function reports_insert() { global $Translation; if ($_GET['insert_x'] != '') { $_POST = $_GET; } // mm: can member insert record? $arrPerm = getTablePermissions('reports'); if (!$arrPerm[1]) { return false; } $data['start_date'] = intval($_POST['start_dateYear']) . '-' . intval($_POST['start_dateMonth']) . '-' . intval($_POST['start_dateDay']); $data['start_date'] = parseMySQLDate($data['start_date'], ''); $data['end_date'] = intval($_POST['end_dateYear']) . '-' . intval($_POST['end_dateMonth']) . '-' . intval($_POST['end_dateDay']); $data['end_date'] = parseMySQLDate($data['end_date'], ''); $data['company'] = makeSafe($_POST['company']); if ($data['company'] == empty_lookup_value) { $data['company'] = ''; } $data['created'] = parseCode('<%%creationDate%%>', true, true); $data['created_by'] = parseCode('<%%creatorUsername%%>', true); if ($data['start_date'] == '') { echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Report start date': " . $Translation['field not null'] . '<br /><br />'; echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>'; exit; } // hook: reports_before_insert if (function_exists('reports_before_insert')) { $args = array(); if (!reports_before_insert($data, getMemberInfo(), $args)) { return false; } } $o = array('silentErrors' => true); sql('insert into `reports` set `start_date`=' . ($data['start_date'] !== '' && $data['start_date'] !== NULL ? "'{$data['start_date']}'" : 'NULL') . ', `end_date`=' . ($data['end_date'] !== '' && $data['end_date'] !== NULL ? "'{$data['end_date']}'" : 'NULL') . ', `company`=' . ($data['company'] !== '' && $data['company'] !== NULL ? "'{$data['company']}'" : 'NULL') . ', `created`=' . "'{$data['created']}'" . ', `created_by`=' . "'{$data['created_by']}'", $o); if ($o['error'] != '') { echo $o['error']; echo "<a href=\"reports_view.php?addNew_x=1\">{$Translation['< back']}</a>"; exit; } $recID = mysql_insert_id(); // hook: reports_after_insert if (function_exists('reports_after_insert')) { $res = sql("select * from `reports` where `report_id`='" . makeSafe($recID) . "' limit 1", $eo); if ($row = mysql_fetch_assoc($res)) { $data = array_map('makeSafe', $row); } $data['selectedID'] = makeSafe($recID); $args = array(); if (!reports_after_insert($data, getMemberInfo(), $args)) { return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; } } // mm: save ownership data sql("insert into membership_userrecords set tableName='reports', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo); return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; }
function duck_mrs2016_insert() { global $Translation; // mm: can member insert record? $arrPerm = getTablePermissions('duck_mrs2016'); if (!$arrPerm[1]) { return false; } $data['transaction_id'] = makeSafe($_REQUEST['transaction_id']); if ($data['transaction_id'] == empty_lookup_value) { $data['transaction_id'] = ''; } $data['creationdate'] = parseCode('<%%creationDate%%>', true); // hook: duck_mrs2016_before_insert if (function_exists('duck_mrs2016_before_insert')) { $args = array(); if (!duck_mrs2016_before_insert($data, getMemberInfo(), $args)) { return false; } } $o = array('silentErrors' => true); sql('insert into `duck_mrs2016` set `transaction_id`=' . ($data['transaction_id'] !== '' && $data['transaction_id'] !