I need help in something.
On the site where I'm working I have the option to search users, but when we search users we can see every user no matter the frontoffice and I need help for each user see only users that belong to the same frontoffice. I tried the following code:
if ($row->idFrontOfficeSinalizador == $idFrontOfficeSinalizador)
Where the $row->idFrontOfficeSinalizador is the users frontoffice id and the $idFrontOfficeSinalizador is my frontoffice id
This is all the code that I have
include('importarBibliotecas.php');
if (!isset($_SESSION['id']) || $_SESSION['idTiposDePermissoes'] == 3 )
echo "<script>window.location='index.php'</script>";
?>
<script src='scriptFormUtentes.js'></script>
<script>
function makeDivVisible(){
document.getElementById('encaminharUtentes').style.display='block';
}
function makeDivInvisible(){
document.getElementById('encaminharUtentes').style.display='none';
}
function makeDivEdInvisible(){
document.getElementById('editarEncaminharUtentes').style.display='none';
}
</script>
<?php
include('menu.php');
include('gerirUtentesFormEditarUtente.php');
include('gerirUtentesFormEditarEncaminhamento.php');
include('gerirUtentesPOSTEditarUtente.php');
if (isset($_POST['NIFS']) || isset($_GET['n'])){ //pesquisar utentes por NIF
include_once('DataAccess.php');
$da = new DataAccess();
if (isset($_POST['NIFS'])){
$nif = $_POST['NIFS'];
$nome = $_POST['Nome'];
$idFrontOfficeSinalizador = $_POST['frontoffice'];
$emailTecnico = $_POST['email'];
$interesseProfissional = $_POST['interesseProfissional'];
$escolaridade = $_POST['Escolaridade'];
$situacaoEmprego = $_POST['situacaoEmprego'];
$estado = $_POST['estado'];
$res = $da->getUtentes($nif, $nome, $idFrontOfficeSinalizador, $emailTecnico, $interesseProfissional, $escolaridade, $situacaoEmprego, $estado);
//PU = Pesquisa de Utentes
$_SESSION['PU_nif'] = $nif;
$_SESSION['PU_nome'] = $nome;
$_SESSION['PU_idFrontOfficeSinalizador'] = $idFrontOfficeSinalizador;
$_SESSION['PU_emailTecnico'] = $emailTecnico;
$_SESSION['PU_interesseProfissional'] = $interesseProfissional;
$_SESSION['PU_escolaridade'] = $escolaridade;
$_SESSION['PU_situacaoEmprego'] = $situacaoEmprego;
$_SESSION['PU_estado'] = $estado;
$numPaginas = mysql_num_rows($res)/15;
$numPaginas = ceil ($numPaginas);
$_SESSION['PU_numPaginas'] = $numPaginas;
$pagAtual = $_GET['pg'];
$res = $da->getUtentesPorPagina($nif, $nome, $idFrontOfficeSinalizador, $emailTecnico, $interesseProfissional, $escolaridade, $situacaoEmprego, $estado, $pagAtual);
//echo "<script>alert('".mysql_num_rows($res)." $numPaginas')</script>";
}else{
$nif = $_GET['n'];
$res = $da->getUtenteNIF($nif);
}
}else{
if (isset($_GET['pg'])){
$nif = $_SESSION['PU_nif'];
$_POST['NIF'] = $nif;
$nome = $_SESSION['PU_nome'];
$_POST['Nome'] = $nome;
$idFrontOfficeSinalizador = $_SESSION['PU_idFrontOfficeSinalizador'];
$_POST['frontoffice'] = $idFrontOfficeSinalizador;
$emailTecnico = $_SESSION['PU_emailTecnico'];
$_POST['email'] = $emailTecnico;
$interesseProfissional = $_SESSION['PU_interesseProfissional'];
$_POST['interesseProfissional'] = $interesseProfissional;
$escolaridade = $_SESSION['PU_escolaridade'];
$_POST['Escolaridade'] = $escolaridade;
$situacaoEmprego = $_SESSION['PU_situacaoEmprego'];
$_POST['situacaoEmprego'] = $situacaoEmprego;
$estado = $_SESSION['PU_estado'];
$_POST['estado'] = $estado;
$res = $da->getUtentesPorPagina($nif, $nome, $idFrontOfficeSinalizador, $emailTecnico, $interesseProfissional,
$escolaridade, $situacaoEmprego, $estado, $_GET['pg']);
if ( mysql_num_rows($res) == 0){ //se a página não devolver resultados, mostra a primeira página
echo "<script>window.location='gerirUtentes.php?pg=1'</script>";
}
}
//pesquisar utente depois de clicar em Encaminhar
if (isset($_GET['f'])){
include_once('DataAccess.php');
$da = new DataAccess();
$res = $da->getUtente($_GET['f']);
}
//inserir encaminhamento
if (isset($_POST['buttonInserirEncaminhamentoUtente'])){
$idUtente = $_POST['idUtente'];
$idTecnico = $_POST['idTecnico'];
$data = $_POST['data'];
$texto = $_POST['observacoes'];
include_once('DataAccess.php');
$da = new DataAccess();
$da->inserirEncaminhamento($data, $texto, $idTecnico, $idUtente);
echo "<script>alert('Diligência inserida com sucesso')</script>";
}else{
//editar encaminhamento
if (isset($_POST['buttonEditarEncaminhamento'])){
$id = $_POST['id'];
$idUtente = $_POST['edit_idUtente'];
$idTecnico = $_POST['edit_idTecnico'];
$data = $_POST['edit_data'];
$texto = $_POST['edit_observacoes'];
include_once('DataAccess.php');
$da = new DataAccess();
$da->editarEncaminhamento($id, $data, $texto, $idTecnico, $idUtente);
echo "<script>alert('Diligência editada com sucesso')</script>";
}
}
}
include('gerirUtentesFormPesquisa.php');
if (isset($_POST['NIFS']) || isset($_GET['f']) || isset($_GET['n'])){
echo "<div class='ink-grid'>
<table style='width:100%' class='ink-table'>
<thead>
<tr>
<th style='width:25%' align='left'>Nome</th>
<th style='width:15%' align='left'>Pedido Inicial</th>
<th style='width:10%' align='left'>Situação</th>
<th style='width:15%' align='left'>Habilitações</th>
<th style='width:20%' align='left'>Interesse Profissional</th>
<th style='width:10%' align='left'>FrontOffice</th>
<th style='width:15%'></th>
</tr>
</thead>
<tbody>";
$numPaginas = $_SESSION['PU_numPaginas'];
if ($numPaginas > 1){
$next = $_GET['pg'] + 1;
if ($next == $numPaginas)
$next = 1;
if ($_GET['pg'] == 1)
$before = $numPaginas;
else
$before = $_GET['pg']-1;
echo "<tr>
<td><a href='gerirUtentes.php?pg=$before' class='button'>Pág. Anterior</a></td>
<td colspan='4'> </td>
<td align='right'><a href='gerirUtentes.php?pg=$next' class='button'>Pág. Seguinte</a></td>
</tr>";
}
while($row = mysql_fetch_object($res)){
if ($row->interesseProfissional1 != -1)
$nomeIP = $da->getInteresseProfissional($row->interesseProfissional1);
else
$nomeIP = "---";
if ($row->idFrontOfficeSinalizador != -1)
$nomeFO = $da->getFrontOfficeName($row->idFrontOfficeSinalizador);
else
$nomeFO = "---";
if ($row->idHabilitacoes != -1)
$Habilitacao = $da->getHabilitacao($row->idHabilitacoes);
else
$Habilitacao = "---";
$situacaoProfissional="";
switch ($row->empregado){
case 1: $situacaoProfissional = "Empregado";
break;
case 0: $situacaoProfissional = "Desempregado";
break;
}
if ($row->Estudante == 1){
if ($situacaoProfissional != "") $situacaoProfissional .= ", ";
$situacaoProfissional .= "Estudante";
}
if ($row->outraSituacao == 1){
if ($situacaoProfissional != "") $situacaoProfissional .= ", ";
$situacaoProfissional .= "Outra Situação";
}
if($situacaoProfissional == "") $situacaoProfissional="---";
$pedidoInicial = "";
if($row->pedidoInicialEmprego == 1)
$pedidoInicial = "Emprego";
if($row->pedidoInicialFormacao == 1){
if ($pedidoInicial != "")
$pedidoInicial .= ", Formação";
else
$pedidoInicial = "Formação";
}
if($row->pedidoInicialOutra == 1){
if ($pedidoInicial != "")
$pedidoInicial .= ", Outra";
else
$pedidoInicial = "Outra";
}
echo "<tr>
<td>
<a href='gerirUtentes.php?i=$row->a&f=$row->a' title='Detalhes do utente'><img src='img/info.png' style='width:25px'/>
<font color='black'>$row->nome</font>
</a>
</td>
<td>$pedidoInicial</td>
<td>$situacaoProfissional</td>
<td>$Habilitacao</td>
<td>$nomeIP</td>
<td>$nomeFO</td>
<td align='right'>
";
if ($row->Email != "")
echo "<a href='enviarEmail.php?i=$row->id' target='_blank'><img title='Enviar E-mail para utente' src='img/mail.png' style='width:20px'/></a> ";
$numEncaminhamentos = $da->getNumEncaminhamentos($row->a);
if ($numEncaminhamentos >0)
echo "<a href='gerirUtentes.php?f=$row->a' style='text-decoration: none;'>
<img title='Diligências efetuadas' src='img/forward.png' style='width:20px'/>
<font size='1'>$numEncaminhamentos</font>
</a>";
else
echo "<a href='gerirUtentes.php?f=$row->a'>
<img title='Diligências efetuadas' src='img/forward.png' style='width:20px'/>
</a>
<br/>";
if ($row->CV != "")
echo "<a href='CVs/$row->CV' target='_blank'><img title='Download do CV' src='img/cv.png' style='width:20px'/></a> ";
//download informações para pdf
echo "<a href='PDF.php?i=$row->a' target='_blank'>
<img title='Download das informações pessoais' src='img/pdf.png' style='width:24px'/>
</a>";
echo "
<a href='gerirUtentes.php?d=$row->a' onclick='return confirmarApagarUtente()'><img title='Apagar utente' src='img/delete3.png' style='width:20px'/></a>
</td>
</tr>";
}
if ($numPaginas > 1){
echo "<tr>
<td><a href='gerirUtentes.php?pg=$before' class='button'>Pág. Anterior</a></td>
<td colspan='4'> </td>
<td align='right'><a href='gerirUtentes.php?pg=$next' class='button'>Pág. Seguinte</a></td>
</tr>";
}
echo "</tbody>
</table>
</div>";
}
if (isset($_GET['d'])) {
include_once('DataAccess.php');
$da = new DataAccess();
$da -> deleteUtente($_GET['d']);
echo"
<script>alert('Utente eliminado com sucesso.');</script>";
}
include('gerirUtentesResultadosEncaminhamento.php');
if(isset($_GET['i'])){
include_once('DataAccess.php');
$da = new DataAccess();
$res = $da->getUtente($_GET['i']);
//ver campos do utente!!
