Here is the code:
// Add workout to the database
if (isset($_POST['submit'])) {
// Grab the data from POST
$username = $_SESSION['username'];
$wotype = cleaninput($dbc, $_POST['wotype']);
$wodate = isset($_REQUEST["wodate"]) ? $_REQUEST["wodate"] : "";
$woname = cleaninput($dbc, $_POST['woname']);
$bikename = cleaninput($dbc, $_POST['bikename']);
$starttime = cleaninput($dbc, $_POST['starttime']);
$duration = cleaninput($dbc, $_POST['duration']);
$distance = cleaninput($dbc, $_POST['distance']);
$workkj = cleaninput($dbc, $_POST['workkj']);
$spdavg = cleaninput($dbc, $_POST['spdavg']);
$spdmax = cleaninput($dbc, $_POST['spdmax']);
$hravg = cleaninput($dbc, $_POST['hravg']);
$hrmax = cleaninput($dbc, $_POST['hrmax']);
$cadavg = cleaninput($dbc, $_POST['cadavg']);
$cadmax = cleaninput($dbc, $_POST['cadmax']);
$pwravg = cleaninput($dbc, $_POST['pwravg']);
$pwrmax = cleaninput($dbc, $_POST['pwrmax']);
$temp = cleaninput($dbc, $_POST['temp']);
$terrain = cleaninput($dbc, $_POST['terrain']);
$weather = cleaninput($dbc, $_POST['weather']);
$notes = cleaninput($dbc, $_POST['notes']);
if (!empty($wodate) && !empty($duration) && !empty($distance)) {
$query = "INSERT INTO u_rides (username, wotype, wodate, woname, bikename, starttime, " .
" duration, distance, workkj, spdavg, spdmax, hravg, hrmax, cadavg, cadmax, pwravg, pwrmax, " .
" terrain, temp, weather, notes) " .
" VALUES ('$username', '$wotype', '$wodate', '$woname', '$bikename', '$starttime', " .
" '$duration', '$distance', '$workkj', '$spdavg', '$spdmax', '$hravg', '$hrmax', '$cadavg', '$cadmax', '$pwravg', '$pwrmax', " .
" '$terrain', '$temp', '$weather', '$notes')";
mysqli_query($dbc, $query) or die('Connection Error: '.mysqli_error($dbc));
Here is my cleaninput function:
function cleaninput($dbc, $var) {
$var=stripslashes($var);
$var=htmlentities($var);
$var=strip_tags($var);
$var=mysqli_real_escape_string($dbc, $var);
$var=trim($var);
return $var;