== NULL ? "'{$data['transaction_id']}'" : 'NULL') . ', `creationdate`=' . "'{$data['creationdate']}'", $o); if ($o['error'] != '') { echo $o['error']; echo "<a href=\"duck_mrs2016_view.php?addNew_x=1\">{$Translation['< back']}</a>"; exit; } $recID = db_insert_id(db_link()); // hook: duck_mrs2016_after_insert if (function_exists('duck_mrs2016_after_insert')) { $res = sql("select * from `duck_mrs2016` where `duck_id`='" . makeSafe($recID, false) . "' limit 1", $eo); if ($row = db_fetch_assoc($res)) { $data = array_map('makeSafe', $row); } $data['selectedID'] = makeSafe($recID, false); $args = array(); if (!duck_mrs2016_after_insert($data, getMemberInfo(), $args)) { return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; } } // mm: save ownership data sql("insert ignore into membership_userrecords set tableName='duck_mrs2016', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo); return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; }
<?php if (isset($_POST['newdesc'])) { $error = false; if (isset($_POST['description']) && strlen($_POST['description']) <= 65000) { $sanitizeddesc = $db->real_escape_string($_POST['description']); $clan['description'] = $_POST['description']; $db->query("UPDATE clans SET description='{$sanitizeddesc}' WHERE id={$clan['id']}"); echo '<p class="text-success">Description changed</p>'; } else { $error = 'You must introduce a rank description. Aditionally, it can\' have more than 65000 characters'; } if ($error !== false) { echo '<p class="text-danger">', $error, '</p>'; } } ?> <form action="/clan/admin" method="post"> <div> <div class="editable"> <?php echo parseCode($clan['description']); ?> </div> <textarea class="editor" name="description"></textarea> <button type="submit" class="btn btn-default" name="newdesc">Change description</button> </div> </form> <?php echo $editor_javascript;
function patients_update($selected_id) { global $Translation; if ($_GET['update_x'] != '') { $_POST = $_GET; } // mm: can member edit record? $arrPerm = getTablePermissions('patients'); $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='patients' and pkValue='" . makeSafe($selected_id) . "'"); $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='patients' and pkValue='" . makeSafe($selected_id) . "'"); if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) { // allow update? // update allowed, so continue ... } else { return; } $data['last_name'] = makeSafe($_POST['last_name']); if ($data['last_name'] == '') { echo StyleSheet() . "\n\n<div class=\"Error\">{$Translation['error:']} 'Last name': {$Translation['field not null']}<br /><br />"; echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>'; exit; } $data['first_name'] = makeSafe($_POST['first_name']); if ($data['first_name'] == '') { echo StyleSheet() . "\n\n<div class=\"Error\">{$Translation['error:']} 'First name': {$Translation['field not null']}<br /><br />"; echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>'; exit; } $data['gender'] = makeSafe($_POST['gender']); if ($data['gender'] == '') { echo StyleSheet() . "\n\n<div class=\"Error\">{$Translation['error:']} 'Gender': {$Translation['field not null']}<br /><br />"; echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>'; exit; } $data['birth_date'] = makeSafe($_POST['birth_dateYear']) . '-' . makeSafe($_POST['birth_dateMonth']) . '-' . makeSafe($_POST['birth_dateDay']); $data['birth_date'] = parseMySQLDate($data['birth_date'], ''); $data['age'] = makeSafe($_POST['age']); $data['address'] = makeSafe($_POST['address']); $data['city'] = makeSafe($_POST['city']); $data['state'] = makeSafe($_POST['state']); $data['zip'] = makeSafe($_POST['zip']); $data['home_phone'] = makeSafe($_POST['home_phone']); $data['work_phone'] = makeSafe($_POST['work_phone']); $data['mobile'] = makeSafe($_POST['mobile']); $data['other_details'] = makeSafe($_POST['other_details']); $data['comments'] = makeSafe($_POST['comments']); $data['last_modified'] = parseCode('<%%editingDateTime%%>', false); $data['selectedID'] = makeSafe($selected_id); // hook: