function addData($name, $id) { $flag = ""; $caseId = ""; $username = ""; $des = ""; $description = ""; $caseid = ""; $name = ""; $age = ""; $sex = ""; $address1 = ""; $address2 = ""; $pincode = ""; $disease = ""; $fatal = ""; $district = ""; $reportedon = ""; $diedon = ""; $date = ""; $createdon = ""; $newpostoffice = ""; $caseDate = ""; $username = ""; $usertype = ""; if ($id == 'add') { $username = trim($_SESSION['userName']); $usertype = trim($_SESSION['userType']); $hospitalid = trim($_POST['cmbHospital']); $name = trim($_POST['txtName']); $age = trim($_POST['txtAge']); $sex = trim($_POST['rdoSex']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $pincode = trim($_POST['txtPincode']); $disease = trim($_POST['cmbDisease']); $fatal = trim($_POST['cmbFatal']); $district = trim($_POST['cmbDistrict']); $reportedon = trim($_POST['txtReportedOn']); $createdon = date("d/m/Y"); $date = trim($_POST['txtCaseDate']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidName($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (isInvalidNumber($hospitalid)) { $flag = 'phpValidError'; } if (isInvalidNumber($age)) { $flag = 'phpValidError'; } if (isInvalidNumber($disease)) { $flag = 'phpValidError'; } if (isInvalidNumber($district)) { $flag = 'phpValidError'; } if (strlen($pincode) > 0) { if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } } if ($_POST['cmbPostOffice'] == 1 && $_POST['cmbNearPostOffice'] != "select") { $postofficeid = trim($_POST['cmbNearPostOffice']); } else { $postofficeid = trim($_POST['cmbPostOffice']); } if ($_POST['txtDiedOn'] == "") { $diedon = ""; } else { $diedon = trim($_POST['txtDiedOn']); if (!isValidDate($diedon)) { $flag = 'phpValidError'; } $diedon = getDateToDb($diedon); } if (isInvalidNumber($postofficeid)) { $flag = 'phpValidError'; } if (!isValidDate($date)) { $flag = 'phpValidError'; } if (!isValidDate($reportedon)) { $flag = 'phpValidError'; } $result = mysql_query("select * from casereport where name='" . $name . "' and age='" . $age . "'\n\t\t\t\tand sex='" . $sex . "' and fatal='" . $fatal . "' and casedate='" . getDateToDb($date) . "'\n\t\t\t\tand reportedon='" . getDateToDb($reportedon) . "'\t") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 'false'; } else { if ($flag == 'phpValidError') { } else { mysql_query("insert into casereport\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tage,\n\t\t\t\t\t\t\t\t\tsex,\n\t\t\t\t\t\t\t\t\taddress1,\n\t\t\t\t\t\t\t\t\taddress2,\n\t\t\t\t\t\t\t\t\tdiseaseid,\n\t\t\t\t\t\t\t\t\tfatal,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\thospitalid,\n\t\t\t\t\t\t\t\t\tpostofficeid,\n\t\t\t\t\t\t\t\t\treportedon,\n\t\t\t\t\t\t\t\t\tdiedon,\n\t\t\t\t\t\t\t\t\tcasedate,\n\t\t\t\t\t\t\t\t\tcreatedon\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($username) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($age) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($sex) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($disease) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($fatal) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($district) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($hospitalid) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($postofficeid) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($reportedon)) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($diedon) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($date)) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj(getDateToDb($createdon)) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error()); mysql_query("update casereport set diedon=NULL where diedon=00-00-0000") or die(mysql_error()); if ($_POST['cmbPostOffice'] == 1) { $newpostoffice = $_POST['txtNewPostOffice']; if (strlen($newpostoffice) < 3) { $flag = 'phpValidError'; } if (isInvalidName($newpostoffice)) { $flag = 'phpValidError'; } if ($flag == 'phpValidError') { } else { mysql_query("insert into newpostoffice\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\tpincode\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($newpostoffice) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($district) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "'\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t ") or die(mysql_error()); } } $username = $_SESSION['userName']; $description = "New Case Report on patient " . $name . " is added"; insertEventData('Add_Case_Report', "New_Case_Reported", $username, $description); $flag = 'true'; } } } else { $hospitalid = $_POST['cmbHospital']; $postofficeid = $_POST['cmbPostOffice']; $name = trim($_POST['txtName']); $age = trim($_POST['txtAge']); $sex = trim($_POST['rdoSex']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $pincode = trim($_POST['txtPincode']); $disease = trim($_POST['cmbDisease']); $fatal = trim($_POST['cmbFatal']); $district = trim($_POST['cmbDistrict']); $reportedon = trim($_POST['txtReportedOn']); $caseId = trim($_POST['txtCaseId']); $date = trim($_POST['txtCaseDate']); if (trim($_POST['txtDiedOn']) == "") { $diedon = ""; } else { $diedon = trim($_POST['txtDiedOn']); if (!isValidDate($diedon)) { $flag = 'phpValidError'; } $diedon = getDateToDb($diedon); } if (!isValidDate($reportedon)) { $flag = 'phpValidError'; } if (!isValidDate($date)) { $flag = 'phpValidError'; } if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidName($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (isInvalidNumber($hospitalid)) { $flag = 'phpValidError'; } if (isInvalidNumber($age)) { $flag = 'phpValidError'; } if (isInvalidNumber($disease)) { $flag = 'phpValidError'; } if (isInvalidNumber($district)) { $flag = 'phpValidError'; } if (isInvalidNumber($caseId)) { $flag = 'phpValidError'; } if (strlen($pincode) > 0) { if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } } if ($flag == 'phpValidError') { } else { mysql_query("update casereport\n\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\tage='" . preventInj($age) . "',\n\t\t\t\t\t\tsex='" . preventInj($sex) . "',\n\t\t\t\t\t\taddress1='" . preventInj($address1) . "',\n\t\t\t\t\t\taddress2='" . preventInj($address2) . "',\n\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\tdiseaseid='" . preventInj($disease) . "',\n\t\t\t\t\t\tdistrictid='" . preventInj($district) . "',\n\t\t\t\t\t\thospitalid='" . preventInj($hospitalid) . "',\n\t\t\t\t\t\tpostofficeid='" . preventInj($postofficeid) . "',\n\t\t\t\t\t\treportedon='" . preventInj(getDateToDb($reportedon)) . "',\n\t\t\t\t\t\tdiedon='" . preventInj($diedon) . "',\n\t\t\t\t\t\tcasedate='" . preventInj(getDateToDb($date)) . "'\n\t\t\t\t\twhere casereportid='" . preventInj($caseId) . "' ") or die(mysql_error()); mysql_query("update casereport set diedon=NULL where diedon=00-00-0000") or die(mysql_error()); $username = $_SESSION['userName']; $description = "Case Report with id " . $caseId . " is updated"; insertEventData('Update_Case_Report', "Case_Report_Updated", $username, $description); $flag = 'success'; } } return $flag; }
$err = false; $errstr = ""; foreach ($files as $file){ if ($file['name'] != "") { if ( isInvalidType($file) ) { $err = true; $errstr .= "One or more files are of invalid types <br />"; break; } if ( $file['size'] > 50000) { $err = true; $errstr .= "One or more files exceed 50 KB <br />"; break; } if ( isInvalidName($file) ) { $err = true; $errstr .= "One or more files has an invalid name <br />"; break; } } } if ($err == true){ print $errstr; print "<br /><a href='upload-file.php'>Try Again</a>"; } else { foreach($files as $file){ if ($file['name'] != "") { $newName = str_replace(' ', '_', $file['name']); $dest = $uploaddir ."/". $newName;
function addData() { $gmoId = ""; $name = ""; $designation = null; $address1 = null; $address2 = null; $phone1 = null; $email = ""; $phone2 = null; $mobile = null; $user = '******'; $pass = '******'; $flag1 = null; if (isset($_GET['add'])) { $name = $_GET['name']; $designation = $_GET['designation']; $address1 = $_GET['address1']; $address2 = $_GET['address2']; $email = $_GET['email']; $phone1 = $_GET['phonenumber1']; $phone2 = $_GET['phonenumber2']; $mobile = $_GET['mobilenumber']; $user = $_GET['username']; $pass = $_GET['password']; $resultdist = mysql_query("select districtid from district where name='" . $_GET['district'] . "' ") or die(mysql_error()); $rowdist = mysql_fetch_array($resultdist); $districtid = $rowdist['districtid']; if (strlen($name) < 1) { $flag1 = 'phpValidError'; } if (isInvalidName($name)) { $flag1 = 'phpValidError'; } if (strlen($designation) < 1) { $flag = 'phpValidError'; } if (isInvalidName($designation)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag1 = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag1 = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag1 = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag1 = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag1 = 'phpValidError'; } if (isStringNull($districtid)) { $flag1 = 