verFormEditarUtente();
}
include('footer.php');
?>
</body>
</html>
DataAcces ->
function getUtentes($nif, $nome, $idFrontOfficeSinalizador, $emailTecnico, $interesseProfissional, $Escolaridade, $situacaoEmprego,$estado){
$this->connect();
$idTecnico = -1;
if ($emailTecnico != "")
{
$query = "select id from tecnicos where email = '$emailTecnico'";
$res = $this->execute($query);
if (mysql_num_rows($res)>0){
$row = mysql_fetch_array($res);
$idTecnico = $row[0];
}
}
$query = "select *, U.id as a from utentes U where estado=$estado ";
if ($nome != "")
$query .= " and nome like '%$nome%' ";
if ($idFrontOfficeSinalizador != "" && $idFrontOfficeSinalizador != "-1")
$query .= " and idFrontOfficeSinalizador = $idFrontOfficeSinalizador ";
if ($nif != "")
$query .= " and NIF = $nif ";
if ($interesseProfissional != -1 && $interesseProfissional != "")
$query .= " and (interesseProfissional1 = $interesseProfissional or interesseProfissional2 = $interesseProfissional or interesseProfissional3 = $interesseProfissional) ";
if ($Escolaridade != -1 && $Escolaridade != "")
$query .= " and idHabilitacoes = $Escolaridade ";
switch ($situacaoEmprego)
{
case 1:
$query .= " and empregado = 1";
break;
case 2:
$query .= " and empregado = 0";
break;
case 3:
$query .= " and Estudante = 1";
break;
case 4:
$query .= " and outraSituacao = 1";
break;
default:
break;
}
if ($idTecnico != -1)
$query .= " and idTecnico = $idTecnico ";
$query .= " order by U.nome asc ";
//echo $query;
$res = $this->execute($query);
$this->disconnect();
return $res;
}
function getUtentesPorPagina($nif, $nome, $idFrontOfficeSinalizador, $emailTecnico, $interesseProfissional, $Escolaridade,
$situacaoEmprego,$estado, $pagina){
$this->connect();
$idTecnico = -1;
if ($emailTecnico != "")
{
$query = "select id from tecnicos where email = '$emailTecnico'";
$res = $this->execute($query);
if (mysql_num_rows($res)>0){
$row = mysql_fetch_array($res);
$idTecnico = $row[0];
}
}
$query = "select *, U.id as a from utentes U where estado=$estado ";
if ($nome != "")
$query .= " and nome like '%$nome%' ";
if ($idFrontOfficeSinalizador != "" && $idFrontOfficeSinalizador != "-1")
$query .= " and idFrontOfficeSinalizador = $idFrontOfficeSinalizador ";
if ($nif != "")
$query .= " and NIF = $nif ";
if ($interesseProfissional != -1 && $interesseProfissional != "")
$query .= " and (interesseProfissional1 = $interesseProfissional or interesseProfissional2 = $interesseProfissional or interesseProfissional3 = $interesseProfissional) ";
if ($Escolaridade != -1 && $Escolaridade != "")
$query .= " and idHabilitacoes = $Escolaridade ";
switch ($situacaoEmprego)
{
case 1:
$query .= " and empregado = 1";
break;
case 2:
$query .= " and empregado = 0";
break;
case 3:
$query .= " and Estudante = 1";
break;
case 4:
$query .= " and outraSituacao = 1";
break;
default:
break;
}
if ($idTecnico != -1)
$query .= " and idTecnico = $idTecnico ";
$query .= " order by U.nome asc ";
$queryAux = $query;
$pagina = ($pagina-1) * 15;
$query .= " limit $pagina, 15 ";
$res = $this->execute($query);
/*
if ( mysql_num_rows($res) == 0){ //se a página não devolver resultados, mostra a primeira página
$pagina = 0;
$queryAux .= " limit $pagina, 15 ";
$res = $this->execute($queryAux);
}*/
$this->disconnect();
return $res;
}
function getUtenteNIF($nif){
$query = "select *, U.id as a from utentes U
where U.NIF = $nif";
$this->connect();
$res = $this->execute($query);
$this->disconnect();
return $res;
}
Whatever your query is, add a new condition to it for that in WHERE clause
AND idFrontOfficeSinalizador = 4 // use correct variable here
Related
I need help, I am total Newbie in php. I buy code and it is not generating the report which I need. I have a peace of code with missing user Id in report. I could have wrote something but it will due to lack of my knowledge last forever... I really appreciate your help.
There are few kind of ID in code... USER ID, PACKET PALNS ID, ADS ID, PAYMENT ID... in final report depending on what user choose, system generate bugged report with a) POINTS PLAN ID b) ADS ID and send to mail C) PAYMENT ID....I need to change the code that in all of these 3 kinds of reports have one more id - USER ID
<?php
/**
* You should have received a copy of the GNU General Public License
* along with DJ Classifieds. If not, see <http://www.gnu.org/licenses/>.
*
*/
defined('_JEXEC') or die('Restricted access');
jimport('joomla.event.plugin');
if(!defined("DS")){ define('DS',DIRECTORY_SEPARATOR);}
$lang = JFactory::getLanguage();
$lang->load('plg_djclassifiedspayment_djcfBankTransfer',JPATH_ADMINISTRATOR);
require_once(JPATH_BASE.DS.'administrator'.DS.'components'.DS.'com_djclassifieds'.DS.'lib'.DS.'djnotify.php');
class plgdjclassifiedspaymentdjcfBankTransfer extends JPlugin
{
function plgdjclassifiedspaymentdjcfBankTransfer( &$subject, $config)
{
parent::__construct($subject, $config);
$this->loadLanguage('plg_djcfBankTransfer');
$params["plugin_name"] = "djcfBankTransfer";
$params["icon"] = "banktransfer_icon.jpg";
$params["logo"] = "banktransfer_overview.jpg";
$params["description"] = JText::_("PLG_DJCFBANKTRANSFER_PAYMENT_METHOD_DESC");
$params["payment_method"] = JText::_("PLG_DJCFBANKTRANSFER_PAYMENT_METHOD_NAME");
$params["pay_info"] = $this->params->get("pay_info");
$this->params = $params;
}
function onPaymentMethodList($val)
{
if($val["direct_payment"]){
return null;
}
$type='';
if($val['type']){
$type='&type='.$val['type'];
}
$html ='';
$user = JFactory::getUser();
if($this->params["pay_info"]!=''){
$paymentLogoPath = JURI::root()."plugins/djclassifiedspayment/".$this->params["plugin_name"]."/".$this->params["plugin_name"]."/images/".$this->params["logo"];
//$form_action = JRoute :: _("index.php?option=com_djclassifieds&task=processPayment&ptype=".$this->params["plugin_name"]."&pactiontype=process&id=".$val["id"].$type, false);
$form_action = JURI::root()."index.php?option=com_djclassifieds&task=processPayment&ptype=".$this->params["plugin_name"]."&pactiontype=process&id=".$val["id"].$type;
$html ='<table cellpadding="5" cellspacing="0" width="100%" border="0">
<tr>';
if($this->params["logo"] != ""){
$html .='<td class="td1" width="160" align="center">
<img src="'.$paymentLogoPath.'" title="'.$this->params["payment_method"].'"/>
</td>';
}
$html .='<td class="td2">
<h2>'. $this->params["payment_method"].'</h2>
<p style="text-align:justify;">'.$this->params["description"].'</p>
</td>
<td class="td3" width="130" align="center">
<a class="button" style="text-decoration:none;" href="'.$form_action.'">'.JText::_('COM_DJCLASSIFIEDS_BUY_NOW').'</a>
</td>
</tr>
</table>';
}
return $html;
}
function onProcessPayment()
{
$ptype = JRequest::getVar('ptype','');
$id = JRequest::getInt('id','0');
$html="";
if($ptype == $this->params["plugin_name"])
{
$action = JRequest::getVar('pactiontype','');
switch ($action)
{
case "process" :
$html = $this->process($id);
break;
case "notify" :
$html = $this->_notify_url();
break;
case "paymentmessage" :
$html = $this->_paymentsuccess();
break;
default :
$html = $this->process($id);
break;
}
}
return $html;
}
function process($id)
{
$db = JFactory::getDBO();
$app = JFactory::getApplication();
$Itemid = JRequest::getInt("Itemid",'0');
$par = JComponentHelper::getParams( 'com_djclassifieds' );
$user = JFactory::getUser();
$config = JFactory::getConfig();
$ptype = JRequest::getVar('ptype');
$type = JRequest::getVar('type','');
$row = JTable::getInstance('Payments', 'DJClassifiedsTable');
if($type=='prom_top'){
$query ="SELECT i.* FROM #__djcf_items i "
."WHERE i.id=".$id." LIMIT 1";
$db->setQuery($query);
$item = $db->loadObject();
if(!isset($item)){
$message = JText::_('COM_DJCLASSIFIEDS_WRONG_AD');
$redirect="index.php?option=com_djclassifieds&view=items&cid=0";
}
$row->item_id = $id;
$row->user_id = $user->id;
$row->method = $ptype;
$row->status = 'Start';
$row->ip_address = $_SERVER['REMOTE_ADDR'];
$row->price = $par->get('promotion_move_top_price',0);
$row->type=2;
$row->store();
$amount = $par->get('promotion_move_top_price',0);
$itemname = $item->name;
$item_id = $row->id;
$item_cid = '&cid='.$item->cat_id;
}else if($type=='points'){
$query ="SELECT p.* FROM #__djcf_points p "
."WHERE p.id=".$id." LIMIT 1";
$db->setQuery($query);
$points = $db->loadObject();
if(!isset($item)){
$message = JText::_('COM_DJCLASSIFIEDS_WRONG_POINTS_PACKAGE');
