php if isset _POST submit text mysql_escape_string htmlspecialchars st

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?php
if(isset($_POST['submit'])){
$text = mysql_escape_string(htmlspecialchars(stripcslashes($_POST['text'])));
if(empty($text)){
echo 'Комментарий не введен!';
} else {
mysql_query("INSERT INTO `base` SET
`text` = '".$text."'
");
}
}
$result = mysql_query("SELECT * FROM `base` ");
while ($out=mysql_fetch_assoc($result)) {
echo $out['text'].'<br />';
}
echo "<form action='?' method='POST'>
<textarea name='text'></textarea><br />
<input type='submit' name='submit' value='Добавить'>
</form>";
?>