<?ob_start();?>
<?php
session_start();
if (!isset($_SESSION["manager"])) {
header("location: admin_login.php");
exit();
}
// Be sure to check that this manager SESSION value is in fact in the database
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
// Connect to the MySQL database
include "../storescripts/connect_to_mysql.php";
$conn = new mysqli($db_host,$db_username,$db_pass,$db_name);
mysqli_query($conn, "SET NAMES 'utf8'");
mysqli_query($conn, "SET CHARACTER SET 'utf8'");
$sql = "SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"; // select table
$result = $conn->query($sql); // count the output amount query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysqli_num_rows($result); // count the row nums
/*if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
*/
?>
<?php
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
<html>
<head>
<title>ThaiCreate.Com PHP & MySQL Tutorial</title>
</head>
<body>
<?php
$conn = new mysqli($db_host,$db_username,$db_pass,$db_name);
for($i=1;$i<=$_POST["hdnLine"];$i++)
{
if($_POST["date_tracking$i"] != "")
{
$strSQL = "INSERT INTO tracking ";
$strSQL .="(date_tracking,customer_name,track_number,post_code) ";
$strSQL .="VALUES ";
$strSQL .="('".$_POST["date_tracking$i"]."','".$_POST["customer_name$i"]."' ";
$strSQL .="'".$_POST["track_number$i"]."' ";
$strSQL .=",'".$_POST["post_code$i"]."') ";
$objQuery = $conn->query($strSQL);
}
}
echo "Save Done. Click <a href='phpMySQLListRecord.php'>here</a> to view.";
mysqli_close($conn);
?>
</body>
</html>
<?ob_start();?>
<?php
session_start();
if (!isset($_SESSION["manager"])) {
header("location: admin_login.php");
exit();
}
// Be sure to check that this manager SESSION value is in fact in the database
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
// Connect to the MySQL database
include "../storescripts/connect_to_mysql.php";
$conn = new mysqli($db_host,$db_username,$db_pass,$db_name);
mysqli_query($conn, "SET NAMES 'utf8'");
mysqli_query($conn, "SET CHARACTER SET 'utf8'");
$sql = "SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"; // select table
$result = $conn->query($sql); // count the output amount query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysqli_num_rows($result); // count the row nums
/*if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
*/
?>
<?php
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
<html>
<head>
<title>ThaiCreate.Com PHP & MySQL Tutorial</title>
</head>
<body>
<?php
$conn = new mysqli($db_host,$db_username,$db_pass,$db_name);
mysqli_query($conn, "SET NAMES 'utf8'");
mysqli_query($conn, "SET CHARACTER SET 'utf8'");
for($i=1;$i<=$_POST["hdnLine"];$i++)
{
$date_tracking = (isset($_GET['date_tracking'])) ? $_GET['date_tracking'] : '';
if($_POST["date_tracking$i"] != "")
{
$strSQL = "INSERT INTO tracking ";
$strSQL .="(date_tracking,customer_name,track_number,post_code,date_added) ";
$strSQL .="VALUES ";
$strSQL .="('".$_POST["date_tracking$i"]."','".$_POST["customer_name$i"]."', '" .$_POST["track_number$i"]."','".$_POST["post_code$i"]."','".$_POST["now()$i"]."') ";
$objQuery = $conn->query($strSQL);
}
}
echo "Save Done. Click <a href='phpMySQLListRecord.php'>here</a> to view.";
$conn->close();
?>
</body>
</html>
Load balance : Server 01