$redirect="index.php?option=com_djclassifieds&view=items&cid=0";
}
$row->item_id = $id;
$row->user_id = $user->id;
$row->method = $ptype;
$row->status = 'Start';
$row->ip_address = $_SERVER['REMOTE_ADDR'];
$row->price = $points->price;
$row->type=1;
$row->store();
$amount = $points->price;
$itemname = $points->name;
$item_id = $row->id;
$item_cid = '';
}else if($type=='plan'){
$query ="SELECT p.* FROM #__djcf_plans p "
."WHERE p.id=".$id." LIMIT 1";
$db->setQuery($query);
$plan = $db->loadObject();
if(!isset($plan)){
$message = JText::_('COM_DJCLASSIFIEDS_SUBSCRIPTION_PLAN');
$redirect="index.php?option=com_djclassifieds&view=plans";
}
$row->item_id = $id;
$row->user_id = $user->id;
$row->method = $ptype;
$row->status = 'Start';
$row->ip_address = $_SERVER['REMOTE_ADDR'];
$row->price = $plan->price;
$row->type=3;
$row->store();
$amount = $plan->price;
$itemname = $plan->name;
$item_id = $row->id;
$item_cid = '';
}else{
$query ="SELECT i.*, c.price as c_price, c.alias as c_alias FROM #__djcf_items i "
."LEFT JOIN #__djcf_categories c ON c.id=i.cat_id "
."WHERE i.id=".$id." LIMIT 1";
$db->setQuery($query);
$item = $db->loadObject();
if(!isset($item)){
$message = JText::_('COM_DJCLASSIFIEDS_WRONG_AD');
$redirect="index.php?option=com_djclassifieds&view=items&cid=0";
}
$amount = 0;
if(strstr($item->pay_type, 'cat')){
$amount += $item->c_price/100;
}
if(strstr($item->pay_type, 'type,')){
$itype = DJClassifiedsPayment::getTypePrice($item->user_id,$item->type_id);
$amount += $itype->price;
}
$query = "SELECT * FROM #__djcf_days d "
."WHERE d.days=".$item->exp_days." LIMIT 1";
$db->setQuery($query);
$day = $db->loadObject();
if(strstr($item->pay_type, 'duration_renew')){
$amount += $day->price_renew;
}else if(strstr($item->pay_type, 'duration')){
$amount += $day->price;
}
if(strstr($item->pay_type, 'extra_img_renew')){
if($day->img_price_default){
$amount += $par->get('img_price_renew','0')*$item->extra_images_to_pay;
}else{
$amount += $day->img_price_renew*$item->extra_images_to_pay;
}
}else if(strstr($item->pay_type, 'extra_img')){
if($day->img_price_default){
$amount += $par->get('img_price','0')*$item->extra_images_to_pay;
}else{
$amount += $day->img_price*$item->extra_images_to_pay;
}
}
if(strstr($item->pay_type, 'extra_chars_renew')){
if($day->char_price_default){
$amount += $par->get('desc_char_price_renew','0')*$item->extra_chars_to_pay;
}else{
$amount += $day->char_price_renew*$item->extra_chars_to_pay;
}
}else if(strstr($item->pay_type, 'extra_chars')){
if($day->char_price_default){
$amount += $par->get('desc_char_price','0')*$item->extra_chars_to_pay;
}else{
$amount += $day->char_price*$item->extra_chars_to_pay;
}
}
$query = "SELECT p.* FROM #__djcf_promotions p "
."WHERE p.published=1 ORDER BY p.id ";
$db->setQuery($query);
$promotions=$db->loadObjectList();
foreach($promotions as $prom){
if(strstr($item->pay_type, $prom->name)){
$amount += $prom->price;
}
}
/*$query = 'DELETE FROM #__djcf_payments WHERE item_id= "'.$id.'" ';
$db->setQuery($query);
$db->query();
$query = 'INSERT INTO #__djcf_payments ( item_id,user_id,method, status)' .
' VALUES ( "'.$id.'" ,"'.$user->id.'","'.$ptype.'" ,"Start" )'
;
$db->setQuery($query);
$db->query();*/
$row->item_id = $id;
$row->user_id = $user->id;
$row->method = $ptype;
$row->status = 'Start';
$row->ip_address = $_SERVER['REMOTE_ADDR'];
$row->price = $amount;
$row->type=0;
$row->store();
$itemname = $item->name;
$item_id = $row->id;
$item_cid = '&cid='.$item->cat_id;
$item_slug = $item->id.':'.$item->alias;
$cat_slug = $item->cat_id.':'.$item->c_alias;
}
/*
$query ="SELECT i.*, c.price as c_price, c.alias as c_alias FROM #__djcf_items i "
."LEFT JOIN #__djcf_categories c ON c.id=i.cat_id "
."WHERE i.id=".$id." LIMIT 1";
$db->setQuery($query);
$item = $db->loadObject();
if(!isset($item)){
$message = JText::_('COM_DJCLASSIFIEDS_WRONG_AD');
$redirect="index.php?option=com_djclassifieds&view=items&cid=0";
}
$query = 'DELETE FROM #__djcf_payments WHERE item_id= "'.$id.'" ';
$db->setQuery($query);
$db->query();
$query = 'INSERT INTO #__djcf_payments ( item_id,user_id,method, status)' .
' VALUES ( "'.$id.'" ,"'.$user->id.'","'.$ptype.'" ,"Start" )'
;
$db->setQuery($query);
$db->query();
$amount = 0;
if(strstr($item->pay_type, 'cat')){
$amount += $item->c_price/100;
}
if(strstr($item->pay_type, 'duration_renew')){
$query = "SELECT d.price_renew FROM #__djcf_days d "
."WHERE d.days=".$item->exp_days;
$db->setQuery($query);
$amount += $db->loadResult();
}else if(strstr($item->pay_type, 'duration')){
$query = "SELECT d.price FROM #__djcf_days d "
."WHERE d.days=".$item->exp_days;
$db->setQuery($query);
$amount += $db->loadResult();
}
$query = "SELECT p.* FROM #__djcf_promotions p "
."WHERE p.published=1 ORDER BY p.id ";
$db->setQuery($query);
$promotions=$db->loadObjectList();
foreach($promotions as $prom){
if(strstr($item->pay_type, $prom->name)){
$amount += $prom->price;
}
}
*/
if($user->id){
/*$mailto = $user->email;
$mailfrom = $app->getCfg( 'mailfrom' );
$fromname=$config->get('config.sitename').' - '.str_ireplace('administrator/', '', JURI::base());
$subject = JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_INFRORMATIONS').' '.$config->get('config.sitename');
$m_message = JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_INFRORMATIONS').' '.$config->get('config.sitename')."<br /><br />";
if($type=='points'){
$m_message .= JText::_('PLG_DJCFBANKTRANSFER_POINTS_PACKAGE').': '.$itemname."<br /><br />";
}else{
$m_message .= JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_AD_NAME').': '.$itemname."<br /><br />";
}
$m_message .= JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_PRICE_TO_PAY').': '.$amount.' '.$par->get('unit_price','')."<br /><br />";
$m_message .= JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_PAY_INFORMATION').': <br /><br />'.JHTML::_('content.prepare',nl2br($this->params["pay_info"]))."<br /><br />";
if($type==''){
$u = JURI::getInstance( JURI::base() );
$link= $u->getHost().JRoute::_(DJClassifiedsSEO::getItemRoute($item_slug,$cat_slug));
$m_message .=JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_AD_LINK').': '.$link.'<br /><br />';
$m_message .=JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_AD_ID').': '.$id.'<br /><br />';
}
$m_message .=JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_ID').': '.$item_id;
$mailer = JFactory::getMailer();
$mailer->sendMail($mailfrom, $fromname, $mailto, $subject, $m_message,$mode=1);*/
$payment_info = array();
$payment_info['id'] = $item_id;
$payment_info['itemname'] = $itemname;
$payment_info['amount'] = DJClassifiedsTheme::priceFormat($amount,$par->get('unit_price',''));
$payment_info['info'] = $this->params["pay_info"];
DJClassifiedsNotify::notifyUserPayment($type,$id,$payment_info);
}
echo '<div id="dj-classifieds" class="clearfix">';
echo '<table width="98%" cellspacing="0" cellpadding="0" border="0" class="paymentdetails first">';
echo '<tr><td class="td_title"><h2>'.$this->params["payment_method"].'</h2></td></tr>';
echo '<tr><td class="td_pdetails">';
echo '<div class="pd_row">';
if($type=='points'){
echo '<span class="djcfpay_label">'.JText::_('PLG_DJCFBANKTRANSFER_POINTS_PACKAGE').':</span>';
}else{
echo '<span class="djcfpay_label">'.JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_AD_NAME').':</span>';
}
echo '<span class="djcfpay_value">'.$itemname.'</span>';
echo '</div>';
echo '<div class="pd_row">';
echo '<span class="djcfpay_label">'.JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_PRICE_TO_PAY').':</span>';
echo '<span class="djcfpay_value">'.$amount.' '.$par->get('unit_price','').'</span>';
echo '</div>';
echo '<div class="pd_row">';
if($type=='points'){
echo '<span class="djcfpay_label">'.JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_POINTS_ID').':</span>';
}else{
echo '<span class="djcfpay_label">'.JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_AD_ID').':</span>';
}
echo '<span class="djcfpay_value">'.$id.'</span>';
echo '</div>';
echo '<div class="pd_row">';
echo '<span class="djcfpay_label">'.JText::_('PLG_DJCFBANKTRANSFER_PAYMENT_PAY_INFORMATION').': </span><br /><br />';
echo '<span class="djcfpay_value">'.JHTML::_('content.prepare',nl2br($this->params["pay_info"])).'</span>';
echo '</div>';
echo '</td></tr>';
echo '</table>';
echo '</div>';
}
}
?>
I'm trying to select and display some info about a record from my database.
