function add_new_class($p_class, $p_letter, $p_school_year_id, $p_teacher_id) { $retArray = array('isError' => false); //check if class alresy exists $sql = "SELECT class_id FROM classes WHERE class=%n AND letter='%s' AND school_year_id=%n"; $res = db_query($sql, $p_class, $p_letter, $p_school_year_id); $row = mysql_fetch_row($res); if ($row) { $retArray['isError'] = true; $retArray['errorText'] = 'Класс с такимим параметрами уже существует.'; } else { $sql = "INSERT INTO classes (class, letter, school_year_id, teacher_id) VALUES(%n,'%s',%n,%n)"; $res = db_query($sql, $p_class, $p_letter, $p_school_year_id, $p_teacher_id); if (!res) { $retArray['isError'] = true; $retArray['errorText'] = "INSERT MySQL error " . mysql_errno() . ": " . mysql_error(); } else { $retArray['newClassId'] = db_get_insert_id(); } } return $retArray; }
function add_user($login, $password, $first_name = null, $middle_name = null, $last_name = null) { $retArray = array('isError' => false); //check if user alresy exists $sql = "SELECT user_id FROM users WHERE login='******'"; $res = db_query($sql, $login); $row = mysql_fetch_row($res); if ($row) { $retArray['isError'] = true; $retArray['errorText'] = 'Пользователь с таким именем уже существует.'; } else { $sql = "INSERT INTO users (login,passwd,first_name,middle_name,last_name,access) VALUES('%s','%s','%s','%s','%s',%n)"; $res = db_query($sql, $login, md5($password), $first_name, $middle_name, $last_name, 1); if (!res) { $retArray['isError'] = true; $retArray['errorText'] = "INSERT MySQL error " . mysql_errno() . ": " . mysql_error(); } else { $retArray['newUserId'] = db_get_insert_id(); } } return $retArray; }
function add_lesson($lesson_date, $subject_id, $lesson_topic, $lesson_type_id) { $sql = "INSERT INTO lessons (lesson_date, subject_id, topic, active, lesson_type_id) VALUES('%s',%n,'%s',%n,%n)"; $res = db_query($sql, $lesson_date, $subject_id, $lesson_topic, time() + 60 * 60 * 45, $lesson_type_id); return db_get_insert_id(); }
$fields[] = "middle_name='" . mysql_escape_string(substr($_POST['middle_name'], 0, 25)) . "'"; $fields[] = "birthday='" . mysql_escape_string(implode('-', array_reverse(explode('.', $_POST['birthday'])))) . "'"; $fields[] = "address='" . mysql_escape_string(substr($_POST['address'], 0, 255)) . "'"; $fields[] = "phone='" . mysql_escape_string(substr($_POST['phone'], 0, 25)) . "'"; /* Информация о родителях*/ $fields[] = "mother_fio='" . mysql_escape_string(substr($_POST['mother_fio'], 0, 50)) . "'"; $fields[] = "mother_work_phone='" . mysql_escape_string(substr($_POST['mother_work_phone'], 0, 25)) . "'"; $fields[] = "mother_cell_phone='" . mysql_escape_string(substr($_POST['mother_cell_phone'], 0, 25)) . "'"; $fields[] = "father_fio='" . mysql_escape_string(substr($_POST['father_fio'], 0, 50)) . "'"; $fields[] = "father_work_phone='" . mysql_escape_string(substr($_POST['father_work_phone'], 0, 25)) . "'"; $fields[] = "father_cell_phone='" . mysql_escape_string(substr($_POST['father_cell_phone'], 0, 25)) . "'"; $fields[] = "pin_code=" . intval(substr($_POST['pin_code'], 0, 6)) . ""; $fields[] = "email='" . substr($_POST['email'], 0, 25) . "'"; $fields[] = "smsphone='" . mysql_escape_string(substr($_POST['smsphone'], 0, 11)) . "'"; db_query("INSERT students SET " . implode(', ', $fields)); $student_id = db_get_insert_id(); db_query("INSERT students_in_class VALUES ({$class_id}, {$student_id}, 0)"); header('Location: student.php?mode=success_add&class_id=' . $class_id); exit; } elseif ($action == 'update') { $fields = array(); /* Информация об ученике*/ $fields[] = "last_name='" . mysql_escape_string(substr($_POST['last_name'], 0, 25)) . "'"; $fields[] = "first_name='" . mysql_escape_string(substr($_POST['first_name'], 0, 25)) . "'"; $fields[] = "middle_name='" . mysql_escape_string(substr($_POST['middle_name'], 0, 25)) . "'"; $fields[] = "birthday='" . mysql_escape_string(implode('-', array_reverse(explode('.', $_POST['birthday'])))) . "'"; $fields[] = "address='" . mysql_escape_string(substr($_POST['address'], 0, 255)) . "'"; $fields[] = "phone='" . mysql_escape_string(substr($_POST['phone'], 0, 25)) . "'"; /* Информация о родителях*/ $fields[] = "mother_fio='" . mysql_escape_string(substr($_POST['mother_fio'], 0, 50)) . "'"; $fields[] = "mother_work_phone='" . mysql_escape_string(substr($_POST['mother_work_phone'], 0, 25)) . "'";