コード例 #1
0
ファイル: DiveSiteMedical.php プロジェクト: EScuba/RSD
 case 'Delete':
     $DesiredRecord = $_POST['SelectRecord'];
     GetLoadDesiredRecord();
     DeleteForm();
     break;
 case 'Next':
     Db_Next();
     DisplayForm();
     break;
 case 'Previous':
     Db_Prev();
     DisplayForm();
     break;
 case 'Submit Changes':
     GetPostVariables();
     Db_Update();
     ListMenu();
     break;
 case 'Submit Delete':
     GetPostVariables();
     Db_Delete();
     ListMenu();
     break;
 case 'Submit Add':
     GetPostVariables();
     if (ValidUniqueCode()) {
         Db_Add();
         ListMenu();
     } else {
         $_SESSION['SystemMessage'] = 'Code already on file!! Choose another.';
         AddForm();
コード例 #2
0
ファイル: DiveSitePix.php プロジェクト: EScuba/RSD
function Db_Add()
{
    global $db, $user, $serverhost, $password, $Add, $Edit, $Delete, $Search, $Start, $Expiry;
    global $NumDiveSitePixRecords, $DiveSitePixId, $DiveSiteId, $DiveSitePixEnteredBy, $DiveSitePixDateEntered;
    global $DiveSiteCity, $DiveSiteProvince, $DiveSiteCountry, $DiveSiteName, $DiveSiteMajorName;
    global $DiveSiteMinorName, $DiveSiteExactLat, $DiveSiteExactLong, $DiveSitePixTitle, $DIveSitePixType;
    global $DiveSitePixNoteKeywords, $DiveSitePixPictureURLFileInfo, $DiveSitePixNotes;
    $connection = mysql_connect($serverhost, $user, $password) or die('ERROR!!  Cannot connect to MySql');
    $rs = mysql_select_db($db, $connection) or die('ERROR!! Cannot connect to aquatreasurequest database');
    $sql = "insert into DiveSitePix(DiveSiteId,DiveSitePixEnteredBy,DiveSitePixDateEntered,DiveSiteCity,DiveSiteProvince,DiveSiteCountry,DiveSiteName,DiveSiteMajorName,DiveSiteMinorName,DiveSiteExactLat,DiveSiteExactLong,DiveSitePixTitle,DIveSitePixType,DiveSitePixNoteKeywords,DiveSitePixPictureURLFileInfo,DiveSitePixNotes) values (";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteId)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSitePixEnteredBy)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSitePixDateEntered)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteCity)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteProvince)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteCountry)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteName)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteMajorName)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteMinorName)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteExactLat)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSiteExactLong)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSitePixTitle)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DIveSitePixType)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSitePixNoteKeywords)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSitePixPictureURLFileInfo)) . "',";
    $sql = $sql . "'" . strip_tags(addslashes($DiveSitePixNotes)) . "')";
    $result = mysql_query($sql, $connection) or die("ERROR!! DiveSitePix ADD failure");
    #-------------------- record has been added
    $DiveSitePixId = mysql_insert_id($connection);
    mysql_close($connection);
    #$DiveSitePixId='9999';  # fake id to test
    #------------ now to move the file with the name properly set ---------------------------------
    #echo('Pix ID is: '.$DiveSitePixId.'<br>');
    #echo('Pix File name: '.$DiveSitePixURLFileInfo.'<br>');
    $target_dir = "DiveSiteImages/";
    $target_name = $DiveSiteName . '_' . str_pad($DiveSitePixId, 8, '0', STR_PAD_LEFT);
    #echo('target name is: '.$target_name.'<br>');
    $target_file = $target_dir . basename($_FILES["DiveSitePixPictureURLFileInfo"]["name"]);
    #echo('target file is: '.$target_file.'<br>');
    $uploadOk = 1;
    $imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
    // Check if image file is a actual image or fake image
    if (isset($_POST["submit"])) {
        $check = getimagesize($_FILES["DiveSitePixPictureURLFileInfo"]["tmp_name"]);
        if ($check !== false) {
            #       echo "File is an image - " . $check["mime"] . ".";
            $uploadOk = 1;
        } else {
            #       echo "File is not an image.";
            $uploadOk = 0;
        }
    }
    // Check if file already exists
    if (file_exists($target_file)) {
        #    echo "Sorry, file already exists.";
        $uploadOk = 0;
    }
    // Check file size
    if ($_FILES["fileToUpload"]["size"] > 10000000) {
        #    echo "Sorry, your file is too large.";
        $uploadOk = 0;
    }
    // Allow certain file formats
    if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" && $imageFileType != "JPG" && $imageFileType != "PNG" && $imageFileType != "JPEG" && $imageFileType != "GIF") {
        #    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
        $uploadOk = 0;
    }
    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.";
        exit;
        // if everything is ok, try to upload file
    } else {
        $target_file = $target_dir . $target_name . '.' . $imageFileType;
        $target_file = preg_replace('/\\s+/', '_', $target_file);
        if (move_uploaded_file($_FILES["DiveSitePixPictureURLFileInfo"]["tmp_name"], $target_file)) {
            #        echo "The file ". basename( $_FILES["DiveSitePixPictureURLFileInfo"]["name"]). " has been uploaded as ".$target_file;
        } else {
            echo "Sorry, there was an error uploading your file.";
            exit;
        }
    }
    $DiveSitePixPictureURLFileInfo = $target_file;
    PutVariablesIntoSession();
    Db_Update();
    return;
}