After selecting the user/name/record and pressing Afiseaza (submit), the page remains the same, like not refreshing.
I can't find the problem. Here is my code:
<?php
include 'ch20_include.php';
doDB();
if('!_POST') {
//Arata
$display_block = "<h1>Alege un Elev</h1>";
//Primeste partile
$get_list_sql = "SELECT id,CONCAT_WS(', ', nume,p_nume) AS display_name FROM nume_principal ORDER BY p_nume,nume";
$get_list_res = mysqli_query($mysqli,$get_list_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rowS($get_list_res) < 1) {
//Nici un elev
$display_block .= "<p><em>Scuze,nu a fost selectat nici un Elev!</em></p>";
} else {
//Afiseaza
$display_block .= "
<form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"/>
<p><label for=\"sel_id\">Alege un Elev:</label><br/>
<select id='sel_id\' name=\"sel_id\" required=\"required\">
<option value=\"\">--Alege--</option>";
while ($recs = mysqli_fetch_array($get_list_res)) {
$id = $recs['id'];
$display_name = stripslashes($recs['display_name']);
$display_block .= "<option value=\"".$id."\">".$display_name."</option>";
}
$display_block .= " </select> <button type=\"submit\" name=\"submit\" value=\"view\">Afiseaza\"></button>
</form> ";
}
//rezultate
mysqli_free_result($get_list_res);
} else if($_POST) {
//Verifica field
if ($_POST['sel_id'] == "") {
header("Location: seldata.php");
exit;
}
//Versiune sigura ID
$safe_id = mysqli_real_escape_string($mysqli, $_POST['sel_id']);
$get_nume_sql = "SELECT concat_ws(' ',p_nume,nume) as display_name FROM nume_principal WHERE id = '".$safe_id."'";
$get_nume_res = mysqli_query($mysqli, $get_nume_sql) or die(mysqli_error($mysqli));
while ($nmae_info = mysqli_fetch_array($get_nume_res)) {
$display_name = stripslashes($name_info['display_name']);
}
$display_block = "<h1>Arata Informatile pentru ".$display_name."</h1>";
mysqli_free_result($get_nume_res);
//Adresa
$get_adresele_sql = "SELECT adresa,oras,judet,cod_postal FROM adress WHERE nume_id = '".$safe_id."'";
$get_adresele_res = mysqli_query($mysqli, $get_adresele_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_adresele_res) > 0) {
$display_block .= "<p><strong>Adresa:</strong><br/><ul>";
while ($add_info = mysqli_fetch_array($get_adresele_Res)) {
$adresa = stripslashes($add_info['adresa']);
$oras = stripslashes($add_info['oras']);
$judet = stripslashes($add_info['oras']);
$cod_postal = stripslashes($add_info['cod_postal']);
$display_block .= "<li>$adresa,$oras,$judet,$cod_postal</li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_adresele_res);
//telefon
$get_tel_sql = "SELECT tel_numar,type FROM telefon WHERE nume_id = '".$safe_id."'";
$get_tel_res = mysqli_query($mysqli, $get_tel_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_tek_res) > 0) {
$display_block .= "<p><strong>Telefon:</stron><br/> <ul>";
while ($tel_info = mysqli_fetch_array($get_tel_res)) {
$tel_numar = stripslashes($tel_info['tel_numar']);
$tel_type = $tel_info['type'];
}
$display_block .= "</ul>";
}
mysqli_free_result($get_tel_res);
//Adresele toate
$get_biologie_sql = "SELECT notab_1, notab_2, notab_3, notab_4, notab_5, medieb FROM biologie WHERE nume_id = '".$safe_id."'";
$get_biologie_res = mysqli_query($mysqli, $get_biologie_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_biologie_res) > 0 ) {
$display_block .= "<p><strong>Note-Biologie:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_biologie_res)) {
$notab_1 = stripslashes($add_info['notab_1']);
$notab_2 = stripslashes($add_info['notab_2']);
$notab_3 = stripslashes($add_info['notab_3']);
$notab_4 = stripslashes($add_info['notab_4']);
$notab_5 = stripslashes($add_info['notab_5']);
$medieb = stripslashes($add_info['medieb']);
$display_block .= "<li>$notab_1 $notab_2 $notab_3 $notab_4 $notab_5 $medieb </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_biologie_res);
$get_chimie_sql = "SELECT notac_1, notac_2, notac_3, notac_4, notac_5, mediec FROM chimie WHERE nume_id = '".$safe_id."'";
$get_chimie_res = mysqli_query($mysqli, $get_chimie_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_chimie_res) > 0 ) {
$display_block .= "<p><strong>Note-Chimie:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_chimie_res)) {
$notac_1 = stripslashes($add_info['notac_1']);
$notac_2 = stripslashes($add_info['notac_2']);
$notac_3 = stripslashes($add_info['notac_3']);
$notac_4 = stripslashes($add_info['notac_4']);
$notac_5 = stripslashes($add_info['notac_5']);
$mediec = stripslashes($add_info['mediec']);
$display_block .= "<li>$notac_1 $notac_2 $notac_3 $notac_4 $notac_5 $mediec </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_chimie_res);
$get_fizica_sql = "SELECT notaf_1, notaf_2, notaf_3, notaf_4, notaf_5, medief FROM fizica WHERE nume_id = '".$safe_id."'";
$get_fizica_res = mysqli_query($mysqli, $get_fizica_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_fizica_res) > 0 ) {
$display_block .= "<p><strong>Note-Fizica:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_fizica_res)) {
$notaf_1 = stripslashes($add_info['notaf_1']);
$notaf_2 = stripslashes($add_info['notaf_2']);
$notaf_3 = stripslashes($add_info['notaf_3']);
$notaf_4 = stripslashes($add_info['notaf_4']);
$notaf_5 = stripslashes($add_info['notaf_5']);
$medief = stripslashes($add_info['medief']);
$display_block .= "<li>$notaf_1 $notaf_2 $notaf_3 $notaf_4 $notaf_5 $medief </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_fizica_res);
$get_franceza_sql = "SELECT notafr_1, notafr_2, notafr_3, notafr_4, notafr_5, mediefr FROM franceza WHERE nume_id = '".$safe_id."'";
$get_franceza_res = mysqli_query($mysqli, $get_franceza_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_franceza_res) > 0 ) {
$display_block .= "<p><strong>Note-Franceza:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_franceza_res)) {
$notafr_1 = stripslashes($add_info['notafr_1']);
$notafr_2 = stripslashes($add_info['notafr_2']);
$notafr_3 = stripslashes($add_info['notafr_3']);
$notafr_4 = stripslashes($add_info['notafr_4']);
$notafr_5 = stripslashes($add_info['notafr_5']);
$mediefr = stripslashes($add_info['mediefr']);
$display_block .= "<li>$notafr_1 $notafr_2 $notafr_3 $notafr_4 $notafr_5 $mediefr </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_franceza_res);
$get_germana_sql = "SELECT notag_1, notag_2, notag_3, notag_4, notag_5, medieg FROM germana WHERE nume_id = '".$safe_id."'";
$get_germana_res = mysqli_query($mysqli, $get_germana_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_germana_res) > 0 ) {
$display_block .= "<p><strong>Note-Germana:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_germana_res)) {
$notag_1 = stripslashes($add_info['notag_1']);
$notag_2 = stripslashes($add_info['notag_2']);
$notag_3 = stripslashes($add_info['notag_3']);
$notag_4 = stripslashes($add_info['notag_4']);
$notag_5 = stripslashes($add_info['notag_5']);
$medieg = stripslashes($add_info['medieb']);
$display_block .= "<li>$notag_1 $notag_2 $notag_3 $notag_4 $notag_5 $medieg </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_germana_res);
$get_informatica_sql = "SELECT notai_1, notai_2, notai_3, notai_4, notai_5, mediei FROM informatica WHERE nume_id = '".$safe_id."'";
$get_informatica_res = mysqli_query($mysqli, $get_informatica_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_informatica_res) > 0 ) {
$display_block .= "<p><strong>Note-Informatica:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_informatica_res)) {
$notai_1 = stripslashes($add_info['notai_1']);
$notai_2 = stripslashes($add_info['notai_2']);