patients_before_update if (function_exists('patients_before_update')) { $args = array(); if (!patients_before_update($data, getMemberInfo(), $args)) { return FALSE; } } sql('update `patients` set `last_name`=' . ($data['last_name'] != '' ? "'{$data['last_name']}'" : 'NULL') . ', `first_name`=' . ($data['first_name'] != '' ? "'{$data['first_name']}'" : 'NULL') . ', `gender`=' . ($data['gender'] != '' ? "'{$data['gender']}'" : 'NULL') . ', `birth_date`=' . ($data['birth_date'] != '' ? "'{$data['birth_date']}'" : 'NULL') . ', `age`=' . ($data['age'] != '' ? "'{$data['age']}'" : 'NULL') . ', `address`=' . ($data['address'] != '' ? "'{$data['address']}'" : 'NULL') . ', `city`=' . ($data['city'] != '' ? "'{$data['city']}'" : 'NULL') . ', `state`=' . ($data['state'] != '' ? "'{$data['state']}'" : 'NULL') . ', `zip`=' . ($data['zip'] != '' ? "'{$data['zip']}'" : 'NULL') . ', `home_phone`=' . ($data['home_phone'] != '' ? "'{$data['home_phone']}'" : 'NULL') . ', `work_phone`=' . ($data['work_phone'] != '' ? "'{$data['work_phone']}'" : 'NULL') . ', `mobile`=' . ($data['mobile'] != '' ? "'{$data['mobile']}'" : 'NULL') . ', `other_details`=' . ($data['other_details'] != '' ? "'{$data['other_details']}'" : 'NULL') . ', `comments`=' . ($data['comments'] != '' ? "'{$data['comments']}'" : 'NULL') . ', `last_modified`=' . "'{$data['last_modified']}'" . " where `id`='" . makeSafe($selected_id) . "'"); // hook: patients_after_update if (function_exists('patients_after_update')) { $args = array(); if (!patients_after_update($data, getMemberInfo(), $args)) { return FALSE; } } // mm: update ownership data sql("update membership_userrecords set dateUpdated='" . time() . "' where tableName='patients' and pkValue='" . makeSafe($selected_id) . "'"); }
<?php include get_include_path() . '/' . '../modules/config.php'; $db = @new mysqli($host_db, $usuario_db, $clave_db, $nombre_db); if ($db->connect_error) { die("Error connecting the database"); } $db->query('SET NAMES utf8mb4'); include get_include_path() . '/' . '../modules/utils/main.php'; $playing = $db->real_escape_string($mod[1]); $enemy = $db->real_escape_string($mod[2]); $matchups = $db->query("SELECT * FROM academy_matchups WHERE playing='{$playing}' AND enemy='{$enemy}' ORDER BY rating DESC,timestamp ASC"); if ($matchups->num_rows > 0) { while ($matchup = $matchups->fetch_array()) { $date = date('j M o', $matchup['timestamp']); $content = parseCode($matchup['content']); echo <<<HTML <div class="panel panel-default"> <div class="panel-body"> {$content} </div> <div class="panel-footer">{$date} by {$matchup['author']}</div> </div> HTML; } } else { echo '<div class="alert alert-danger" role="alert">There are not tips for this matchup :(</div>'; }