'phpValidError'; } if (strlen($phone1) < 7) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag1 = 'phpValidError'; } if (strlen($user) < 5) { $flag1 = 'phpValidError'; } if (strlen($user) > 25) { $flag1 = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag1 = 'phpValidError'; } if (strlen($pass) < 5) { $flag1 = 'phpValidError'; } if (strlen($pass) > 25) { $flag1 = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag1 = 'phpValidError'; } $result = mysql_query("select * from gmo where name='" . $name . "' and officeaddress1='" . $address1 . "' and\n\t\t\t\tofficeaddress2='" . $address2 . "' and officephno1='" . $phone1 . "' and officephno2='" . $phone2 . "'\n\t\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and designation='" . $designation . "'\n\t\t\t\tand districtid='" . $districtid . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 1; } else { if ($flag1 == 'phpValidError') { } else { $result1 = mysql_query("select * from user where username='******' ") or die(mysql_error()); $intUnameExists = mysql_num_rows($result1); if ($intUnameExists > 0) { $flag = 2; } else { $flag = 3; mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\t\tusertype\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t\t'GMO'\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\t ") or die(mysql_error()); mysql_query("insert into gmo\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\t\tdesignation,\n\t\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\t\t\t\tofficeaddress1,\n\t\t\t\t\t\t\t\t\t\t\t\tofficeaddress2,\n\t\t\t\t\t\t\t\t\t\t\t\tofficephno1,\n\t\t\t\t\t\t\t\t\t\t\t\tofficephno2,\n\t\t\t\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\t\tstateid\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($name)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($designation)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($user)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($email)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($mobile)) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t'" . trim($districtid) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t'01'\n\n\t\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t") or die(mysql_error()); $description = "New gmo with username " . $user . " is registered"; insertEventData("Registration", "Registered new gmo", 'GMO', $description); } } } } return $flag; }
function addData() { $hospitalName = ""; $address1 = null; $address2 = null; $phone1 = null; $email = ""; $phone2 = null; $regno = null; $mobile = null; $user = null; $pass = null; $district = null; $flag = 7; $flag1 = null; $intnameExists = 0; if (isset($_GET['add'])) { $name = $_GET['hname']; $address1 = $_GET['address1']; $address2 = $_GET['address2']; $email = $_GET['email']; $phone1 = $_GET['phonenumber1']; $phone2 = $_GET['phonenumber2']; $regno = $_GET['regno']; $mobile = $_GET['mobilenumber']; $user = $_GET['username']; $pass = preventInj($_GET['password']); $pincode = $_GET['pincode']; $district = $_GET['district']; $resultdist = mysql_query("select districtid from district where name='" . $_GET['district'] . "' ") or die(mysql_error()); $rowdist = mysql_fetch_array($resultdist); $districtid = $rowdist['districtid']; if (strlen($name) < 1) { $flag1 = 'phpValidError'; } if (isInvalidName($name)) { $flag1 = 'phpValidError'; } if (strlen($address1) < 1) { $flag1 = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag1 = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag1 = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag1 = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag1 = 'phpValidError'; } if (isStringNull($districtid)) { $flag1 = 'phpValidError'; } if (strlen($phone1) < 7) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag1 = 'phpValidError'; } if (isInvalidPhoneNo($phone2)) { $flag1 = 'phpValidError'; } if (strlen($pincode) > 0) { if (strlen($pincode) != 6) { $flag1 = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag1 = 'phpValidError'; } } if (isInvalidName($regno)) { $flag1 = 'phpValidError'; } if (strlen($user) < 5) { $flag1 = 'phpValidError'; } if (strlen($user) > 25) { $flag1 = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag1 = 'phpValidError'; } if (strlen($pass) < 5) { $flag1 = 'phpValidError'; } if (strlen($pass) > 25) { $flag1 = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag1 = 'phpValidError'; } $result = mysql_query("select * from hospital where name='" . $name . "' and hospitaladdress1='" . $address1 . "' and hospitaladdress2='" . $address2 . "' and hospitalphno1='" . $phone1 . "' and hospitalphno2='" . $phone2 . "'\n\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and registerno='" . $regno . "' and \n\t\t\tdistrictid='" . $districtid . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 1; } else { if ($flag1 == 'phpValidError') { } else { $result1 = mysql_query("select * from user where username='******' ") or die(mysql_error()); $intUnameExists = mysql_num_rows($result1); if ($intUnameExists > 0) { $flag = 2; } else { mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\tusertype\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\t\tpassword('" . $pass . "'),\n\t\t\t\t\t\t\t\t\t\t\t\t'Pending',\n\t\t\t\t\t\t\t\t\t\t\t\t'HOSPITAL'\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\t "); mysql_query("insert into hospital\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\t\t\thospitaladdress1,\n\t\t\t\t\t\t\t\t\t\t\thospitaladdress2,\n\t\t\t\t\t\t\t\t\t\t\thospitalphno1,\n\t\t\t\t\t\t\t\t\t\t\thospitalphno2,\n\t\t\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\t\t\tregisterno,\n\t\t\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t\t\t) \n\t\t\t\t\t\t\t\t\t\tvalues \n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($name)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($user)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($email)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($address2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone1)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($phone2)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($mobile)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($districtid)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($pincode)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj(trim($regno)) . "',\n\t\t\t\t\t\t\t\t\t\t\t'Pending'\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t"); $flag = 3; $description = "New hospital with name " . $name . " is registered"; insertEventData("Registration", "Registered new hospital", $user, $description); } } } } return $flag; }
function addData($uname, $id, $poId, $newPoId) { $flag = ""; $name = ""; $distId = ""; $latitude = ""; $longitude = ""; $pincode = ""; if ($id == 'add') { $name = trim($_POST['txtName']); $distId = trim($_POST['cboDistrict']); $latitude = trim($_POST['txtLatitude']); $longitude = trim($_POST['txtLongitude']); $pincode = trim($_POST['txtPincode']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (isInvalidNumber($distId)) { $flag = 'phpValidError'; } if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } if (isStringNull($latitude)) { $flag = 'phpValidError'; } if (isInvalidFloat($latitude)) { $flag = 'phpValidError'; } if (isStringNull($longitude)) { $flag = 'phpValidError'; } if (isInvalidFloat($longitude)) { $flag = 'phpValidError'; } $result = mysql_query("SELECT * FROM postoffice WHERE name='" . $name . "'\n\t\t\tAND districtid='" . $distId . "' AND pincode='" . $pincode . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 'false'; } else { if ($flag == 'phpValidError') { } else { mysql_query("insert into postoffice\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tlatitude,\n\t\t\t\t\t\t\t\t\tlongitude\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($distId) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($latitude) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($longitude) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error()); $flag = 'true'; $usertype = $_SESSION['userType']; $username = $_SESSION['userName']; $description = "Post office name " . trim($name) . " is added"; insertEventData('Add_Post_Office', "Add_new_Postoffice", $username, $description); } } } else { if ($id == 'edit') { $postOfficeId = $poId; $name = trim($_POST['txtName']); $distId = trim($_POST['cboDistrict']); $latitude = trim($_POST['txtLatitude']); $longitude = trim($_POST['txtLongitude']); $pincode = trim($_POST['txtPincode']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (isInvalidNumber($distId)) { $flag = 'phpValidError'; } if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } if (isStringNull($latitude)) { $flag = 'phpValidError'; } if (isInvalidFloat($latitude)) { $flag = 'phpValidError'; } if (isStringNull($longitude)) { $flag = 'phpValidError'; } if (isInvalidFloat($longitude)) { $flag = 'phpValidError'; } if (isInvalidNumber($postOfficeId)) { $flag = 