$notai_3 = stripslashes($add_info['notai_3']);
$notai_4 = stripslashes($add_info['notai_4']);
$notai_5 = stripslashes($add_info['notai_5']);
$mediei = stripslashes($add_info['mediei']);
$display_block .= "<li>$notai_1 $notai_2 $notai_3 $notai_4 $notai_5 $mediei </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_matematica_res);
$get_matematica_sql = "SELECT notam_1, notam_2, notam_3, notam_4, notam_5, mediem FROM matematica WHERE nume_id = '".$safe_id."'";
$get_matematica_res = mysqli_query($mysqli, $get_matematica_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_matemtica_res) > 0 ) {
$display_block .= "<p><strong>Note-Matematica:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_matematica_res)) {
$notam_1 = stripslashes($add_info['notam_1']);
$notam_2 = stripslashes($add_info['notam_2']);
$notam_3 = stripslashes($add_info['notam_3']);
$notam_4 = stripslashes($add_info['notam_4']);
$notam_5 = stripslashes($add_info['notam_5']);
$mediem = stripslashes($add_info['mediem']);
$display_block .= "<li>$notam_1 $notam_2 $notam_3 $notam_4 $notam_5 $mediem </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_matematica_res);
$get_romana_sql = "SELECT notar_1, notar_2, notar_3, notar_4, notar_5, medier FROM romana WHERE nume_id = '".$safe_id."'";
$get_romana_res = mysqli_query($mysqli, $get_romana_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_romana_res) > 0 ) {
$display_block .= "<p><strong>Note-Romana:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_romana_res)) {
$notar_1 = stripslashes($add_info['notar_1']);
$notar_2 = stripslashes($add_info['notar_2']);
$notar_3 = stripslashes($add_info['notar_3']);
$notar_4 = stripslashes($add_info['notar_4']);
$notar_5 = stripslashes($add_info['notar_5']);
$medier = stripslashes($add_info['medier']);
$display_block .= "<li>$notar_1 $notar_2 $notar_3 $notar_4 $notar_5 $medier </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_romana_res);
$get_religie_sql = "SELECT notare_1, notare_2, notare_3, notare_4, notare_5, mediere FROM religie WHERE nume_id = '".$safe_id."'";
$get_religie_res = mysqli_query($mysqli, $get_religie_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_religie_res) > 0 ) {
$display_block .= "<p><strong>Note-Religie:</strong><br/> <ul>";
while ($add_info = mysqli_fetch_array($get_religie_res)) {
$notare_1 = stripslashes($add_info['notare_1']);
$notare_2 = stripslashes($add_info['notare_2']);
$notare_3 = stripslashes($add_info['notare_3']);
$notare_4 = stripslashes($add_info['notare_4']);
$notare_5 = stripslashes($add_info['notare_5']);
$mediere = stripslashes($add_info['medieb']);
$display_block .= "<li>$notare_1 $notare_2 $notare_3 $notare_4 $notare_5 $mediere </li>";
}
$display_block .= "</ul>";
}
mysqli_free_result($get_religie_res);
//Nota personala
$get_notes_sql = "SELECT note FROM nota_personala WHERE nume_id = '".$safe_id."'";
$get_notes_res = mysqli_query($mysqli, $get_notes_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_notes_res) == 1) {
while ($note_info = mysqli_fetch_array($get_notes_res)) {
$note = n12br(stripslashes($note_info['note']));
}
$display_block .= "<p><strong>Nota personala:</strong><br/> $note</p>";
}
mysqli_free_result($get_notes_res);
$display_block .= "<br/>
<p style=\"text-align:center\">
Alege altul</p>";
}
mysqli_close($mysqli);
?>
<!DOCTYPE html>
<html>
<head>
<title>Elevii</title>
</head>
<body>
<?php echo $display_block; ?>
</body>
</html>
First your code is wrong !_POST can not use like a string because
"if return true for any non zero element"
, So change it
if(!$_POST) or if($_SERVER['REQUEST_METHOD']!='POST')
I have a page with 3 input fields, to search a database. But not all users are going to fill in all fields, so I need a way to make sure the database is checked fine.
Now, I wrote 8 different sql-statements, and with if-statements I check which fields are filled out. This works, but I do feel there must be a better to do this.
ID's in the search form are found in other tables in my database and loaded with jQuery's autocomplete.
Code now used:
<form action="" method="post">
<div class="ui-widget">
<section>
<label for="tags">Trefwoord:</label>
<input name="tags" id="tags"><input type="hidden" name="tags_id" class="tags_id" value="">
</section>
<section>
<label for="categorie">Categorie:</label>
<input name="cats" id="categorie"><input type="hidden" name="cats_id" class="cats_id" value="">
</section>
<section>
<label for="competentie">Competentie:</label>
<input name="com" id="competentie"><input type="hidden" name="com_id" class="com_id" value="">
</section>
<input type="submit" name="submit">
</div>
</form>
<?php
if(isset($_POST['submit'])) {
$trefwoord_id = $_POST['tags_id'];
$categorie_id = $_POST['cats_id'];
$p_trefwoord = $_POST['tags'];
$p_categorie = $_POST['cats'];
$competentie_id = $_POST['com_id'];
$p_comptentie = $_POST['com'];
if($trefwoord_id == null) {$sql = "SELECT * FROM spel_cat LEFT JOIN spel_com ON spel_cat.spelid = spel_com.spelid WHERE '$categorie_id' = catid && '$competentie_id' = comid";}
if($categorie_id == null) {$sql = "SELECT * FROM spel_tw LEFT JOIN spel_com ON spel_tw.spelid = spel_com.spelid WHERE '$trefwoord_id' = twid && '$competentie_id' = comid";}
if($competentie_id == null) {$sql = "SELECT * FROM spel_tw LEFT JOIN spel_cat ON spel_tw.spelid = spel_cat.spelid WHERE '$trefwoord_id' = twid && '$categorie_id' = catid";}
if($trefwoord_id == null && $categorie_id == null) {$sql = "SELECT * FROM spel_com WHERE '$competentie_id' = comid";}
if($trefwoord_id == null && $competentie_id == null) {$sql = "SELECT * FROM spel_cat WHERE '$categorie_id' = catid";}
if($categorie_id == null && $competentie_id == null) {$sql = "SELECT * FROM spel_tw WHERE '$trefwoord_id' = twid";}
if($trefwoord_id == null && $competentie_id == null && $categorie_id == null) {$sql = ""; echo "<b>Gebruik minstens 1 zoekterm</b>";}
if($trefwoord_id != null && $categorie_id != null && $competentie_id != null) {$sql = "SELECT * FROM (spel_tw LEFT JOIN spel_cat ON spel_tw.spelid = spel_cat.spelid) LEFT JOIN spel_com ON spel_cat.spelid = spel_com.spelid WHERE '$trefwoord_id' = twid && '$categorie_id' = catid && '$competentie_id' = comid";
}
if($sql != null) {
$games = mysqli_query($link,$sql) or die(mysql_error());
$num = mysqli_num_rows($games);
// AND SO ON...
WORKING CODE (thanks to OrangeHippo)
<?php
if(isset($_POST['submit'])) {
$trefwoord_id = $_POST['tags_id'];
$categorie_id = $_POST['cats_id'];
$p_trefwoord = $_POST['tags'];
$p_categorie = $_POST['cats'];
$competentie_id = $_POST['com_id'];
$p_comptentie = $_POST['com'];
$from = array();
$where = " 1 = 1 ";
if($trefwoord_id != null) {
$from["str"] = "spel_tw str";
$where .= " AND twid = '$trefwoord_id' ";
}
if($categorie_id != null) {
$from["sca"] = "spel_cat sca";
if (isset($from["str"])) {
$where .= " AND sca.spelid = str.spelid ";
}
$where .= " AND catid = '$categorie_id' ";
}
if($competentie_id != null) {
$from["sco"] = "spel_com sco";
if (isset($from["str"])) {
$where .= " AND sco.spelid = str.spelid ";
}else if (isset($from["sca"])) {
$where .= " AND sco.spelid = sca.spelid ";
}
$where .= " AND comid = '$competentie_id' ";
}
$sql = "SELECT * FROM " . implode(",", $from) . " WHERE $where";
if($trefwoord_id == null && $competentie_id == null && $categorie_id == null) {$sql = ""; echo "<b>Gebruik minstens 1 zoekterm</b>";}
//echo $sql;
if($sql != null) {
$games = mysqli_query($link,$sql) or die(mysql_error());
$num = mysqli_num_rows($games);
//AND SO ON ...
