case 'agency': $agencystatement = str_replace('"', '\\"', $_POST['agencystatement']); $query = $query . '`agencystatement` = "' . $agencystatement . '",'; $query = $query . '`username` = "' . $session->UserName . '",'; $query = $query . '`userid` = "' . $session->UserID . '",'; $query = $query . '`lastupdated` = "' . date('Y-m-d') . '"'; $query2 = $query2 . "`agencystatement`"; $url = "editagencyform.php?sessionid=" . $session->SessionID . "&id=" . $_POST['id']; break; default: break; } $query2 = $query2 . ' FROM prfirm WHERE `id` = "' . $_POST['id'] . '"'; $query = $query . ' WHERE `id` = "' . $_POST['id'] . '"'; $result = mysql_query($query2); $record = ''; $i = 0; while ($row = mysql_fetch_array($result)) { if ($i < 1) { $record = serialize($row); } } $query3 = 'INSERT INTO changelog (`id`,`data`,`userid`,`changetime`) VALUES ('; $query3 = $query3 . '"' . $session->CreateGUID() . '",'; $query3 = $query3 . '"' . str_replace('"', '\\"', $record) . '",'; $query3 = $query3 . '"' . $session->UserID . '",'; $query3 = $query3 . '"' . date('Y-m-d G:i:s') . '")'; mysql_query($query3); mysql_query($query); echo '<meta http-equiv="refresh" content="' . $delay . ';url=' . $url . '">'; }
echo "<body bgcolor=\"#ffffff\" text=\"Black\" link=\"Blue\" vlink=\"Purple\" alink=\"Red\" leftmargin=\"0\" topmargin=\"0\" marginheight=\"0\" marginwidth=\"0\">"; echo "<br><br><div align=\"center\"><span class=\"bodytext\"><b>Your Session Expired<br><br><a href=\"index.php\" target=\"_top\">Click Here to Try Again</a></b></span></div>"; echo "</body>"; echo "</html>"; } else { if (!mysql_connect("localhost", "root", "oldhouse")) { echo "<h2>Can't Connect to Database.</h2>"; die; } mysql_select_db("odwyer"); $delay = "0"; // 3 second delay $query = 'INSERT INTO prfirm ('; $query = $query . "`id`,`name`,`undertitle`,`address1`,`address2`,`address3`,`address4`,`city`,`state`,`zip`,`zip4`,`province`,`country`,`contact`,`title`,`phone`,`fax`,`email`,`url`,`ranked`,`alpha`,`employees`,`founded`,`miscinfo`,`logo`,`staffinfo`,`username`,`userid`,`lastupdated`"; $query = $query . ") VALUES ("; $id = $session->CreateGUID(); $query = $query . '"' . $id . '",'; $query = $query . '"' . $_POST['prfirmname'] . '",'; $query = $query . '"' . $_POST['undertitle'] . '",'; $query = $query . '"' . $_POST['address1'] . '",'; $query = $query . '"' . $_POST['address2'] . '",'; $query = $query . '"' . $_POST['address3'] . '",'; $query = $query . '"' . $_POST['address4'] . '",'; $query = $query . '"' . $_POST['city'] . '",'; $query = $query . '"' . $_POST['state'] . '",'; $query = $query . '"' . $_POST['zip'] . '",'; $query = $query . '"' . $_POST['zip4'] . '",'; $query = $query . '"' . $_POST['province'] . '",'; $query = $query . '"' . $_POST['country'] . '",'; $query = $query . '"' . $_POST['contact'] . '",'; $query = $query . '"' . $_POST['title'] . '",';