'phpValidError'; } if ($flag == 'phpValidError') { } else { mysql_query("UPDATE postoffice SET\n\t\t\t\t\t\t\t\t\tname ='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($distId) . "',\n\t\t\t\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\tlatitude='" . preventInj($latitude) . "',\n\t\t\t\t\t\t\t\t\tlongitude='" . preventInj($longitude) . "'\n\t\t\t\t\t\t\t\tWHERE postofficeid='" . $postOfficeId . "' ") or die(mysql_error()); $username = $_SESSION['userName']; $description = "Postoffice name " . $name . " is updated"; insertEventData('Update_Post_Office', "Update_Post_Office_Details", $username, $description); $flag = 'success'; } } else { if ($id == 'editNew') { $newpostOfficeId = $newPoId; $name = trim($_POST['txtName']); $distId = trim($_POST['cboDistrict']); $latitude = trim($_POST['txtLatitude']); $longitude = trim($_POST['txtLongitude']); $pincode = trim($_POST['txtPincode']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (isInvalidNumber($distId)) { $flag = 'phpValidError'; } if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } if (isStringNull($latitude)) { $flag = 'phpValidError'; } if (isInvalidFloat($latitude)) { $flag = 'phpValidError'; } if (isStringNull($longitude)) { $flag = 'phpValidError'; } if (isInvalidFloat($longitude)) { $flag = 'phpValidError'; } if (isInvalidNumber($newpostOfficeId)) { $flag = 'phpValidError'; } $result = mysql_query("SELECT * FROM postoffice WHERE name='" . $name . "'\n\t\t\tAND districtid='" . $distId . "' AND pincode='" . $pincode . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 'false'; } else { if ($flag == 'phpValidError') { } else { mysql_query("insert into postoffice\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tlatitude,\n\t\t\t\t\t\t\t\t\tlongitude\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($distId) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($latitude) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($longitude) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error()); mysql_query("DELETE FROM newpostoffice WHERE postofficeid='" . $newpostOfficeId . "' ") or die(mysql_error()); $flag = 'newAdd'; $username = $_SESSION['userName']; $description = "Post office name " . trim($name) . " is deleted from pending list and new postoffice added"; insertEventData('Add_Post_Office', "Add_Pending_Post_office", $username, $description); } } } else { } } } return $flag; }
function addData($uname, $id) { $daoId = 0; $name = ""; $designation = null; $address1 = null; $address2 = null; $phone1 = null; $email = ""; $phone2 = null; $mobile = null; $user = ""; $pass = ""; $districtid = ""; $flag = ""; if ($id == 'add') { $name = trim($_POST['txtName']); $designation = trim($_POST['txtDesignation']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $email = trim($_POST['txtEmail']); $districtid = trim($_POST['cmpDistrict']); $phone1 = trim($_POST['txtPhone1']); $mobile = trim($_POST['txtMobile']); $user = trim($_POST['txtUserName']); $pass = trim($_POST['txtPassword']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($designation) < 1) { $flag = 'phpValidError'; } if (isInvalidName($designation)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag = 'phpValidError'; } if (strlen($phone1) < 7) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag = 'phpValidError'; } if (strlen($user) < 5) { $flag = 'phpValidError'; } if (strlen($user) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag = 'phpValidError'; } if (strlen($pass) < 5) { $flag = 'phpValidError'; } if (strlen($pass) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag = 'phpValidError'; } $result = mysql_query("select * from dao where name='" . $name . "' and address1='" . $address1 . "'\n\t\t\tand address2='" . $address2 . "' and phonenumber='" . $phone1 . "' and mobilenumber='" . $mobile . "'\n\t\t\tand emailid='" . $email . "' and designation='" . $designation . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 'false'; } else { if ($flag == 'phpValidError') { } else { $result1 = mysql_query("select * from user where username='******' ") or die(mysql_error()); $intUnameExists = mysql_num_rows($result1); if ($intUnameExists > 0) { $flag = 'fail'; } else { mysql_query("insert into user\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\tusertype,\n\t\t\t\t\t\t\t\t\tlastlogin\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t'Approved',\n\t\t\t\t\t\t\t\t\t\t'DAO',\n\t\t\t\t\t\t\t\t\t\tnow()\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t ") or die(mysql_error()); mysql_query("insert into dao\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdesignation,\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\taddress1,\n\t\t\t\t\t\t\t\t\taddress2,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\tphonenumber,\n\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($designation) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t'" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t'Approved'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error()); $flag = 'true'; $username = $_SESSION['userName']; $description = "New dao with username " . $user . " is added"; insertEventData('Add_Dao', "Add_new_dao", $username, $description); } } } } else { if ($_SESSION['userType'] == "DAO" && $_POST['txtPassword'] != NULL) { $pass = trim($_POST['txtPassword']); $user = trim($_POST['txtUserName']); if (strlen($user) < 5) { $flag = 'phpValidError'; } if (strlen($user) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag = 'phpValidError'; } if (strlen($pass) < 5) { $flag = 'phpValidError'; } if (strlen($pass) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag = 'phpValidError'; } if ($flag == 'phpValidError') { } else { mysql_query("update user\n\t\t\t\t\t\t\t\t\tset userpasswd='" . preventInj($pass) . "',\n\t\t\t\t\t\t\t\t\t\t\tlastlogin=now()\n\t\t\t\t\t\t\t\t\twhere username='******' ") or die(mysql_error()); } } $name = trim($_POST['txtName']); $designation = trim($_POST['txtDesignation']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $email = trim($_POST['txtEmail']); $districtid = trim($_POST['cmpDistrict']); $phone1 = trim($_POST['txtPhone1']); $mobile = trim($_POST['txtMobile']); $daoId = trim($_POST['daoId']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($designation) < 1) { $flag = 'phpValidError'; } if (isInvalidName($designation)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag = 'phpValidError'; } if (strlen($phone1) < 7) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag = 'phpValidError'; } if (isInvalidNumber($daoId)) { $flag = 'phpValidError'; } if ($flag == 'phpValidError') { } else { mysql_query("update dao\n\t\t\t\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t\tdesignation='" . preventInj($designation) . "',\n\t\t\t\t\t\t\t\t\t\taddress1='" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t\taddress2='" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t\tphonenumber='" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t\tmobilenumber='" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t\temailid='" . preventInj($email) . "'\n\t\t\t\t\t\t\t\twhere daoid='" . $daoId . "' ") or die(mysql_error()); $username = $_SESSION['userName']; $description = "Dao with id " . $des . " is updated"; insertEventData('Update_Dao', "Dao_Details_Updated", $username, $description); $flag = 'success'; } } return $flag; }
function addData($uname, $id) { $hospitalId = ""; $name = ""; $address1 = null; $address2 = null; $phone1 = null; $email = ""; $phone2 = null; $regno = null; $mobile = null; $user = null; $pass = null; $flag = ""; if ($id == 'add') { $name = trim($_POST['txtHospitalName']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $email = trim($_POST['txtEmail']); $phone1 = trim($_POST['txtPhone1']); $phone2 = trim($_POST['txtPhone2']); $regno = trim($_POST['txtRegNo']); $mobile = trim($_POST['txtMobile']); $user = trim($_POST['txtUserName']); $pass = trim($_POST['txtPassword']); $pincode = trim($_POST['txtPincode']); $districtid = trim($_POST['cmpDistrict']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag = 'phpValidError'; } } if (isInvalidNumber($districtid)) { $flag = 'phpValidError'; } if (strlen($phone1) < 7) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone2)) { $flag = 'phpValidError'; } if (strlen($pincode) > 0) { if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } } if (isInvalidName($regno)) { $flag = 'phpValidError'; } if (strlen($user) < 5) { $flag = 'phpValidError'; } if (strlen($user) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag = 'phpValidError'; } if (strlen($pass) < 5) { $flag = 'phpValidError'; } if (strlen($pass) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag = 'phpValidError'; } $result = mysql_query("select * from hospital where name='" . $name . "' and\n\t\t\thospitaladdress1='" . $address1 . "' and hospitaladdress2='" . $address2 . "'\n\t\t\tand hospitalphno1='" . $phone1 . "' and hospitalphno2='" . $phone2 . "'\n\t\t\tand mobilenumber='" . $mobile . "' and emailid='" . $email . "' and registerno='" . $regno . "'\n\t\t\tand districtid='" . $districtid . "' ") or die(mysql_error()); $intnameExists = mysql_num_rows($result); if ($intnameExists > 0) { $flag = 'false'; } else { if ($flag == 'phpValidError') { } else { $result1 = mysql_query("select * from user where username='******' ") or die(mysql_error()); $intUnameExists = mysql_num_rows($result1); if ($intUnameExists > 0) { $flag = 'fail'; } else { mysql_query("insert into user\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\t\t\tuserpasswd,\n\t\t\t\t\t\t\t\t\t\t\tstatus,\n\t\t\t\t\t\t\t\t\t\t\tusertype,\n\t\t\t\t\t\t\t\t\t\t\tlastlogin\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t\t\tpassword('" . preventInj($pass) . "'),\n\t\t\t\t\t\t\t\t\t\t\t'Approved',\n\t\t\t\t\t\t\t\t\t\t\t'HOSPITAL',\n\t\t\t\t\t\t\t\t\t\t\tnow()\n\t\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\t\t ") or die(mysql_error()); mysql_query("insert into hospital\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\t\t\temailid,\n\t\t\t\t\t\t\t\t\thospitaladdress1,\n\t\t\t\t\t\t\t\t\thospitaladdress2,\n\t\t\t\t\t\t\t\t\thospitalphno1,\n\t\t\t\t\t\t\t\t\thospitalphno2,\n\t\t\t\t\t\t\t\t\tmobilenumber,\n\t\t\t\t\t\t\t\t\tdistrictid,\n\t\t\t\t\t\t\t\t\tstateid,\n\t\t\t\t\t\t\t\t\tpincode,\n\t\t\t\t\t\t\t\t\tregisterno,\n\t\t\t\t\t\t\t\t\tstatus\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($user) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($phone2) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($districtid) . "',\n\t\t\t\t\t\t\t\t\t'01',\n\t\t\t\t\t\t\t\t\t'" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($regno) . "',\n\t\t\t\t\t\t\t\t\t'Approved'\n\t\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error()); $flag = 'true'; $description = "New hospital with name " . $name . " is added"; insertEventData('Add_Hospital', "Add new hospital", $user, $description); } } } } else { $name = trim($_POST['txtHospitalName']); $address1 = trim($_POST['txtAddress1']); $address2 = trim($_POST['txtAddress2']); $email = trim($_POST['txtEmail']); $phone1 = trim($_POST['txtPhone1']); $phone2 = trim($_POST['txtPhone2']); $regno = trim($_POST['txtRegNo']); $mobile = trim($_POST['txtMobile']); $pincode = trim($_POST['txtPincode']); $districtid = trim($_POST['cmpDistrict']); $hospitalId = trim($_POST['hospitalId']); if (strlen($name) < 1) { $flag = 'phpValidError'; } if (isInvalidName($name)) { $flag = 'phpValidError'; } if (strlen($address1) < 1) { $flag = 'phpValidError'; } if (isInvalidAddress($address1)) { $flag = 'phpValidError'; } if (isInvalidAddress($address2)) { $flag = 'phpValidError'; } if (strlen($email) > 0) { if (isInvalidEmail($email)) { $flag = 'phpValidError'; } } if (strlen($phone1) < 7) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone1)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($phone2)) { $flag = 'phpValidError'; } if (isInvalidPhoneNo($mobile)) { $flag = 'phpValidError'; } if (strlen($pincode) > 0) { if (strlen($pincode) != 6) { $flag = 'phpValidError'; } if (isInvalidNumber($pincode)) { $flag = 'phpValidError'; } } if (isInvalidName($regno)) { $flag = 'phpValidError'; } if (isInvalidNumber($districtid)) { $flag = 'phpValidError'; } if (isInvalidNumber($hospitalId)) { $flag = 'phpValidError'; } if ($_SESSION['userType'] == "HOSPITAL" && $_POST['txtPassword'] != NULL) { $pass = trim($_POST['txtPassword']); $user = trim($_POST['txtUserName']); if (strlen($user) < 5) { $flag = 'phpValidError'; } if (strlen($user) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z][a-zA-Z0-9]{4,24}$', $user)) { $flag = 'phpValidError'; } if (strlen($pass) < 5) { $flag = 'phpValidError'; } if (strlen($pass) > 25) { $flag = 'phpValidError'; } if (!ereg('^[a-zA-Z]', $pass)) { $flag = 'phpValidError'; } if ($flag == 'phpValidError') { } else { mysql_query("update user\n\t\t\t\t\t\t\t\t\tset userpasswd='" . preventInj($pass) . "',\n\t\t\t\t\t\t\t\t\t\t\tlastlogin=now()\n\t\t\t\t\t\t\t\t\twhere username='******' ") or die(mysql_error()); } } if ($flag == 'phpValidError') { } else { mysql_query("update hospital\n\t\t\t\t\t\t\t\tset name='" . preventInj($name) . "',\n\t\t\t\t\t\t\t\t\t\temailid='" . preventInj($email) . "',\n\t\t\t\t\t\t\t\t\t\thospitaladdress1='" . preventInj($address1) . "',\n\t\t\t\t\t\t\t\t\t\thospitaladdress2='" . preventInj($address2) . "',\n\t\t\t\t\t\t\t\t\t\thospitalphno1='" . preventInj($phone1) . "',\n\t\t\t\t\t\t\t\t\t\thospitalphno2='" . preventInj($phone2) . "',\n\t\t\t\t\t\t\t\t\t\tmobilenumber='" . preventInj($mobile) . "',\n\t\t\t\t\t\t\t\t\t\tpincode='" . preventInj($pincode) . "',\n\t\t\t\t\t\t\t\t\t\tregisterno='" . preventInj($regno) . "',\n\t\t\t\t\t\t\t\t\t\tdistrictid='" . preventInj($districtid) . "'\n\t\t\t\t\t\t\t\twhere hospitalid='" . preventInj($hospitalId) . "' ") or die(mysql_error()); $flag = 'success'; $username = $_SESSION['userName']; $description = "Hospital with id " . $hospitalId . " is updated"; insertEventData('Update_Hospital', "Update_Hospital_Details", $username, $description); } } return $flag; }