Ideally you would construct the query depending on the values that are passed:
$from = array();
$where = " 1 = 1 ";
if($trefwoord_id != null) {
$from["str"] = "spel_tw str";
$where .= " AND twid = '$trefwoord_id' ";
}
if($categorie_id != null) {
$from["sca"] = "spel_cat sca";
if (isset($from["str"])) {
$where = " AND sca.spelid = str.spelid ";
}
$where .= " AND catid = '$categorie_id' ";
}
if($competentie_id != null) {
$from["sco"] = "spel_com sco";
if (isset($from["str"])) {
$where = " AND sco.spelid = str.spelid ";
}else if (isset($from["sca"])) {
$where = " AND sco.spelid = sca.spelid ";
}
$where .= " AND comid = '$competentie_id' ";
}
$query = "SELECT * FROM " . implode(",", $from) . " WHERE $where";
As you see this way you have a lot less of text, making the code cleaner. If you want to have the code even more clean you can look to use some query builder library like doctrine2 DBAL
I have a simple upload script that has some validation on the form. The idea behind the upload form is to upload 2 images, one a thumbnail and one a larger image. Both need to be the correct dimensions and require an image to be selected in order for the form to validate and successfully upload the images.
However, I have been tasked to remove the first upload part, the thumbnail. We now only need the larger image. Though I'm unsure how to remove the validation part of the process. I have tried to remove the input field from the HTML, but obviously the upload script sees this as not upload the first image and throws an error.
Anyway the files:
Upload.php
<?php
// Edit upload location here
$thumb_destination_path = "../storyslide_thumbs/";
$large_destination_path = "../storyslide_large/";
$type = $_POST['type'];
if (isset($_POST['ID'])) {
$ID = $_POST['ID'];
}
$caption = mysql_real_escape_string($_POST['caption']);
$caption2 = mysql_real_escape_string($_POST['caption2']);
if ($type == "article" || $type == "editarticle") {
$sql="select a.title, a.category, c.title as cattitle, s.section as stitle, c.type from article a, category c, section s WHERE c.catID=a.category AND c.sectionid=s.sectionid AND a.articleID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$stitle = html_entity_decode($stitle);
$stitle = punct_remove($stitle);
$linktitle = html_entity_decode($title);
$linktitle = punct_remove($linktitle);
$cattitle = html_entity_decode($cattitle);
$cattitle = punct_remove($cattitle);
if ($category=='43') {
$link = "/fans/obituaries/$ID-$linktitle..html";
} else {
if ($type=="Blog") {
$ID = "b$ID";
$cattitle = $cattitle . "-" . $category;
} else {
$cattitle = $category . "-" . $cattitle;
}
$link = "/$stitle/$cattitle/$ID-$linktitle.html";
}
} elseif ($type == "player") {
$sql = "SELECT name FROM player WHERE playerID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$name = html_entity_decode($name);
$name = punct_remove($name);
$link = "/players/squad/$ID-$name.html";
} elseif ($type == "match") {
$sql="select r.versus, r.venue, s.year FROM regmatch r, season s WHERE r.matchID='$ID' AND r.season=s.seasonID";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($venue=='Home') {
$teams = "Stanlow V $versus";
$teams2 = "Stanlow_vs_" . str_replace(" ", "_", strtolower($versus));
}
else {
$teams = "$versus V Stanlow";
$teams2 = str_replace(" ", "_", strtolower($versus)) . "_vs_Stanlow";
}
$year = str_replace("/", "-", $year);
$sql="select count(*) as num3 FROM loungeimages WHERE matchID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($_POST['p']=="ao") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/awayteam.html";
} elseif ($_POST['p']=="bb") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/bookiekiller.html";
} elseif ($_POST['p']=="tn") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/teamnews.html";
} elseif ($_POST['p']=="s") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/scores.html";
} elseif ($_POST['p']=="l") {
if ($num3>0) {
$sql="select MIN(imgID) as minumumimage FROM loungeimages WHERE matchID='$ID' GROUP BY matchID";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/lounge/$minumumimage.html";
}
else {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/lounge.html";
}
} elseif ($_POST['p']=="fv") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/fansviews.html";
} elseif ($_POST['p']=="fr") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/fansmatchreport.html";
} elseif ($_POST['p']=="ob") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/offtheball.html";
} elseif ($_POST['p']=="mq") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/matchquotes.html";
} elseif ($_POST['p']=="mr") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/matchreport.html";
}
}
elseif ($type == "match2") {
$sql="select r.versus, r.venue FROM regmatch2 r WHERE r.matchID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($venue=='Home') {
$teams = "Stanlow V $versus";
$teams2 = "Stanlow_vs_" . str_replace(" ", "_", strtolower($versus));
}
else {
$teams = "$versus V Stanlow";
$teams2 = str_replace(" ", "_", strtolower($versus)) . "_vs_Stanlow";
}
if ($_POST['p']=="ao") {
$link = "/match/perfectseason/$ID-$teams2/aboutoppo.html";
}
elseif ($_POST['p']=="bb") {
$link = "/match/perfectseason/$ID-$teams2/de_ja_lards_best_bet.html";
}
elseif ($_POST['p']=="tn") {
$link = "/match/perfectseason/$ID-$teams2/teamnews.html";
}
elseif ($_POST['p']=="mr") {
$link = "/match/perfectseason/$ID-$teams2/matchreport.html";
}
elseif ($_POST['p']=="rank") {
$link = "/match/perfectseason/$ID-$teams2/andys_old_rankin.html";
}
}
elseif ($type == "event") {
$link = "/fans/diary.html";
} elseif ($type == "picsubcat") {
$sql = "SELECT s.title as stitle, c.catID, c.title as ctitle, MIN(p.imgID) as imgID, se.section FROM picturesubcategory s, category c, picturetable p, section se WHERE c.sectionid=se.sectionid AND s.piccatID='$ID' AND s.catID=c.catID AND p.piccatID=s.piccatID";
$result = mysql_query($sql) or die ("<script language='javascript'>alert('" . $sql . "');</script>");
$row = mysql_fetch_array($result);
extract($row);
$ctitle = html_entity_decode($ctitle);
$ctitle = punct_remove($ctitle);
$stitle = html_entity_decode($stitle);
$stitle = punct_remove($stitle);
$section = strtolower($section);
$link = "/$section/$catID-$ctitle/$stitle/$imgID.html";
} elseif ($type == "paypal") {
$sql = "SELECT name FROM paypalitems WHERE itemID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$name = str_replace(" ", "_", $name);
$name = urlencode($name);
$link = "/products/" . $ID . "-" . $name . ".html";
} elseif ($type == "lookalike") {
$link = "/funnies/lookalikes/1.html";
} elseif ($type == "wallpaper") {
$link = "/gear/wallpapers/1.html";
}
$result = 0;
$time = time();
while(file_exists($time.'-'.$_FILES['myfile']['name']))
{
$time++;
}
while (file_exists($time.'-'.$_FILES['myfile2']['name']))
{
$time++;
}
$thumb_target_path = $thumb_destination_path . $time.'-'.$_FILES['myfile']['name'];
$large_target_path = $large_destination_path . $time.'-'.$_FILES['myfile2']['name'];
$filename = $time.'-'.$_FILES['myfile']['name'];
$filename2 = $time.'-'.$_FILES['myfile2']['name'];
if ((!isset($_FILES['myfile']['tmp_name']) || $_FILES['myfile']['tmp_name'] == "") || (!isset($_FILES['myfile2']['tmp_name']) || $_FILES['myfile2']['tmp_name'] == "")) {
$result = 3;
} else {
if (is_uploaded_file($_FILES['myfile']['tmp_name']) && is_uploaded_file($_FILES['myfile2']['tmp_name'])) {
if (getimagesize($_FILES['myfile']['tmp_name']) && getimagesize($_FILES['myfile2']['tmp_name'])) {
if ((move_uploaded_file($_FILES['myfile']['tmp_name'], $thumb_target_path)) && (move_uploaded_file($_FILES['myfile2']['tmp_name'], $large_target_path))) {
$result = 1;
$image_dim = getimagesize($thumb_target_path);
$image_dim2 = getimagesize($large_target_path);
if (($image_dim[0] != 75 || $image_dim[1] != 100) || ($image_dim2[0] != 230 || $image_dim2[1] != 199)) {
$result = 4;
unlink($thumb_target_path);
unlink($large_target_path);
} else {
if (isset($_POST['f'])) {
$publishingdate = $_POST['date'];
$sql2 = "INSERT INTO storyslide_future (thumb, large, thumbcaption, largecaption, link, publishingdate) VALUES ('$filename', '$filename2', '$caption', '$caption2', '$link', '$publishingdate')";
$res2 = mysql_query($sql2) or die ('<script language="javascript" type="text/javascript">alert("Error! bad insert statement");</script>');
} else {
$sql = "DELETE FROM storyslide WHERE thumbID='16'";
$res = mysql_query($sql) or die ("Error! bad delete statement");
$sql1 = "UPDATE storyslide SET thumbID=thumbID+1";
$res1 = mysql_query($sql1) or die ('<script language="javascript" type="text/javascript">alert("Error! bad update statement");</script>');
$sql2 = "INSERT INTO storyslide (thumbID, thumb, large, thumbcaption, largecaption, link) VALUES ('1', '$filename', '$filename2', '$caption', '$caption2', '$link')";
$res2 = mysql_query($sql2) or die ('<script language="javascript" type="text/javascript">alert("Error! bad insert statement");</script>');
}
}
}
} else {
$result = 2;
}
} else {
$result = 5;
}
}
sleep(1);
?>
<script language="javascript" type="text/javascript">window.top.window.stopUpload(<?php echo $result; ?>);</script>
<?php } ?>
And now the form:
<script src='upload_handler.js' language="javascript" type="text/javascript"></script>
</head>
<body>
<div id='wrapper'> <!-- start wrapper -->
<?php include("top.php"); ?>
<div id='pagetitle'> <!-- start pagetitle -->
<div id='pageimage'><img src='adminimages/note.jpg'/></div>
<div id='title'>Add to Thumbnails</div>
</div> <!-- end pagetitle -->
<div id='admincontrols'> <!-- start admincontrols -->
<center>
<div id='container' style='margin:0 0 0 240px;'>
<div id="content">
<form action='upload.php' method='post' enctype='multipart/form-data' target='upload_target' onSubmit='startUpload();'>
<input type='hidden' name='type' value='<?php echo $type; ?>' />
<?php
if (isset($_GET['ID'])) {
?>
<input type='hidden' name='ID' value='<?php echo $ID; ?>' />
<?php
}
?>
<?php
if (isset($_GET['p'])) {
?>
<input type='hidden' name='p' value='<?php echo $_GET['p']; ?>' />
<?php
}
?>
<?php
if (isset($_GET['f'])) {
?>
<input type='hidden' name='f' value='<?php echo $_GET['f']; ?>' />