function trans_mrs2016_update($selected_id) { global $Translation; // mm: can member edit record? $arrPerm = getTablePermissions('trans_mrs2016'); $ownerGroupID = sqlValue("select groupID from membership_userrecords where tableName='trans_mrs2016' and pkValue='" . makeSafe($selected_id) . "'"); $ownerMemberID = sqlValue("select lcase(memberID) from membership_userrecords where tableName='trans_mrs2016' and pkValue='" . makeSafe($selected_id) . "'"); if ($arrPerm[3] == 1 && $ownerMemberID == getLoggedMemberID() || $arrPerm[3] == 2 && $ownerGroupID == getLoggedGroupID() || $arrPerm[3] == 3) { // allow update? // update allowed, so continue ... } else { return false; } $data['firstname'] = makeSafe($_REQUEST['firstname']); if ($data['firstname'] == empty_lookup_value) { $data['firstname'] = ''; } $data['lastname'] = makeSafe($_REQUEST['lastname']); if ($data['lastname'] == empty_lookup_value) { $data['lastname'] = ''; } $data['email'] = makeSafe($_REQUEST['email']); if ($data['email'] == empty_lookup_value) { $data['email'] = ''; } $data['phone'] = makeSafe($_REQUEST['phone']); if ($data['phone'] == empty_lookup_value) { $data['phone'] = ''; } $data['quantity'] = makeSafe($_REQUEST['quantity']); if ($data['quantity'] == empty_lookup_value) { $data['quantity'] = ''; } $data['amount'] = makeSafe($_REQUEST['amount']); if ($data['amount'] == empty_lookup_value) { $data['amount'] = ''; } $data['mailinglist'] = makeSafe($_REQUEST['mailinglist']); if ($data['mailinglist'] == empty_lookup_value) { $data['mailinglist'] = ''; } $data['remarks'] = br2nl(makeSafe($_REQUEST['remarks'])); $data['transactiondate'] = parseMySQLDate('', '<%%creationDate%%>'); $data['editingdate'] = parseCode('<%%editingDate%%>', false, true); $data['editor'] = parseCode('<%%editorUsername%%>', false); $data['selectedID'] = makeSafe($selected_id); // hook: trans_mrs2016_before_update if (function_exists('trans_mrs2016_before_update')) { $args = array(); if (!trans_mrs2016_before_update($data, getMemberInfo(), $args)) { return false; } } $o = array('silentErrors' => true); sql('update `trans_mrs2016` set `firstname`=' . ($data['firstname'] !== '' && $data['firstname'] !== NULL ? "'{$data['firstname']}'" : 'NULL') . ', `lastname`=' . ($data['lastname'] !== '' && $data['lastname'] !== NULL ? "'{$data['lastname']}'" : 'NULL') . ', `email`=' . ($data['email'] !== '' && $data['email'] !== NULL ? "'{$data['email']}'" : 'NULL') . ', `phone`=' . ($data['phone'] !== '' && $data['phone'] !== NULL ? "'{$data['phone']}'" : 'NULL') . ', `quantity`=' . ($data['quantity'] !== '' && $data['quantity'] !== NULL ? "'{$data['quantity']}'" : 'NULL') . ', `amount`=' . ($data['amount'] !== '' && $data['amount'] !== NULL ? "'{$data['amount']}'" : 'NULL') . ', `mailinglist`=' . ($data['mailinglist'] !== '' && $data['mailinglist'] !== NULL ? "'{$data['mailinglist']}'" : 'NULL') . ', `remarks`=' . ($data['remarks'] !== '' && $data['remarks'] !== NULL ? "'{$data['remarks']}'" : 'NULL') . ', `transactiondate`=`transactiondate`' . ', `editingdate`=' . "'{$data['editingdate']}'" . ', `editor`=' . "'{$data['editor']}'" . " where `transaction_id`='" . makeSafe($selected_id) . "'", $o); if ($o['error'] != '') { echo $o['error']; echo '<a href="trans_mrs2016_view.php?SelectedID=' . urlencode($selected_id) . "\">{$Translation['< back']}</a>"; exit; } // hook: trans_mrs2016_after_update if (function_exists('trans_mrs2016_after_update')) { $res = sql("SELECT * FROM `trans_mrs2016` WHERE `transaction_id`='{$data['selectedID']}' LIMIT 1", $eo); if ($row = db_fetch_assoc($res)) { $data = array_map('makeSafe', $row); } $data['selectedID'] = $data['transaction_id']; $args = array(); if (!trans_mrs2016_after_update($data, getMemberInfo(), $args)) { return; } } // mm: update ownership data sql("update membership_userrecords set dateUpdated='" . time() . "' where tableName='trans_mrs2016' and pkValue='" . makeSafe($selected_id) . "'", $eo); }
