function escape text return mysql_real_esc

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<?
ob_start();
include "config.php";
function escape($text) {
return mysql_real_escape_string(htmlspecialchars($text, ENT_QUOTES));
}
$comment = isset($_POST['comment']) ? escape($_POST['comment']) : null;
if ($_POST) {
mysql_query("insert into chat(messages) values('$comment')");
header('Location: /');
}
$q = mysql_query("select * from chat ORDER BY `id` DESC limit 10");
while($a = mysql_fetch_assoc($q)) {
echo $a['messages'].'<br />';
}
echo '
<form method="post">
<input name="comment" autofocus>
<input type="submit">
</form>
';
ob_end_flush();