<input type='hidden' name='date' value='<?php echo $_GET['date']; ?>' />
<?php
}
?>
<p id="f1_upload_process">Loading...<br/><img src="images/loader.gif" width="200" height="20" /><br/></p>
<div id='f1_upload_form'>
<div id='thumbnail_title' style='font-family:georgia;'>Thumbnail (This Image must be 75px in width and 100px in height):</div>
<div class='input_container'>
<div class='label_image'>File:</div>
<div class='input_image'><input name='myfile' type='file' size='70' class='inputbox'/></div>
</div>
<div class='input_container'>
<div class='label_image'>Caption:</div>
<div class='input_image'><input name='caption' type='text' maxlength='30' class='inputbox'/></div>
</div>
<div id='largerimage_title' style='font-family:georgia;'>Main Image (Only one image required. Minimum dimensions: 230px in width and 199px):</div>
<div class='input_container'>
<div class='label_image'>File:</div>
<div class='input_image'><input name='myfile2' type='file' size='70' class='inputbox'/></div>
</div>
<div class='input_container'>
<div class='label_image'>Caption:</div>
<div class='input_image'><input name='caption2' type='text' maxlength='200' class='inputbox'/></div>
</div>
<label><input type='submit' name='submitBtn' class='sbtn' value='Upload' /></label>
</div>
<iframe id='upload_target' name='upload_target' src='#' style='width:0;height:0;border:0px solid #fff;'></iframe>
</form>
</div>
</div>
</center>
</div>
<div id='controlbuttons'>
<a href='storyslide_write.php?type=<?php echo $type; if (isset($_GET['ID'])) { echo "&ID=" . $ID; } if (isset($_GET['n'])) { echo '&n=c'; } if (isset($_GET['revised'])) { echo '&revised=' . $_GET['revised']; } if (isset($_GET['c'])) { echo '&c=' . $_GET['c']; } ?>' id='savebutton' style='visibility:hidden;'><img src='adminimages/save.jpg' alt='Done' border='0' /></a>
<a href='admin.php'><img src='adminimages/home.jpg' border='0' alt='Main Menu'/></a></div>
</div> <!-- end wrapper -->
</body>
</html>
<?php } ?>
The input that I want to remove so we only have 1 image upload input is:
<input name='myfile' type='file' size='70' class='inputbox'/>
The validation needs to be removed from the first file in order to do this successfully.
I had a few stabs at this myself and noticed that the input field was being referenced in upload.php by the name of the input "myfile", so I searched the upload.php for anhything relating to this input name I found the following and tried to remove:
while(file_exists($time.'-'.$_FILES['myfile']['name']))
{
$time++;
}
$thumb_target_path = $thumb_destination_path . $time.'-'.$_FILES['myfile']['name'];
$filename = $time.'-'.$_FILES['myfile']['name'];
To no avail however...
Any pointers would be greatly appreciated :)
Try with the following code, it removes $_FILES['myfile'] from everywhere, including if statements, SQL queries, etc.:
Upload.php
// Edit upload location here
$thumb_destination_path = "../storyslide_thumbs/";
$large_destination_path = "../storyslide_large/";
$type = $_POST['type'];
if (isset($_POST['ID'])) {
$ID = (int) $_POST['ID'];
}
$caption = mysql_real_escape_string($_POST['caption']);
$caption2 = mysql_real_escape_string($_POST['caption2']);
if ($type == "article" || $type == "editarticle") {
$sql="select a.title, a.category, c.title as cattitle, s.section as stitle, c.type from article a, category c, section s WHERE c.catID=a.category AND c.sectionid=s.sectionid AND a.articleID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$stitle = html_entity_decode($stitle);
$stitle = punct_remove($stitle);
$linktitle = html_entity_decode($title);
$linktitle = punct_remove($linktitle);
$cattitle = html_entity_decode($cattitle);
$cattitle = punct_remove($cattitle);
if ($category=='43') {
$link = "/fans/obituaries/$ID-$linktitle..html";
} else {
if ($type=="Blog") {
$ID = "b$ID";
$cattitle = $cattitle . "-" . $category;
} else {
$cattitle = $category . "-" . $cattitle;
}
$link = "/$stitle/$cattitle/$ID-$linktitle.html";
}
} elseif ($type == "player") {
$sql = "SELECT name FROM player WHERE playerID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$name = html_entity_decode($name);
$name = punct_remove($name);
$link = "/players/squad/$ID-$name.html";
} elseif ($type == "match") {
$sql="select r.versus, r.venue, s.year FROM regmatch r, season s WHERE r.matchID='$ID' AND r.season=s.seasonID";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($venue=='Home') {
$teams = "Stanlow V $versus";
$teams2 = "Stanlow_vs_" . str_replace(" ", "_", strtolower($versus));
}
else {
$teams = "$versus V Stanlow";
$teams2 = str_replace(" ", "_", strtolower($versus)) . "_vs_Stanlow";
}
$year = str_replace("/", "-", $year);
$sql="select count(*) as num3 FROM loungeimages WHERE matchID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($_POST['p']=="ao") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/awayteam.html";
} elseif ($_POST['p']=="bb") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/bookiekiller.html";
} elseif ($_POST['p']=="tn") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/teamnews.html";
} elseif ($_POST['p']=="s") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/scores.html";
} elseif ($_POST['p']=="l") {
if ($num3>0) {
$sql="select MIN(imgID) as minumumimage FROM loungeimages WHERE matchID='$ID' GROUP BY matchID";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/lounge/$minumumimage.html";
}
else {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/lounge.html";
}
} elseif ($_POST['p']=="fv") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/fansviews.html";
} elseif ($_POST['p']=="fr") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/fansmatchreport.html";
} elseif ($_POST['p']=="ob") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/offtheball.html";
} elseif ($_POST['p']=="mq") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/matchquotes.html";
} elseif ($_POST['p']=="mr") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/matchreport.html";
}
}
elseif ($type == "match2") {
$sql="select r.versus, r.venue FROM regmatch2 r WHERE r.matchID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($venue=='Home') {
$teams = "Stanlow V $versus";
$teams2 = "Stanlow_vs_" . str_replace(" ", "_", strtolower($versus));
}
else {
$teams = "$versus V Stanlow";
$teams2 = str_replace(" ", "_", strtolower($versus)) . "_vs_Stanlow";
}
if ($_POST['p']=="ao") {
$link = "/match/perfectseason/$ID-$teams2/aboutoppo.html";
}
elseif ($_POST['p']=="bb") {
$link = "/match/perfectseason/$ID-$teams2/de_ja_lards_best_bet.html";
}
elseif ($_POST['p']=="tn") {
$link = "/match/perfectseason/$ID-$teams2/teamnews.html";
}
elseif ($_POST['p']=="mr") {
$link = "/match/perfectseason/$ID-$teams2/matchreport.html";
}
elseif ($_POST['p']=="rank") {
$link = "/match/perfectseason/$ID-$teams2/andys_old_rankin.html";
}
}
elseif ($type == "event") {
$link = "/fans/diary.html";
} elseif ($type == "picsubcat") {
$sql = "SELECT s.title as stitle, c.catID, c.title as ctitle, MIN(p.imgID) as imgID, se.section FROM picturesubcategory s, category c, picturetable p, section se WHERE c.sectionid=se.sectionid AND s.piccatID='$ID' AND s.catID=c.catID AND p.piccatID=s.piccatID";
$result = mysql_query($sql) or die ("<script language='javascript'>alert('" . $sql . "');</script>");
$row = mysql_fetch_array($result);
extract($row);
$ctitle = html_entity_decode($ctitle);
$ctitle = punct_remove($ctitle);
$stitle = html_entity_decode($stitle);
$stitle = punct_remove($stitle);
$section = strtolower($section);
$link = "/$section/$catID-$ctitle/$stitle/$imgID.html";
} elseif ($type == "paypal") {
$sql = "SELECT name FROM paypalitems WHERE itemID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$name = str_replace(" ", "_", $name);
$name = urlencode($name);
$link = "/products/" . $ID . "-" . $name . ".html";
} elseif ($type == "lookalike") {
$link = "/funnies/lookalikes/1.html";
} elseif ($type == "wallpaper") {
$link = "/gear/wallpapers/1.html";
}
$result = 0;
$time = time();
while (file_exists($time.'-'.$_FILES['myfile2']['name']))
{
$time++;
}
$large_target_path = $large_destination_path . $time.'-'.$_FILES['myfile2']['name'];
$filename = '';
$filename2 = $time.'-'.$_FILES['myfile2']['name'];
if ((!isset($_FILES['myfile2']['tmp_name']) || $_FILES['myfile2']['tmp_name'] == "")) {
$result = 3;
} else {
if (is_uploaded_file($_FILES['myfile2']['tmp_name'])) {
if (getimagesize($_FILES['myfile2']['tmp_name'])) {
if (((move_uploaded_file($_FILES['myfile2']['tmp_name'], $large_target_path))) {
$result = 1;
$image_dim2 = getimagesize($large_target_path);
if (($image_dim2[0] != 230 || $image_dim2[1] != 199)) {
$result = 4;
unlink($large_target_path);
} else {
if (isset($_POST['f'])) {
$publishingdate = $_POST['date'];
$sql2 = "INSERT INTO storyslide_future (thumb, large, thumbcaption, largecaption, link, publishingdate) VALUES ('$filename', '$filename2', '$caption', '$caption2', '$link', '$publishingdate')";
$res2 = mysql_query($sql2) or die ('<script language="javascript" type="text/javascript">alert("Error! bad insert statement");</script>');
} else {
$sql = "DELETE FROM storyslide WHERE thumbID='16'";
$res = mysql_query($sql) or die ("Error! bad delete statement");
$sql1 = "UPDATE storyslide SET thumbID=thumbID+1";
$res1 = mysql_query($sql1) or die ('<script language="javascript" type="text/javascript">alert("Error! bad update statement");</script>');
$sql2 = "INSERT INTO storyslide (thumbID, thumb, large, thumbcaption, largecaption, link) VALUES ('1', '$filename', '$filename2', '$caption', '$caption2', '$link')";
$res2 = mysql_query($sql2) or die ('<script language="javascript" type="text/javascript">alert("Error! bad insert statement");</script>');
}
}
}
} else {
$result = 2;
}
} else {
$result = 5;
}
}
sleep(1);
?>
<script language="javascript" type="text/javascript">window.top.window.stopUpload(<?php echo $result; ?>);</script>
<?php } ?>
I have created a MySQL database along with a front-end to manipulate it using PHP. However, while I can add content to the database manually, I cannot utilize my front-end. When I try to submit the data in my front-end's form fields, I receive the prompt "Duplicate Candidate Name."
