<?php session_start(); include '../include/conn.php'; $teacher_id = $_SESSION['teacher_id']; $course_id = DB::CheckInput($_POST['course_id']); $course_name = DB::CheckInput($_POST['course_name']); $course_hour = DB::CheckInput($_POST['course_hour']); $sql = 'INSERT INTO course VALUES (\'' . $course_id . '\',\'' . $teacher_id . '\',\'' . $course_name . '\',\'' . $course_hour . '\')'; $result = $conn->query($sql); if ($result) { echo '1'; } else { echo '0'; }
$year = DB::CheckInput($_POST['year']) . "_________"; $select_id = DB::CheckInput($_POST['select_id']); $select_any = DB::CheckInput($_POST['select_any']); if ($select_id == 1) { $sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_id in (SELECT course_id FROM `course` WHERE course_name like '%" . $select_any . "%')"; } if ($select_id == 2) { $year = DB::CheckInput($_POST['year']) . "__" . $select_any . "____"; $sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!=''"; } if ($select_id == 3) { $student_num = substr($select_any, 0, 7); $sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_class like '%{$student_num}%'"; } if ($select_id == 4) { $year = DB::CheckInput($_POST['year']) . "_____" . $select_any . "__"; $sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!=''"; } if ($select_id == 5) { $sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_id in (SELECT course_id FROM `course` WHERE teacher_id in (select teacher_id from teacher where teacher_id like'%" . $select_any . "%'))"; } if ($select_id == 6) { $sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_id in (SELECT course_id FROM `course` WHERE teacher_id in (select teacher_id from teacher where teacher_name like'%" . $select_any . "%'))"; } $result = $conn->query($sql); ?> <table width="88%"; border="1"; id="t_table"; align="center" id="t_table"> <tr height="30px;" align="center" style="font-size:17px; font-weight:600;"> <td style="cursor:pointer" title="课程排序" onclick="ownSort(0)">课程</td> <td style="cursor:pointer" title="教师排序" onclick="ownSort(1)">教师</td> <td style="cursor:pointer" title="时间排序" onclick="ownSort(2)">时间</td>
//array( // '周次', '星期', '节' //); function get_time($time_add) { return array(substr($time_add, 10, 2), substr($time_add, -1, 1), substr($time_add, -2, 1)); } //是否全局 $global = DB::CheckInput($_GET['global']); $objPHPExcel = new PHPExcel(); $objWriter = new PHPExcel_Writer_Excel5($objPHPExcel); $objPHPExcel->getProperties()->setCreator('SUTACM-Paike System'); //$db_year; if (!$global) { //指定实验室号 $address = DB::CheckInput($_GET['address']); $sql_confirm = sprintf('SELECT address FROM ini_address WHERE address = "%s"', $address); $confirm_result = $conn->query($sql_confirm); if (!$confirm_result->num_rows) { echo '<script>alert("抱歉,数据库中没有查到该实验室编号")</script>'; exit; } $sql = sprintf('SELECT time_add, course_id, course_class, `lock`, tips FROM teacher_sj_schedule WHERE time_add LIKE "%s" AND `lock` != 1 AND time_add LIKE "%s"', $db_year . '%', '_______' . $address . '____'); $result = $conn->query($sql); if (!$result) { echo 0; return 0; } //填充课程表 $lesson_sheet = array(); //准备文件名
<?php include "../include/conn.php"; $user = DB::CheckInput($_POST['admin_user']); $psw = DB::CheckInput($_POST['admin_psw']); $sql = "select *from admin where admin_user='******'"; $result = $conn->query($sql); if ($result) { $info = $result->fetch_array(); if ($info) { if ($info['admin_psw'] == md5($psw)) { echo '1'; } else { echo '0'; } } else { '0'; } } else { echo '0'; }
<?php include '../include/conn.php'; $teacher_id = DB::CheckInput($_POST['teacher_id']); $teacher_name = DB::CheckInput($_POST['teacher_name']); $teacher_school = DB::CheckInput($_POST['teacher_school']); $sql = 'UPDATE teacher SET teacher_school = \'' . $teacher_school . '\' , teacher_name = \'' . $teacher_name . '\' WHERE teacher_id = \'' . $teacher_id . '\''; $result = $conn->query($sql); if ($result) { $row = $conn->affected_rows; // echo $row; if ($row) { echo '2'; //已更新 } else { echo '1'; //同以前相同 } } else { echo '0'; //出错 }