function entries_insert() { global $Translation; if ($_GET['insert_x'] != '') { $_POST = $_GET; } // mm: can member insert record? $arrPerm = getTablePermissions('entries'); if (!$arrPerm[1]) { return false; } $data['created'] = parseCode('<%%creationDate%%>', true, true); $data['created_by'] = parseCode('<%%creatorUsername%%>', true); $data['report'] = makeSafe($_POST['report']); if ($data['report'] == empty_lookup_value) { $data['report'] = ''; } $data['outcome_area'] = makeSafe($_POST['outcome']); if ($data['outcome_area'] == empty_lookup_value) { $data['outcome_area'] = ''; } $data['outcome'] = makeSafe($_POST['outcome']); if ($data['outcome'] == empty_lookup_value) { $data['outcome'] = ''; } $data['indicator'] = makeSafe($_POST['indicator']); if ($data['indicator'] == empty_lookup_value) { $data['indicator'] = ''; } $data['score'] = makeSafe($_POST['score']); if ($data['score'] == empty_lookup_value) { $data['score'] = ''; } $data['beneficiary_group'] = makeSafe($_POST['beneficiary_group']); if ($data['beneficiary_group'] == empty_lookup_value) { $data['beneficiary_group'] = ''; } $data['beneficiary_group_relevance'] = makeSafe($_POST['beneficiary_group_relevance']); if ($data['beneficiary_group_relevance'] == empty_lookup_value) { $data['beneficiary_group_relevance'] = ''; } $data['comment'] = br2nl(makeSafe($_POST['comment'])); $data['reference'] = makeSafe($_POST['reference']); if ($data['reference'] == empty_lookup_value) { $data['reference'] = ''; } $data['reliability'] = makeSafe($_POST['reliability']); if ($data['reliability'] == empty_lookup_value) { $data['reliability'] = ''; } $data['intentionality'] = makeSafe($_POST['intentionality']); if ($data['intentionality'] == empty_lookup_value) { $data['intentionality'] = ''; } $data['equivalence'] = makeSafe($_POST['equivalence']); if ($data['equivalence'] == empty_lookup_value) { $data['equivalence'] = ''; } if ($data['report'] == '') { echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Report': " . $Translation['field not null'] . '<br /><br />'; echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>'; exit; } // hook: entries_before_insert if (function_exists('entries_before_insert')) { $args = array(); if (!entries_before_insert($data, getMemberInfo(), $args)) { return false; } } $o = array('silentErrors' => true); sql('insert into `entries` set `created`=' . "'{$data['created']}'" . ', `created_by`=' . "'{$data['created_by']}'" . ', `report`=' . ($data['report'] !== '' && $data['report'] !== NULL ? "'{$data['report']}'" : 'NULL') . ', `outcome_area`=' . ($data['outcome_area'] !== '' && $data['outcome_area'] !== NULL ? "'{$data['outcome_area']}'" : 'NULL') . ', `outcome`=' . ($data['outcome'] !== '' && $data['outcome'] !== NULL ? "'{$data['outcome']}'" : 'NULL') . ', `indicator`=' . ($data['indicator'] !== '' && $data['indicator'] !== NULL ? "'{$data['indicator']}'" : 'NULL') . ', `score`=' . ($data['score'] !== '' && $data['score'] !== NULL ? "'{$data['score']}'" : 'NULL') . ', `beneficiary_group`=' . ($data['beneficiary_group'] !== '' && $data['beneficiary_group'] !== NULL ? "'{$data['beneficiary_group']}'" : 'NULL') . ', `beneficiary_group_relevance`=' . ($data['beneficiary_group_relevance'] !== '' && $data['beneficiary_group_relevance'] !== NULL ? "'{$data['beneficiary_group_relevance']}'" : 'NULL') . ', `comment`=' . ($data['comment'] !== '' && $data['comment'] !== NULL ? "'{$data['comment']}'" : 'NULL') . ', `reference`=' . ($data['reference'] !