<?php

if (isset($_POST['lieu']) && isset($_POST['dep']) && isset($_POST['description']) && isset($_POST['precepteur'])) {

if ($db = @mysqli_connect('localhost', 'moi', 'password')) {

require_once 'stripFormSlashes.inc.php';

mysqli_select_db($db, 'possessions');

$stmt = mysqli_prepare($db, 'INSERT INTO commanderies (lieu, dep, description, precepteur) VALUES (?, ?, ?, ?)');



$lieu = mysqli_real_escape_string($db, $_POST['lieu']);

$dep = mysqli_real_escape_string($db, $_POST['dep']);

$description = nl2br(mysqli_real_escape_string($db, $_POST['description']));

$precepteur = mysqli_real_escape_string($db, $_POST['precepteur']);

mysqli_stmt_bind_param($stmt, 'ssss', $lieu, $dep, $description, $precepteur);

if (mysqli_stmt_execute($stmt)) {

echo 'Commanderie sauv&eacute;e.';

} else {

echo 'Erreur d\'écriture dans la table commanderies.<br />';

}

mysqli_close($db);

} else {

echo 'Erreur de la connection.';

}

}

?>

<?php

if ($db = mysqli_connect('localhost', 'moi', 'password')) {

mysqli_select_db($db, 'possessions');

$result = mysqli_query($db, 'SELECT lieu, dep, description, precepteur  FROM commanderies');

while ($row = mysqli_fetch_object($result)) {



echo '<p class="cadre">';

printf(

'<b class="style">%s &nbsp; (%s)</b><br />%s<br /><br />Precpteur (s) : <span class="precepteur">%s</span><br />',

//$news = nl2br($news);

htmlspecialchars($row->lieu),

htmlspecialchars($row->dep),

nl2br(htmlspecialchars_decode($row->description)),

htmlspecialchars($row->precepteur)

);

echo '</p>';

}

mysqli_close($db);

} else {

echo '<tr><td colspan="4">Connection failed.</td></tr>';

}

?>