$filename = $_FILES['file']['name']; //$filename = iconv("utf-8","gbk",$filename); $filename_sql = $filename; //iconv('gbk','utf-8',$filename); $_FILES['file']['name'] = $filename; if ($_FILES['file']['type'] != 'application/x-msdownload') { if ($_FILES['file']['error'] > 0) { echo '<script>alert(\'ERROR CODE : ' . $_FILES['file']['error'] . '\');</script>'; } else { if (file_exists('../../downloads/' . $filename)) { echo '<script>alert(\'该文件名已存在,上传失败.\');</script>'; } else { $max_size = 10 * (2 << 20); if ($_FILES['file']['size'] >= $max_size) { echo '<script>alert(\'上传文件过大,上传失败.\');</script>'; } else { move_uploaded_file($_FILES['file']['tmp_name'], '../../downloads/' . $filename); $sql = "INSERT INTO `file`(`teacher_id`, `course_id`, `file_name`, `file_type`) VALUES ('" . $_SESSION['teacher_id'] . "','" . DB::CheckInput($_POST['course']) . "','" . $filename_sql . "','" . $_FILES['file']['type'] . "')"; $conn->query($sql); if ($conn->affected_rows) { echo '<script>alert(\'上传成功.\');</script>'; } else { echo '<script>alert(\'上传失败.\');</script>'; } } } } } else { echo '<script>alert(\'不允许上传该格式,上传失败.\');</script>'; } echo '<script>window.history.back();</script>';
} if ($z == "4") { return "周四"; } if ($z == "5") { return "周五"; } if ($z == "6") { return "周六"; } if ($z == "7") { return "周日"; } } $year = DB::CheckInput($_POST['year']) . "_________"; $course_class = DB::CheckInput($_POST['course_class']); $sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$year}' AND course_class!='' AND course_class like '%{$course_class}%'"; $result = $conn->query($sql); ?> <table width="88%"; border="1"; id="t_table"; align="center"> <tr height="30px;" align="center" style="font-size:17px; font-weight:600;"> <td style="cursor:pointer" title="课程排序" onclick="ownSort(0)">课程</td> <td style="cursor:pointer" title="教师排序" onclick="ownSort(1)">教师</td> <td style="cursor:pointer" title="时间排序" onclick="ownSort(2)">时间</td> <td style="cursor:pointer" title="地点排序" onclick="ownSort(3)">地点</td> <td style="cursor:pointer" title="班级排序" onclick="ownSort(4)">班级</td> <td>备注</td> <td>资料</td> </tr> <?php //$temp 判断查询结果是否为空
<?php session_start(); include "../include/conn.php"; $sql = "SELECT * FROM teacher WHERE teacher_id = '" . DB::CheckInput($_POST['teacher_id']) . "'"; $rezult = $conn->query($sql); if ($rezult) { $info = $rezult->fetch_array(); if ($info) { $psw = MD5(DB::CheckInput($_POST['teacher_psw'])); if ($info['teacher_psw'] == $psw) { $_SESSION['teacher_id'] = $info['teacher_id']; $_SESSION['teacher_name'] = $info['teacher_name']; $_SESSION['limits'] = $info['limits']; //mysql_free_result($rezult); if ($info['limits'] == '1') { echo '1'; } else { if ($info['limits'] == '0') { echo '2'; } else { echo '0'; } } } else { echo '0'; } } else { echo '0'; } } else {
<!-- <a href="../index.php" class="prime_a" style="font-size:18px">首页 </a>沈阳工业大学 机房排课系统 欢迎您<a href="teacher_index.php" class="prime_a" style="font-size:19px;"><?php php; ?> </a>老师! <a onclick="zhuxiao()" class="prime_a" style="font-size:18px;">注销</a> --> <form name="form0"> <!-- 存储url传值 --> <?php if (!isset($_GET['time'])) { $url_time = ""; } else { $url_time = DB::CheckInput($_GET['time']); } ?> <input type="text" name="url_time" value="<?php echo $url_time; ?> " style="display:none"> <input type="text" name="year" style="display:none;" value="<?php echo $db_year; ?> " class="input_text"/> <input type="text" name="servers_time" style="display:none;" value="<?php echo $servers_time; ?> "> <!-- 存储日历 -->
