passwordPerson = md5('{$passwordPerson}'), behorighetPerson = '{$behorighetPerson}' WHERE idPerson = '{$idPerson}'; QUERY; } else { //Annars läggs en ny användare in. $query = <<<QUERY INSERT INTO {$tablePerson} (accountPerson, passwordPerson, behorighetPerson) VALUES ('{$accountPerson}', md5('{$passwordPerson}'), '{$behorighetPerson}'); QUERY; } $dbAccess->SingleQuery($query); // Om $idPerson inte innehåller något är det en ny användare. // Hämta då dennes id. if (!$idPerson) { $idPerson = $dbAccess->LastId(); $redirect = "edit_usr&id=" . $idPerson; } if ($debugEnable) { $debug .= "idPerson: " . $idPerson . "<br />\r\n"; } // Skicka lösenordet i mejl om detta är begärt. if (isset($formValues['send'])) { if ($debugEnable) { $debug .= "send= " . $formValues['send'] . "<br />\r\n"; } // Hämta mejladress. från personen eller dess målsman. $query = "\n SELECT ePostPerson FROM {$tablePerson} \n WHERE idPerson = '{$idPerson}';"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $result->close();
$nameAlbum = $dbAccess->WashParameter(strip_tags($formValues['name'])); $descriptionAlbum = $dbAccess->WashParameter(strip_tags($formValues['description'])); $presentTime = time(); if ($idAlbum) { // If $idAlbum already exists, update the DB. $timeEditedAlbum = $presentTime; $query = "\n UPDATE {$tableAlbum} SET \n nameAlbum = '{$nameAlbum}',\n descriptionAlbum = '{$descriptionAlbum}',\n timeEditedAlbum = '{$timeEditedAlbum}'\n WHERE idAlbum = '{$idAlbum}';\n "; $dbAccess->SingleQuery($query); } else { // Otherwise a new album is added to the DB. $album_idUser = $_SESSION['idUser']; $timeCreatedAlbum = $presentTime; $timeEditedAlbum = $presentTime; $query = "\n INSERT INTO {$tableAlbum} (\n album_idUser, \n nameAlbum, \n descriptionAlbum, \n timeCreatedAlbum,\n timeEditedAlbum)\n VALUES (\n '{$album_idUser}', \n '{$nameAlbum}',\n '{$descriptionAlbum}',\n '{$timeCreatedAlbum}',\n '{$timeEditedAlbum}'\n );\n "; $dbAccess->SingleQuery($query); $idAlbum = $dbAccess->LastId(); if ($debugEnable) { $debug .= "idAlbum: " . $idAlbum . "<br /> \r\n"; } } // Jump to next page if not in debug. if ($debugEnable) { $form->removeChild($buttons); // Remove buttons. $form->toggleFrozen(true); // Freeze the form for display. $mainTextHTML .= "<a title='Vidare' href='?p={$redirect}'>\n <img src='images/accept.png' alt='Vidare' /></a> <br />\r\n"; } else { $redirect = str_replace("&", "&", $redirect); header('Location: ' . WS_SITELINK . "?p={$redirect}"); exit;
if ($idBook) { // Edit an existing book // Check if the session id is owner of the book. $query = <<<QUERY SELECT child_idUser FROM ({$tableBook} JOIN {$tableChild} ON book_idChild = idChild) WHERE idBook = {$idBook}; QUERY; } else { // Add a new book. $query = <<<QUERY INSERT INTO {$tableBook} (nameBook, book_idChild) VALUES ('{$nameBook}', '{$idChild}'); QUERY; $dbAccess->SingleQuery($query); $idBook = $dbAccess->LastId(); // Check the id of the new book. if ($debugEnable) { $debug .= "idBook: " . $idBook . "<br /> \n"; } // Add a first page of the new book. $query = <<<QUERY INSERT INTO {$tablePage} (stylePage, page_idBook) VALUES ('1', '{$idBook}'); QUERY; $dbAccess->SingleQuery($query); } /////////////////////////////////////////////////////////////////////////////////////////////////// // Redirect // If in debug mode exit before redirect. if ($debugEnable) {
$statBostad = $dbAccess->WashParameter(strip_tags($formValues['stat'])); if ($idBostad) { // Om personen har en bostad knuten till sig så uppdatera den. $query = "\n UPDATE {$tableBostad} SET \n telefonBostad = '{$telefonBostad}',\n adressBostad = '{$adressBostad}',\n stadsdelBostad = '{$stadsdelBostad}',\n postnummerBostad = '{$postnummerBostad}',\n statBostad = '{$statBostad}'\n WHERE idBostad = '{$idBostad}';"; $dbAccess->SingleQuery($query); } else { //Annars läggs en ny bostad in. if (!