function addDiseaseDetails($strUserName, $strId) { $blnFlag = ""; $strDiseaseName = ""; $strDescription = ""; $intDiseaseId = ""; $strSymptoms = ""; $strPrecautions = ""; $strMedication = ""; $strSpecialAdvice = ""; $strSelectImageName = ""; $strSelectImageName = trim($_POST['strselectImage']); $strDiseaseName = trim($_POST['txtDiseaseName']); $strDescription = trim($_POST['txtAreaDescription']); $strSymptoms = $_POST['txtAreaSymptoms']; $strPrecautions = $_POST['txtAreaPrecautions']; $strMedication = $_POST['txtAreaMedication']; $strSpecialAdvice = $_POST['txtAreaSpecialAdvice']; if (strlen($strDiseaseName) < 1) { $blnFlag = 'phpValidError'; } if (isInvalidName($strDiseaseName)) { $blnFlag = 'phpValidError'; } if (strlen($strDescription) < 1) { $blnFlag = 'phpValidError'; } // if(isInvalidName($strDescription)) // $blnFlag ='phpValidError'; if (strlen($strSymptoms) < 1) { $blnFlag = 'phpValidError'; } // if(isInvalidName($strSymptoms)) // $blnFlag ='phpValidError'; if (strlen($strPrecautions) < 1) { $blnFlag = 'phpValidError'; } // if(isInvalidName($strPrecautions)) // $blnFlag ='phpValidError'; if (strlen($strMedication) < 1) { $blnFlag = 'phpValidError'; } // if(isInvalidName($strMedication)) // $blnFlag ='phpValidError'; if (strlen($strSpecialAdvice) < 1) { $blnFlag = 'phpValidError'; } // if(isInvalidName($strSpecialAdvice)) // $blnFlag ='phpValidError'; if ($strId == 'add') { $resultDisease = mysql_query("SELECT * FROM disease WHERE name='" . $strDiseaseName . "' ") or die(mysql_error()); $intDiseaseNameExists = mysql_num_rows($resultDisease); if ($intDiseaseNameExists > 0) { $blnFlag = 'false'; } else { if ($blnFlag == 'phpValidError') { } else { mysql_query("insert into disease\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\t\t\tdescription,\n\t\t\t\t\t\t\t\t\tsymptoms,\n\t\t\t\t\t\t\t\t\tprecaution,\n\t\t\t\t\t\t\t\t\tmedication,\n\t\t\t\t\t\t\t\t\tspecialadvice,\n\t\t\t\t\t\t\t\t\timagename\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t\tvalues\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t'" . preventInj($strDiseaseName) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strDescription) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strSymptoms) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strPrecautions) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strMedication) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strSpecialAdvice) . "',\n\t\t\t\t\t\t\t\t\t'" . preventInj($strSelectImageName) . "'\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t") or die(mysql_error()); $blnFlag = 'true'; $username = $_SESSION['userName']; $usertype = $_SESSION['userType']; $description = "Disease name " . trim($strDiseaseName) . " is added"; insertEventData($usertype, "Add new disease", $username, $description); } } } else { if ($strId == 'edit') { $intDiseaseId = $_POST['txtDiseaseId']; if (isInvalidNumber($intDiseaseId)) { $blnFlag = 'phpValidError'; } if ($blnFlag == 'phpValidError') { } else { mysql_query("UPDATE disease SET\n\t\t\t\t\t\t\t\t\tname ='" . preventInj($strDiseaseName) . "',\n\t\t\t\t\t\t\t\t\tdescription='" . preventInj($strDescription) . "',\n\t\t\t\t\t\t\t\t\tsymptoms='" . preventInj($strSymptoms) . "',\n\t\t\t\t\t\t\t\t\tprecaution='" . preventInj($strPrecautions) . "',\n\t\t\t\t\t\t\t\t\tmedication='" . preventInj($strMedication) . "',\n\t\t\t\t\t\t\t\t\tspecialadvice='" . preventInj($strSpecialAdvice) . "',\n\t\t\t\t\t\t\t\t\timagename='" . preventInj($strSelectImageName) . "'\n\t\t\t\t\t\t\t\tWHERE diseaseid='" . $intDiseaseId . "' ") or die(mysql_error()); $username = $_SESSION['userName']; $description = "Disease name " . $strDiseaseName . " is updated"; insertEventData('Update_Disease', "Update_Disease_Details", $username, $description); $blnFlag = 'success'; } } } return $blnFlag; }