$limit) { return false; } } return true; } function strlen_utf8 ($str) { $i = 0; $count = 0; $len = strlen ($str); while ($i < $len) { $chr = ord ($str[$i]); $count++; $i++; if ($i >= $len) break; if ($chr & 0x80) { $chr <<= 1; while ($chr & 0x80) { $i++; $chr <<= 1; } } } return $count; } $_POST = array_map('strip_tags', $_POST); $page = $_POST['page']; $name = $_POST['name']; $email = $_POST['email']; $website = $_POST['website']; $usercomment = $_POST['usercomment']; if ($confirmation != "UPC") { die("Confirmation field not filled out correctly, comment not posted."); } if (!wordlength($usercomment, 500)) { die("One of the words was too long"); } if (!wordlength($name, 500)) { die("One of the words was too long"); } if (!wordlength($email, 500)) { die("One of the words was too long"); } if (!wordlength($website, 500)) { die("One of the words was too long"); } if (strlen_utf8($name) > 500) { die("Name too long, please shorten"); } if (strlen_utf8($email) > 1000) { die("Email too long, please shorten"); } if (strlen_utf8($website) > 1000) { die("Website too long, please shorten"); } if (strlen_utf8($usercomment) > 15000) { die("Comment too long, please shorten to 15,000 characters"); } if (strlen_utf8($name) < 1) { die("Name cannot be blank"); } if (strlen_utf8($usercomment) < 1) { die("Comment cannot be blank"); } $db = mysql_connect("mysql102.mysite4now.com", "kevin", "razorpeppe"); mysql_select_db("UPC",$db); mysql_query("INSERT INTO comment (page, name, email, website, comment) VALUES('$page', '$name', '$email', '$website', '$usercomment');") or die(mysql_error()); setcookie ("name", $name, time()+2592000, "/", "", 0); setcookie ("email", $email, time()+2592000, "/", "", 0); setcookie ("website", $website, time()+2592000, "/", "", 0); echo 'Comment posted successfully! Thank you.
'; echo 'Back to entry'; ?>