01.
<?php
require_once
(
'../Connections/connection.php'
); ?>
02.
<?php
include
(
"dw-upload.inc.php"
); ?>
03.
<?php
04.
if
(!function_exists(
"GetSQLValueString"
)) {
05.
function
GetSQLValueString(
$theValue
,
$theType
,
$theDefinedValue
=
""
,
$theNotDefinedValue
=
""
)
06.
{
07.
if
(PHP_VERSION < 6) {
08.
$theValue
= get_magic_quotes_gpc() ?
stripslashes
(
$theValue
) :
$theValue
;
09.
}
10.
11.
$theValue
= function_exists(
"mysql_real_escape_string"
) ? mysql_real_escape_string(
$theValue
) : mysql_escape_string(
$theValue
);
12.
13.
switch
(
$theType
) {
14.
case
"text"
:
15.
$theValue
= (
$theValue
!=
""
) ?
"'"
.
$theValue
.
"'"
:
"NULL"
;
16.
break
;
17.
case
"long"
:
18.
case
"int"
:
19.
$theValue
= (
$theValue
!=
""
) ?
intval
(
$theValue
) :
"NULL"
;
20.
break
;
21.
case
"double"
:
22.
$theValue
= (
$theValue
!=
""
) ? doubleval(
$theValue
) :
"NULL"
;
23.
break
;
24.
case
"date"
:
25.
$theValue
= (
$theValue
!=
""
) ?
"'"
.
$theValue
.
"'"
:
"NULL"
;
26.
break
;
27.
case
"defined"
:
28.
$theValue
= (
$theValue
!=
""
) ?
$theDefinedValue
:
$theNotDefinedValue
;
29.
break
;
30.
}
31.
return
$theValue
;
32.
}
33.
}
34.
35.
$editFormAction
=
$_SERVER
[
'PHP_SELF'
];
36.
if
(isset(
$_SERVER
[
'QUERY_STRING'
])) {
37.
$editFormAction
.=
"?"
. htmlentities(
$_SERVER
[
'QUERY_STRING'
]);
38.
}
39.
40.
if
((isset(
$_POST
[
"MM_insert"
])) && (
$_POST
[
"MM_insert"
] ==
"form1"
)) {
41.
$insertSQL
= sprintf(
"INSERT INTO trip (Trip_Name, Trip_Lati, Trip_Longti, Trip_Categories, Trip_Deatail, Trip_Note, Trip_img, User_ID) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)"
,
42.
GetSQLValueString(
$_POST
[
'Trip_Name'
],
"text"
),
43.
GetSQLValueString(
$_POST
[
'Trip_Lati'
],
"double"
),
44.
GetSQLValueString(
$_POST
[
'Trip_Longti'
],
"double"
),
45.
GetSQLValueString(
$_POST
[
'Trip_Categories'
],
"text"
),
46.
GetSQLValueString(
$_POST
[
'Trip_Deatail'
],
"text"
),
47.
GetSQLValueString(
$_POST
[
'Trip_Note'
],
"text"
),
48.
GetSQLValueString(dwUpload(
$_FILES
[
'img'
]),
"text"
),
49.
GetSQLValueString(
$_POST
[
'User_ID'
],
"int"
));
50.
51.
mysql_select_db(
$database_connection
,
$connection
);
52.
$Result1
= mysql_query(
$insertSQL
,
$connection
)
or
die
(mysql_error());
53.
54.
$insertGoTo
=
"../mng_trip.php"
;
55.
if
(isset(
$_SERVER
[
'QUERY_STRING'
])) {
56.
$insertGoTo
.= (
strpos
(
$insertGoTo
,
'?'
)) ?
"&"
:
"?"
;
57.
$insertGoTo
.=
$_SERVER
[
'QUERY_STRING'
];
58.
}
59.
header(sprintf(
"Location: %s"
,
$insertGoTo
));
60.
}
61.
62.
$colname_Recordset1
=
"-1"
;
63.
if
(isset(
$_GET
[
'User_ID'
])) {
64.
$colname_Recordset1
=
$_GET
[
'User_ID'
];
65.
}
66.
mysql_select_db(
$database_connection
,
$connection
);
67.
$query_Recordset1
= sprintf(
"SELECT * FROM trip WHERE User_ID = %s"
, GetSQLValueString(
$colname_Recordset1
,
"int"
));
68.
$Recordset1
= mysql_query(
$query_Recordset1
,
$connection
)
or
die
(mysql_error());
69.
$row_Recordset1
= mysql_fetch_assoc(
$Recordset1
);
70.
$totalRows_Recordset1
= mysql_num_rows(
$Recordset1
);
71.
?>