== '' && $data['reference'] !== NULL ? "'{$data['reference']}'" : 'NULL') . ', `reliability`=' . ($data['reliability'] !== '' && $data['reliability'] !== NULL ? "'{$data['reliability']}'" : 'NULL') . ', `intentionality`=' . ($data['intentionality'] !== '' && $data['intentionality'] !== NULL ? "'{$data['intentionality']}'" : 'NULL') . ', `equivalence`=' . ($data['equivalence'] !== '' && $data['equivalence'] !== NULL ? "'{$data['equivalence']}'" : 'NULL'), $o); if ($o['error'] != '') { echo $o['error']; echo "<a href=\"entries_view.php?addNew_x=1\">{$Translation['< back']}</a>"; exit; } $recID = mysql_insert_id(); // hook: entries_after_insert if (function_exists('entries_after_insert')) { $res = sql("select * from `entries` where `entry_id`='" . makeSafe($recID) . "' limit 1", $eo); if ($row = mysql_fetch_assoc($res)) { $data = array_map('makeSafe', $row); } $data['selectedID'] = makeSafe($recID); $args = array(); if (!entries_after_insert($data, getMemberInfo(), $args)) { return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; } } // mm: save ownership data sql("insert into membership_userrecords set tableName='entries', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo); return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; }
echo $domain; ?> /academy/<?php echo $mod[0]; ?> /<?php echo $post['id']; ?> /'); }) }); </script> <?php break; case 'guide': echo parseCode($post['content']); break; } ?> </div> <div class="col-sm-12 col-md-4 "><div class="div_disqus"></div> </div> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal">Close</button> </div> </div> </div> </div> <script>
function companies_insert() { global $Translation; if ($_GET['insert_x'] != '') { $_POST = $_GET; } // mm: can member insert record? $arrPerm = getTablePermissions('companies'); if (!$arrPerm[1]) { return false; } $data['name'] = makeSafe($_POST['name']); if ($data['name'] == empty_lookup_value) { $data['name'] = ''; } $data['client'] = makeSafe($_POST['client']); if ($data['client'] == empty_lookup_value) { $data['client'] = ''; } $data['website'] = makeSafe($_POST['website']); if ($data['website'] == empty_lookup_value) { $data['website'] = ''; } $data['description'] = makeSafe($_POST['description']); if ($data['description'] == empty_lookup_value) { $data['description'] = ''; } $data['founded'] = makeSafe($_POST['founded']); if ($data['founded'] == empty_lookup_value) { $data['founded'] = ''; } $data['industry'] = makeSafe($_POST['industry']); if ($data['industry'] == empty_lookup_value) { $data['industry'] = ''; } $data['company_number'] = makeSafe($_POST['company_number']); if ($data['company_number'] == empty_lookup_value) { $data['company_number'] = ''; } $data['country_hq'] = makeSafe($_POST['country_hq']); if ($data['country_hq'] == empty_lookup_value) { $data['country_hq'] = ''; } if (is_array($_POST['country_operations'])) { $MultipleSeparator = ', '; foreach ($_POST['country_operations'] as $k => $v) { $data['country_operations'] .