12 || $birth_day < 0 || $birth_day > 31 || $birth_year < 1900) { $error = 'Invalid Date of Birth'; return($error); } } if ($picture != 'none' && $picture != '') { if (ereg("jpeg", $picture_type)) { if ($picture_size > 75000) { $error = 'Picture file too large.'; return($error); } } else { $error = 'Invalid picture file format.'; return($error); } } if (strlen($profile) > 1500) { $error = 'Profile too long.'; return($error); } if (strlen($interests) > 1500) { $error = 'Interests too long.'; return($error); } if (strlen($bands) > 500) { $error = 'Favorite Bands too long.'; return($error); } } ############################################################ ## submit_data(); ## ## ## ## ## ## ## ## description: ## ## ## ## subroutine by: ## ############################################################ function submit_data($dbh, $username, $name, $gender, $sexuality, $dob, $city, $state, $country, $email, $aim, $ym, $icq, $website, $profile, $interests, $bands) { if ($website == 'http://') { $website = ''; } $result = mysql_query("select user_num from users where username = '$username'", $dbh); $data = mysql_fetch_array($result); $name = mysql_real_escape_string($name); $city = mysql_real_escape_string($city); $email = mysql_real_escape_string($email); $aim = mysql_real_escape_string($aim); $ym = mysql_real_escape_string($ym); $icq = mysql_real_escape_string($icq); $website = mysql_real_escape_string($website); $profile = mysql_real_escape_string($profile); $interests = mysql_real_escape_string($interests); $bands = mysql_real_escape_string($bands); $result = mysql_query("update profiles set name = '$name', gender = '$gender', sexuality = '$sexuality', dob = '$dob', city = '$city', state = '$state', country = '$country', email = '$email', aim = '$aim', ym = '$ym', icq = '$icq', website = '$website', profile = '$profile', interests = '$interests', bands = '$bands', last_modified = sysdate() where user_num = '$data[user_num]'", $dbh); } $dbh = @mysql_connect($DBHOST, $DBUSER, $DBPASSWORD); mysql_select_db($DBNAME, $dbh); if ($_POST['function'] == 'edit') { extract($_POST); $picture = $_FILES['picture']['name']; $picture_name = $_FILES['picture']['tmp_name']; $picture_type = $_FILES['picture']['type']; $picture_size = $_FILES['picture']['size']; $error = check_submitted_data($dbh, $gender, $birth_month, $birth_day, $birth_year, $email, $picture, $picture_type, $picture_size, $profile, $interests, $bands); if ($error == '') { $username = get_username($dbh, $user_num); if ($picture != 'none' && $picture != '') { process_image($username, $picture_name); archive_image($username); } if ($birth_month && $birth_day && $birth_year) { $dob = $birth_year . '-' . $birth_month . '-' . $birth_day; } submit_data($dbh, $username, $name, $gender, $sexuality, $dob, $city, $state, $country, $email, $aim, $ym, $icq, $website, $profile, $interests, $bands); mysql_close($dbh); header("Location: " . prep_url("index.php", true)); exit(); } else { $profile = stripslashes($profile); $interests = stripslashes($interests); $bands = stripslashes($bands); } } else { $result = mysql_query("select * from profiles where user_num = $user_num", $dbh); $data = mysql_fetch_array($result); $user_num = $data[user_num]; $name = $data[name]; $gender = $data[gender]; $sexuality = $data[sexuality]; $city = $data[city]; $state = $data[state]; $country = $data[country]; $email = $data[email]; $aim = $data[aim]; $ym = $data[ym]; $icq = $data[icq]; $website = $data[website]; $profile = $data[profile]; $interests = $data[interests]; $bands = $data[bands]; list($birth_year, $birth_month, $birth_day) = explode('-', $data[dob]); if ($birth_year == '0') { $birth_year = ''; } if ($birth_month == '0') { $birth_month = ''; } if ($birth_day == '0') { $birth_day = ''; } } mysql_close($dbh); ?>