The following PHP file is my general script for displaying the front-end:
<?php
if(isset($_POST['sbmtbtn']) && ($_POST['sbmtbtn'] != ""))
{
$desc = strip_tags($_POST['txtdesc']);
$date = glb_func_chkvl($_POST['txtdate']);
$first = glb_func_chkvl($_POST['txtfirst']);
$last = glb_func_chkvl($_POST['txtlast']);
$skill = glb_func_chkvl($_POST['txtskill']);
$sub1 = glb_func_chkvl($_POST['txtsub1']);
$sub2 = glb_func_chkvl($_POST['txtsub2']);
$person = glb_func_chkvl($_POST['txtperson']);
$company = glb_func_chkvl($_POST['txtcompany']);
$location = glb_func_chkvl($_POST['txtlocation']);
$complex = glb_func_chkvl($_POST['complex']);
$sts = glb_func_chkvl($_POST['lststs']);
$dt = date('Y-m-d');
$emp = $_SESSION['sesadmin'];
$sqryquestion_info
= "SELECT candi_first
FROM question_info
WHERE candi_first='$first'";
if(isset($_POST['frmtyp']) && ($_POST['frmtyp'] == "add"))
{
$srsquestion_info =mysql_query($sqryquestion_info);
$rows = mysql_num_rows($srsquestion_info);
if($rows > 0)
{
$gmsg = "<font color=red size=2>Duplicate Candidate Name . Record not saved</font>";
}
else
{
$iqryquestion_info="insert into question_info(
candi_first,candi_last,date,
skill,subtype_1,
subtype_2,person_int,
comp_name,loc_int,complex_lvl,
type_int,question_candi,q_crton,
q_crtby)
values('$first','$last','$date','$skill','$sub1','$sub2','$person','$company',
'$location','$complex','$sts','$desc','$dt','$emp')";
$irsquestion_info = mysql_query($iqryquestion_info);
if($irsquestion_info==true)
{
$gmsg = "<font color=green size=2>Record saved successfully</font>";
}
else
{
$gmsg = "<font color=red size=2>Record not saved</font>";
}
}
}
if(isset($_POST['frmtyp']) && ($_POST['frmtyp'] == "edit"))
{
$id = $_REQUEST['hdnedit'];
$pg = $_REQUEST['hdnpg'];
$countstart = $_REQUEST['hdncntstrt'];
$sqryquestion_info .=" and ques_id !=$id";
$srsquestion_info = mysql_query($sqryquestion_info);
$rows = mysql_num_rows($srsquestion_info);
if($rows > 0)
{
?>
<script>location.href="view_all_questions.php?sts=d&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";</script>
<?php
}
else
{
$uqryquestion_info="update question_info set
date ='$date',
candi_first ='$first',
candi_last ='$last',
skill ='$skill',
subtype_1 ='$sub1',
subtype_2 ='$sub2',
person_int ='$person',
comp_name ='$company',
loc_int ='$location',
complex_lel ='$complex',
type_int ='$company',
question_candi ='$desc',
q_mdfdon ='$dt',
q_mdfdby ='$emp' ";
$uqryquestion_info .= " where ques_id=$id";
$ursquestion_info = mysql_query($uqryquestion_info);
if($ursquestion_info==true)
{
?>
<script>location.href="view_all_questions.php?sts=y&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";
</script>
<?php
}
else
{
?>
<script>location.href="view_all_questions.php?sts=n&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";
</script>
<?php
}
}
}
/*********************************** End Editing ******************************************************/
}
?>
Here begins my "main file" for editing:
<?php
if(isset($_POST['sbmtbtn']) && ($_POST['sbmtbtn'] != ""))
{
$desc = strip_tags($_POST['txtdesc']);
$date = glb_func_chkvl($_POST['txtdate']);
$first = glb_func_chkvl($_POST['txtfirst']);
$last = glb_func_chkvl($_POST['txtlast']);
$skill = glb_func_chkvl($_POST['txtskill']);
$sub1 = glb_func_chkvl($_POST['txtsub1']);
$sub2 = glb_func_chkvl($_POST['txtsub2']);
$person = glb_func_chkvl($_POST['txtperson']);
$company = glb_func_chkvl($_POST['txtcompany']);
$location = glb_func_chkvl($_POST['txtlocation']);
$complex = glb_func_chkvl($_POST['complex']);
$sts = glb_func_chkvl($_POST['lststs']);
$dt = date('Y-m-d');
$emp = $_SESSION['sesadmin'];
$sqryquestion_info="select candi_first
from question_info
where candi_first='$first'";
if(isset($_POST['frmtyp']) && ($_POST['frmtyp'] == "add"))
{
$srsquestion_info =mysql_query($sqryquestion_info);
$rows = mysql_num_rows($srsquestion_info);
if($rows > 0)
{
$gmsg = "<font color=red size=2>Duplicate Candidate Name . Record not saved</font>";
}
else
{
$iqryquestion_info="insert into question_info(
candi_first,candi_last,date,
skill,subtype_1,
subtype_2,person_int,
comp_name,loc_int,complex_lvl,
type_int,question_candi,q_crton,
q_crtby)
values('$first','$last','$date','$skill','$sub1','$sub2','$person','$company',
'$location','$complex','$sts','$desc','$dt','$emp')";
$irsquestion_info = mysql_query($iqryquestion_info);
if($irsquestion_info==true)
{
$gmsg = "<font color=green size=2>Record saved successfully</font>";
}
else
{
$gmsg = "<font color=red size=2>Record not saved</font>";
}
}
}
if(isset($_POST['frmtyp']) && ($_POST['frmtyp'] == "edit"))
{
$id = $_REQUEST['hdnedit'];
$pg = $_REQUEST['hdnpg'];
$countstart = $_REQUEST['hdncntstrt'];
$sqryquestion_info .=" and ques_id !=$id";
$srsquestion_info = mysql_query($sqryquestion_info);
$rows = mysql_num_rows($srsquestion_info);
if($rows > 0)
{
?>
<script>location.href="view_all_questions.php?sts=d&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";</script>
<?php
}
else
{
$uqryquestion_info="update question_info set
date ='$date',
candi_first ='$first',
candi_last ='$last',
skill ='$skill',
subtype_1 ='$sub1',
subtype_2 ='$sub2',
person_int ='$person',
comp_name ='$company',
loc_int ='$location',
complex_lel ='$complex',
type_int ='$company',
question_candi ='$desc',
q_mdfdon ='$dt',
q_mdfdby ='$emp' ";
$uqryquestion_info .= " where ques_id=$id";
$ursquestion_info = mysql_query($uqryquestion_info);
if($ursquestion_info==true)
{
?>
<script>location.href="view_all_questions.php?sts=y&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";
</script>
<?php
}
else
{
?>
<script>location.href="view_all_questions.php?sts=n&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";
</script>
<?php
}
}
}
/*********************************** End Editing ******************************************************/
}
?>