= makeSafe($v) . $MultipleSeparator; } $data['country_operations'] = substr($data['country_operations'], 0, -1 * strlen($MultipleSeparator)); } else { $data['country_operations'] = ''; } $data['num_employees'] = makeSafe($_POST['num_employees']); if ($data['num_employees'] == empty_lookup_value) { $data['num_employees'] = ''; } $data['company_type'] = makeSafe($_POST['company_type']); if ($data['company_type'] == empty_lookup_value) { $data['company_type'] = ''; } $data['sic_code'] = makeSafe($_POST['sic_code']); if ($data['sic_code'] == empty_lookup_value) { $data['sic_code'] = ''; } $data['created'] = parseCode('<%%creationDate%%>', true, true); $data['created_by'] = parseCode('<%%creatorUsername%%>', true); if ($data['country_hq'] == '') { $data['country_hq'] = "United Kingdom"; } // hook: companies_before_insert if (function_exists('companies_before_insert')) { $args = array(); if (!companies_before_insert($data, getMemberInfo(), $args)) { return false; } } $o = array('silentErrors' => true); sql('insert into `companies` set `name`=' . ($data['name'] !== '' && $data['name'] !== NULL ? "'{$data['name']}'" : 'NULL') . ', `client`=' . ($data['client'] !== '' && $data['client'] !== NULL ? "'{$data['client']}'" : 'NULL') . ', `website`=' . ($data['website'] !== '' && $data['website'] !== NULL ? "'{$data['website']}'" : 'NULL') . ', `description`=' . ($data['description'] !== '' && $data['description'] !== NULL ? "'{$data['description']}'" : 'NULL') . ', `founded`=' . ($data['founded'] !== '' && $data['founded'] !== NULL ? "'{$data['founded']}'" : 'NULL') . ', `industry`=' . ($data['industry'] !== '' && $data['industry'] !== NULL ? "'{$data['industry']}'" : 'NULL') . ', `company_number`=' . ($data['company_number'] !== '' && $data['company_number'] !== NULL ? "'{$data['company_number']}'" : 'NULL') . ', `country_hq`=' . ($data['country_hq'] !== '' && $data['country_hq'] !== NULL ? "'{$data['country_hq']}'" : 'NULL') . ', `country_operations`=' . ($data['country_operations'] !== '' && $data['country_operations'] !== NULL ? "'{$data['country_operations']}'" : 'NULL') . ', `num_employees`=' . ($data['num_employees'] !== '' && $data['num_employees'] !== NULL ? "'{$data['num_employees']}'" : 'NULL') . ', `company_type`=' . ($data['company_type'] !== '' && $data['company_type'] !== NULL ? "'{$data['company_type']}'" : 'NULL') . ', `sic_code`=' . ($data['sic_code'] !== '' && $data['sic_code'] !== NULL ? "'{$data['sic_code']}'" : 'NULL') . ', `created`=' . "'{$data['created']}'" . ', `created_by`=' . "'{$data['created_by']}'", $o); if ($o['error'] != '') { echo $o['error']; echo "<a href=\"companies_view.php?addNew_x=1\">{$Translation['< back']}</a>"; exit; } $recID = mysql_insert_id(); // hook: companies_after_insert if (function_exists('companies_after_insert')) { $res = sql("select * from `companies` where `company_id`='" . makeSafe($recID) . "' limit 1", $eo); if ($row = mysql_fetch_assoc($res)) { $data = array_map('makeSafe', $row); } $data['selectedID'] = makeSafe($recID); $args = array(); if (!companies_after_insert($data, getMemberInfo(), $args)) { return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; } } // mm: save ownership data sql("insert into membership_userrecords set tableName='companies', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo); return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; }
function tax_entry_insert() { global $Translation; if ($_GET['insert_x'] != '') { $_POST = $_GET; } // mm: can member insert record? $arrPerm = getTablePermissions('tax_entry'); if (!