<?php include "../include/conn.php"; $sql = "UPDATE `calendar` SET `calendar_year`=" . DB::CheckInput($_POST['calendar_year']) . ",`calendar_month`=" . DB::CheckInput($_POST['calendar_month']) . ",`calendar_day`=" . DB::CheckInput($_POST['calendar_day']) . " WHERE 1"; //echo $sql; if ($conn->query($sql)) { echo '1'; } else { echo '0'; }
$page_count = 1; //如果总数据量小于$PageSize,那么只有一页 } if ($amount % $page_size) { $page_count = (int) ($amount / $page_size) + 1; //如果有余数,则页数等于总数据量除以每页数的结果取整再加一 } else { $page_count = $amount / $page_size; //如果没有余数,则页数等于总数据量除以每页数的结果 } } else { $page_count = 0; } if ($amount) { if (isset($_GET['teacher_name'])) { $sql = "select * from teacher where teacher_id not like '0000_' and teacher_name like '%" . DB::CheckInput($_GET['teacher_name']) . "%' order by teacher_id asc limit " . ($page - 1) * $page_size . ", " . $page_size; } else { $sql = "select * from teacher where teacher_id not like '0000_' order by teacher_id asc limit " . ($page - 1) * $page_size . ", " . $page_size; } $result = $conn->query($sql); while ($info = $result->fetch_array()) { echo "<tr>"; echo "<td></td>"; echo "<td><a onclick=update_teacher('" . $info['teacher_id'] . "','" . $info['teacher_name'] . "','" . $info['teacher_school'] . "')><img src='image/update.png' alt='.'/>修改</a></td>"; echo "<td><a onclick=delete_teacher('" . $info['teacher_id'] . "')><img src='image/delete.png' alt='.'/>删除</a></td>"; echo "<td>" . $info['teacher_id'] . "</td><td>" . $info['teacher_name'] . "</td><td>" . $info['teacher_school'] . "</td>"; echo "<td><a onclick=update_psw('" . $info['teacher_id'] . "')><img src='image/lock.jpg' alt='.' width='16px'/>重置密码</a></td>"; echo "</tr>"; } } else { echo "<tr align=center ;>\r\n\t\t\t<td colspan=7 height=50px;>无相关数据,请重新输入</td>";
<?php include '../include/conn.php'; $course_id = DB::CheckInput($_POST['course_id']); $sql = 'DELETE FROM course WHERE course_id = ' . $course_id; $result = $conn->query($sql); $sql_sj = "UPDATE `teacher_sj_schedule` SET `course_id`='00000000',`course_class`='',`lock`='1',`tips`='' WHERE course_id=" . $course_id; $conn->query($sql_sj); if ($result) { echo '1'; } else { echo '0'; }
<?php include "../include/conn.php"; $sql = "UPDATE `teacher_sj_schedule` SET `course_id`='00000000',`course_class`='',`lock`='1',tips='' WHERE time_add = '" . DB::CheckInput($_POST['time_add']) . "'"; $conn->query($sql); if ($conn->affected_rows) { echo '1'; } else { echo '0'; }
<?php include '../include/conn.php'; $course_id = DB::CheckInput($_POST['course_id']); $course_name = DB::CheckInput($_POST['course_name']); $sql = 'UPDATE course SET course_name = \'' . $course_name . '\' WHERE course_id = \'' . $course_id . '\''; $result = $conn->query($sql); if ($result) { $row = $conn->affected_rows; // echo $row; if ($row) { echo '2'; //已更新 } else { echo '1'; //同以前相同 } } else { echo '0'; //出错 }
<?php session_start(); include "../include/conn.php"; $id = DB::CheckInput($_POST['time_add']); $sql = "select * from teacher_sj_schedule where substr(time_add,1,12) = '{$id}'"; $result = $conn->query($sql); //编辑专业班级字符串,若已在字符串里存在则直接加班级,不加专业,若不存在,则加专业班级;参数1代表专业,参数2代表班级,参数3代表要处理的字符串 function major_class($major, $class, $return) { $len = strpos($return, $major); //echo "len = ".$len; if (!$len) { $return = $return . ' ' . $major . '[' . $class . ']'; } else { $cnt = strlen($major); $left = substr($return, 0, $len + $cnt + 6); $right = substr($return, $len + $cnt + 6); //echo "left = ".$left."<br>right = ".$right; $return = $left . '[' . $class . ']' . $right; } //echo "<br>".$return; return $return; } if ($result) { while ($info = $result->fetch_array()) { $sql1 = "select * from course where course_id = '{$info['1']}'"; //获取课程名及教师号 $result1 = $conn->query($sql1); if ($result1 && ($info1 = $result1->fetch_array())) { $sql2 = "select * from teacher where teacher_id = '{$info1['1']}'";
