function superSanitize($something) { if (is_array($something)) { foreach ($something as $k => $v) { $something[$k] = superSanitize($v); } return $something; } else { return sanitize($something); } }
$res = mysql_query($qry) or die("The world is ending! "); //also make a note in the db also $note = $_POST['innernote']; if ($note != "") { $name = $_SESSION['FIRST_NAME'] . " " . $_SESSION['LAST_NAME']; $qry = "INSERT INTO ost_ticket_note(ticket_id,staff_id,source,title,note,created) VALUES('" . $ticket_id . "','" . $_SESSION['STAFF_ID'] . "','" . $name . "','Ticket Updated by " . $name . "','" . $note . "',NOW())"; $res = mysql_query($qry) or die("Bingo...right?"); } echo "Update Successful! Wow, you just totally changed that data like a pro."; mysql_close($link); } /* Create a new ticket */ if (isset($_GET['new'])) { $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("pickle"); mysql_select_db(DB_NAME) or die("Dig Doug"); $data = superSanitize($_POST); require_once 'util.php'; $ticketID = randNumber(); $duedate = explode('/', $data['duedate']); $qry = "INSERT INTO \n\t\tost_ticket(`ticket_id`, `ticketID`, `dept_id`, `priority_id`, `topic_id`, `staff_id`, `email`, `name`, `subject`, `helptopic`, `phone`, `phone_ext`, `ip_address`, `status`, `source`, `isoverdue`, `isanswered` " . ($data['duedate'] == '' ? "" : ",`duedate`") . ",`created`) \n\t\t VALUES('" . $data['ticket_id'] . "', '" . $ticketID . "', '" . $data['dept_id'] . "', '" . $data['priority_id'] . "', '" . $data['helptopicID'] . "', '" . $data['assigned'] . "', '" . $data['email'] . "', '" . $data['name'] . "', '" . $data['subject'] . "', '" . $data['helptopic'] . "', '" . $data['phone'] . "', '" . $data['phone_ext'] . "', '" . getRealIpAddr() . "', '" . "open" . "', '" . $data['ticket_source'] . "', '" . "0" . "', '" . "0" . "'," . ($data['duedate'] == '' ? "" : " '" . gmdate('Y-m-d H:i:s', mktime(0, 0, 0, $duedate[0], $duedate[1], $duedate[2])) . "', ") . " NOW()) "; mysql_query($qry) or die("that is a funny joke there bob."); //update attachments /* send email here depending on whether alert user or staff is checked */ echo "New Ticket Created Successfully! I just cannot believe you did it SO fast."; //echo sendMail("*****@*****.**","*****@*****.**","Test Message","<p>Are <b>you</b> actually named <em>Ross</em> too!</p>")?"Mail Sent":"Mail Fail"; mysql_close($link); } /* Ticket - menu, Edit & New */ if (isset($_GET['menu'])) { if ($_GET['menu'] == 'new') { require_once 'auth.php';