$arrPerm[1]) { return false; } $data['created'] = parseCode('<%%creationDate%%>', true, true); $data['created_by'] = parseCode('<%%creatorUsername%%>', true); $data['report'] = makeSafe($_POST['report']); if ($data['report'] == empty_lookup_value) { $data['report'] = ''; } $data['turnover'] = makeSafe($_POST['turnover']); if ($data['turnover'] == empty_lookup_value) { $data['turnover'] = ''; } $data['payroll_tax'] = makeSafe($_POST['payroll_tax']); if ($data['payroll_tax'] == empty_lookup_value) { $data['payroll_tax'] = ''; } $data['ni_contribution'] = makeSafe($_POST['ni_contribution']); if ($data['ni_contribution'] == empty_lookup_value) { $data['ni_contribution'] = ''; } $data['business_rates'] = makeSafe($_POST['business_rates']); if ($data['business_rates'] == empty_lookup_value) { $data['business_rates'] = ''; } $data['corporation_tax'] = makeSafe($_POST['corporation_tax']); if ($data['corporation_tax'] == empty_lookup_value) { $data['corporation_tax'] = ''; } $data['other_tax'] = makeSafe($_POST['other_tax']); if ($data['other_tax'] == empty_lookup_value) { $data['other_tax'] = ''; } $data['sum'] = makeSafe($_POST['sum']); if ($data['sum'] == empty_lookup_value) { $data['sum'] = ''; } $data['ratio'] = makeSafe($_POST['ratio']); if ($data['ratio'] == empty_lookup_value) { $data['ratio'] = ''; } if ($data['report'] == '') { echo StyleSheet() . "\n\n<div class=\"alert alert-danger\">" . $Translation['error:'] . " 'Report': " . $Translation['field not null'] . '<br /><br />'; echo '<a href="" onclick="history.go(-1); return false;">' . $Translation['< back'] . '</a></div>'; exit; } // hook: tax_entry_before_insert if (function_exists('tax_entry_before_insert')) { $args = array(); if (!tax_entry_before_insert($data, getMemberInfo(), $args)) { return false; } } $o = array('silentErrors' => true); sql('insert into `tax_entry` set `created`=' . "'{$data['created']}'" . ', `created_by`=' . "'{$data['created_by']}'" . ', `report`=' . ($data['report'] !== '' && $data['report'] !== NULL ? "'{$data['report']}'" : 'NULL') . ', `turnover`=' . ($data['turnover'] !== '' && $data['turnover'] !== NULL ? "'{$data['turnover']}'" : 'NULL') . ', `payroll_tax`=' . ($data['payroll_tax'] !== '' && $data['payroll_tax'] !== NULL ? "'{$data['payroll_tax']}'" : 'NULL') . ', `ni_contribution`=' . ($data['ni_contribution'] !== '' && $data['ni_contribution'] !== NULL ? "'{$data['ni_contribution']}'" : 'NULL') . ', `business_rates`=' . ($data['business_rates'] !== '' && $data['business_rates'] !== NULL ? "'{$data['business_rates']}'" : 'NULL') . ', `corporation_tax`=' . ($data['corporation_tax'] !== '' && $data['corporation_tax'] !== NULL ? "'{$data['corporation_tax']}'" : 'NULL') . ', `other_tax`=' . ($data['other_tax'] !== '' && $data['other_tax'] !== NULL ? "'{$data['other_tax']}'" : 'NULL') . ', `sum`=' . ($data['sum'] !== '' && $data['sum'] !== NULL ? "'{$data['sum']}'" : 'NULL') . ', `ratio`=' . ($data['ratio'] !== '' && $data['ratio'] !== NULL ? "'{$data['ratio']}'" : 'NULL'), $o); if ($o['error'] != '') { echo $o['error']; echo "<a href=\"tax_entry_view.php?addNew_x=1\">{$Translation['< back']}</a>"; exit; } $recID = mysql_insert_id(); // hook: tax_entry_after_insert if (function_exists('tax_entry_after_insert')) { $res = sql("select * from `tax_entry` where `tax_entry_id`='" . makeSafe($recID) . "' limit 1", $eo); if ($row = mysql_fetch_assoc($res)) { $data = array_map('makeSafe', $row); } $data['selectedID'] = makeSafe($recID); $args = array(); if (!tax_entry_after_insert($data, getMemberInfo(), $args)) { return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; } } // mm: save ownership data sql("insert into membership_userrecords set tableName='tax_entry', pkValue='{$recID}', memberID='" . getLoggedMemberID() . "', dateAdded='" . time() . "', dateUpdated='" . time() . "', groupID='" . getLoggedGroupID() . "'", $eo); return get_magic_quotes_gpc() ? stripslashes($recID) : $recID; }