$adressBostad) { // Om ingen adress är angiven läggs en temporär adress in för // att senare kunna uppdateras. $adressBostad = "Temporär adress för " . $fornamnPerson . " " . $efternamnPerson; } $query = "\n INSERT INTO {$tableBostad} (\n telefonBostad, \n adressBostad, \n stadsdelBostad, \n postnummerBostad, \n statBostad)\n VALUES (\n '{$telefonBostad}', \n '{$adressBostad}', \n '{$stadsdelBostad}', \n '{$postnummerBostad}', \n '{$statBostad}');"; $dbAccess->SingleQuery($query); // Koppla bostaden till personen. $idBostad = $dbAccess->LastId(); $query = "\n UPDATE {$tablePerson} SET person_idBostad = '{$idBostad}' \n WHERE idPerson = '{$idPerson}';"; $dbAccess->SingleQuery($query); } } if ($debugEnable) { // Om debug så visa formuläret färdigifyllt. $form->removeChild($buttons); // Tag bort knapparna. $form->toggleFrozen(true); // Frys formuläret inför ny visning. $mainTextHTML .= "<a title='Vidare' href='?p=show_usr&id={$idPerson}'\n tabindex='1'><img src='../images/b_enter.gif' alt='Vidare' /></a>\n <br />\r\n"; } else { // Annars hoppa vidare. header('Location: ' . WS_SITELINK . "?p=show_usr&id={$idPerson}"); exit;
firstNameChild = '{$firstNameChild}', famillyNameChild = '{$famillyNameChild}', birthDateChild = '{$birthDateChild}' WHERE idChild = '{$idChild}'; QUERY; } else { // Else enter a new child. $query = <<<QUERY INSERT INTO {$tableChild} (firstNameChild, famillyNameChild, birthDateChild, child_idUser) VALUES ('{$firstNameChild}', '{$famillyNameChild}', '{$birthDateChild}', '{$idUser}'); QUERY; } $dbAccess->SingleQuery($query); // If $idChild is empty then it's a new child. Get the id. if (!$idChild) { $idChild = $dbAccess->LastId(); } if ($debugEnable) { $debug .= "idChild: " . $idChild . "<br /> \n"; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Redirect to another page // // If in debug mode show info and exit. if ($debugEnable) { echo $debug; exit; } header("Location: " . WS_SITELINK . "?p={$redirect}"); exit; ?>
$maxPhoto = new maxImageUpload(); $result = TRUE; $msg = ""; $error = ""; // Prepare the database. $dbAccess = new CdbAccess(); $tablePicture = DB_PREFIX . 'Picture'; $tableAlbum = DB_PREFIX . 'Album'; // Get form values. $namePicture = $dbAccess->WashParameter(strip_tags($_POST['mytitle'])); $descriptionPicture = $dbAccess->WashParameter(strip_tags($_POST['mydesc'])); // Register picture in DB and store the information. $query = "\n INSERT INTO {$tablePicture} (\n picture_idAlbum, \n namePicture, \n descriptionPicture)\n VALUES (\n '{$idAlbum}', \n '{$namePicture}',\n '{$descriptionPicture}'\n );\n "; $dbAccess->SingleQuery($query); // Get the picture id. $idPicture = $dbAccess->LastId(); if ($debugEnable) { $debug .= "idPicture=" . $idPicture . " Type=" . $_FILES['myfile']['type'] . " Name=" . $_FILES['myfile']['name'] . "<br />\r\n"; } //Check image type. Only jpeg images are allowed if (strcasecmp($_FILES['myfile']['type'], 'image/pjpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpg')) { $error = "Bara jpeg-bilder kan laddas upp!"; $result = false; } if ($result) { // Move uploaded file to a temporary name. $target_path = TP_PICTURES . "tmp" . '.jpg'; if (@move_uploaded_file($_FILES['myfile']['tmp_name'], $target_path)) { } else { $error = "Något gick fel vid uppladdningen av din bild!"; $result = false;
accountUser = '******', passwordUser = md5('{$password1User}'), authorityUser = '******' WHERE idUser = '******'; QUERY; } else { // Else enter a new user. $query = <<<QUERY INSERT INTO {$tableUser} (accountUser, passwordUser, authorityUser) VALUES ('{$accountUser}', md5('{$password1User}'), '{$authorityUser}'); QUERY; } $dbAccess->SingleQuery($query); // If $idUser is empty then it's a new user. Get the id. if (!$idUser) { $idUser = $dbAccess->LastId(); } if ($debugEnable) { $debug .= "idUser: "******"<br /> \n"; } // Send the password in a mail if it is requested. if ($send) { // Get the mail address. $query = "SELECT eMail1User, eMail2User FROM {$tableUser} WHERE idUser = '******';"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $result->close(); if ($row->eMail1User) { $eMailAdr = $row->eMail1User; } elseif ($row->eMail2User) { $eMailAdr = $row->eMail1User;