<?php set_time_limit(0); include "../include/conn.php"; $id = DB::CheckInput($_POST['year_term_school_address']); $year_term = DB::CheckInput($_POST['year_term']); $address = DB::CheckInput($_POST['address']); $school = DB::CheckInput($_POST['school']); $school_id = DB::CheckInput($_POST['school_id']); $sql1 = "INSERT INTO `ini_year_term` (`year_term`) VALUES('{$year_term}')"; $conn->query($sql1); $sql2 = "INSERT INTO `ini_school`(`school`,school_id) VALUES ('{$school}','{$school_id}')"; $conn->query($sql2); $sql3 = "INSERT INTO `ini_address`(`address`) VALUES ('{$address}')"; $conn->query($sql3); $sql = ""; for ($i = 1; $i <= 20; $i++) { for ($j = 1; $j <= 5; $j++) { for ($k = 1; $k <= 7; $k++) { if ($i <= 9) { $add_time = $id . '0' . $i . $j . $k; } else { $add_time = $id . $i . $j . $k; } $sql = $sql . "(" . $add_time . "),"; } } } $sql = substr($sql, 0, -1); $sql = "INSERT INTO `teacher_sj_schedule`(`time_add`) VALUES" . $sql; $conn->query($sql);
<?php include "../include/conn.php"; $course_id = DB::CheckInput($_POST['course_id']); $time_add = DB::CheckInput($_POST['time_add']); $course_class = DB::CheckInput($_POST['student_id']); $tips = DB::CheckInput($_POST['tips']); $sql1 = "UPDATE teacher_sj_schedule SET course_id = '{$course_id}',course_class='{$course_class}',`lock`='0',tips='{$tips}' WHERE time_add = '{$time_add}' AND `lock`='1'"; $conn->query($sql1); $row = $conn->affected_rows; //echo $sql1."fanyiwei".$row; if ($row) { echo '1'; } else { echo '0'; }
$result3 = $conn->query($sql3); if ($result3) { $info3 = $result3->fetch_array(); $class = major_class($info3['student_major'], substr($class_array[$n], 0, 2) . '0' . substr($class_array[$n], 6, 1), $class); //$class = $info3['student_major'].substr($class_array[0],0,2).'0'.substr($class_array[0],6,1); } } return $class; } //是否导出所有教师数据并打包 $global = DB::CheckInput($_GET['global']); //$global = 0; //指定导出的教师名 $teacher = ''; if (!$global) { $teacher = DB::CheckInput($_GET['teacher']); // $teacher = '修国一'; $sql_confirm = sprintf('SELECT teacher_name FROM teacher WHERE teacher_name = "%s"', $teacher); $confirm_result = $conn->query($sql_confirm); if (!$confirm_result->num_rows) { echo '<script>alert("抱歉,数据库中没有查到该老师姓名")</script>'; exit; } //填充课程表 $lesson_sheet = array(); //准备文件名 $date = str_split($db_year, 4); $file_name = $teacher . '-' . $date[0] . '年度第' . $date[1] . '学期实验室安排表.xls'; $sql = "SELECT `time_add`,`course_id`,`course_class`,`tips` FROM `teacher_sj_schedule` WHERE time_add like '{$db_year}%' AND course_class!='' AND course_id in (SELECT course_id FROM `course` WHERE teacher_id in (select teacher_id from teacher where teacher_name like'%" . $teacher . "%')) ORDER BY time_add"; $result = $conn->query($sql); if (!$result) {
<?php include '../include/conn.php'; $teacher_id = DB::CheckInput($_POST['teacher_id']); $sql = "UPDATE teacher SET teacher_psw = '" . $default_password . "' WHERE teacher_id = '" . $teacher_id . "'"; //echo $sql; $result = $conn->query($sql); if ($result) { echo '1'; //RIGHT PASSWORD & MOD } else { echo '0'; //RIGHT PASSWORD & UNMOD }
<?php session_start(); include '../include/conn.php'; $teacher_id = $_SESSION['teacher_id']; $old_password = md5(DB::CheckInput($_POST['old_password'])); $new_password = md5(DB::CheckInput($_POST['new_password'])); $sql = 'SELECT * FROM teacher WHERE teacher_id = \'' . $teacher_id . '\' AND teacher_psw = \'' . $old_password . '\''; $result = $conn->query($sql); if ($result) { $info = $result->fetch_array(); if ($info) { $sql = 'UPDATE teacher SET teacher_psw = \'' . $new_password . '\' WHERE teacher_id = \'' . $teacher_id . '\''; $update_result = $conn->query($sql); if ($update_result) { echo '2'; //RIGHT PASSWORD & MOD } else { echo '3'; //RIGHT PASSWORD & UNMOD } } else { echo '1'; //WRONG PASSWORD } } else { echo '0'; //数据库访问出错 }