$deldb->query("select * from sample_category where site = '" . SITE . "' and type = 'sample' and type_id = '{$delete}'");
if ($deldb->numrows()) {
print "<div align=\"center\" class=\"error\">Sample Category attached to Menu! Please remove from Menu first.</div><br>";
} else {
if (isset($confirm) && $confirm == 'y') {
$deldb->query("delete from sample_category where site = '" . SITE . "' and id = '{$delete}'");
print "<div align=\"center\" class=\"success\">Sample Category Item deleted!</div><br>";
} else {
print "<div align=\"center\" class=\"error\">Are you sure you want to delete this sample category? <a class=\"error\" href=\"sample_category.php?delete={$delete}&confirm=y\">Yes</a> <a class=\"error\" href=\"sample_category.php\">No</a></div><br>";
}
}
}
$db = new dbi();
$db->query("select * from sample_category where site = '" . SITE . "' order by name asc");
print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\">Sample Categories</td><td colspan=\"3\"><a href=\"sample_category.php?add=1\" style=\"color:#FFFFFF;\">Add a Sample Category</a></td></tr>";
if ($db->numrows()) {
print "<tr><td class=\"bold\" align=\"left\">Name</td><td class=\"bold\" align=\"left\">View</td><td class=\"bold\" align=\"left\">Samples</td><td class=\"bold\" align=\"left\">Delete?</td></tr>";
while ($db->loop()) {
print "<tr><td><a href=\"sample_category.php?mod=" . $db->result("id") . "\">" . $db->result("name") . "</a></td><td align=\"center\"><a href=\"" . DOCUMENT_BASE . "/sample/" . $db->result("id") . "\" target=\"_blank\">View</a></td><td align=\"center\"><a href=\"sample.php?category=" . $db->result("id") . "\">Edit</a></td><td align=\"right\"><a href=\"sample_category.php?delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
}
} else {
print "<tr><td colspan=\"4\" align=\"center\">No Sample Categories!</td></tr>";
}
print "</table>";
}
include "footer.inc";
?>
</body>
</html>
echo $db->result("id");
?>
</h1>
<div style="text-align:center;margin:10px;"><a href="invoice.php?<?php
echo $db->result("id");
?>
" target="_blank"><b>PRINT A COPY OF THIS INVOICE</b></a></div>
<table width="95%" align="center" cellpadding="4" cellspacing="0" style="border:2px solid #000000;">
<tr class="bar"><td align="left" style="font-weight:bold;font-size:14px;" colspan="2">Shipping Information</td></tr>
<tr><td colspan="2">
<table width="100%" cellpadding="2" cellspacing="0" border="0">
<tr><td align="left" class="order_header">Item</td><td align="right" class="order_header">Quantity</td><td align="right" class="order_header">Price</td></tr>
<?php
$tdb->query("select description,quantity,price from order_items where order_id = '{$order_id}'");
while ($tdb->loop()) {
print "<tr><td align=\"left\">" . $tdb->result("description") . "</td><td align=\"right\">" . $tdb->result("quantity") . "</td><td align=\"right\">\$" . sprintf("%0.2f", $tdb->result("price")) . "</td></tr>";
}
?>
</table></td>
<tr><td valign="top"><?php
print_address($db->result("ship_address"));
?>
</td><td valign="top">
<table align="right" cellpadding="2" cellspacing="0" border="0">
<tr><td align="right" class="order_header">SubTotal:</td><td align="right">$<?php
echo sprintf("%0.2f", $db->result("subtotal"));
?>
</td></tr>
<tr><td align="right" class="order_header">Shipping & Handling(<?php
echo $ship_type[$db->result("ship_method")];
?>
if ($db->numrows()) {
$error = "Account already exists. Please try logging in.";
} else {
$_SESSION['account_id'] = $db->query("insert into account (email, password, po, created) values('" . strtolower($_POST['email']) . "', '" . base64_encode(encrypto($_POST['password'], strtolower(substr($_POST[email], 0, 2)))) . "', 'n', '" . date("Y-m-d H:i:s", time()) . "')");
$_SESSION[email] = $_POST[email];
}
}
}
if (isset($_POST['login'])) {
if ($_POST[email] == "" || $_POST[password] == "") {
$error = "Please specify an E-mail and Password to login!";
} else {
# echo "select * from account where lower(email) = '".strtolower($_POST['email'])."' and (password = '******'password'],strtolower(substr($_POST['email'],0,2))))."' or password = '******'password']),strtolower(substr($_POST['email'],0,2))))."' or password = '******'password']),strtolower(substr($_POST['email'],0,2))))."')";
$db->query("select * from account where lower(email) = '" . strtolower($_POST['email']) . "' and (password = '******'password'], strtolower(substr($_POST['email'], 0, 2)))) . "' or password = '******'password']), strtolower(substr($_POST['email'], 0, 2)))) . "' or password = '******'password']), strtolower(substr($_POST['email'], 0, 2)))) . "')");
if ($db->numrows()) {
$_SESSION[account_id] = $db->result("account.id");
$_SESSION[email] = $db->result("account.email");
$_SESSION[account_po] = $db->result("account.po");
$_SESSION[account_taxrate] = $db->result("account.taxrate");
} else {
$error = "Invalid Email/Password. Please try again.";
}
}
}
if (!isset($_SESSION['account_id']) || $_SESSION['account_id'] < 1) {
?>
<form method="post" action="<?php
echo $PHP_SELF;
?>
"><table width="95%" border="0" cellspacing="0" cellpadding="4" align="center"><tr><td class="bar" align="left" colspan="2">Log Into an Existing Account</td></tr>
<tr><td colspan="2" align="center">If you already have an account with Data Business Systems, you can login here with your e-mail address and password. <a href="remind.php">Lost your password?</a></td></tr>
require_once "/home/bocawebgroup/public_html/inc/ad_track.inc";
require_once "inc/config.inc";
require_once "../inc/dbi.inc";
$seo__page_title = '';
$seo__meta_kws = '';
$seo__meta_desc = '';
$seo__url_fname = '';
$seo__url_dname = '';
if (isset($_POST['name']) && isset($_POST['data'])) {
$name = $_POST['name'];
$date = $_POST['data'];
} else {
$db = new dbi();
$db->query("select * from info where id = '" . $_GET[id] . "' and site = '" . SITE . "'");
if ($db->numrows()) {
$name = $db->result("info.name");
$data = $db->result("info.data");
$seo__page_title = $db->result("info.page_title");
$seo__meta_kws = $db->result("info.meta_keywords");
$seo__meta_desc = $db->result("info.meta_description");
$seo__url_fname = $db->result("info.url_filename");
$seo__url_dname = $db->result("info.url_foldername");
} else {
header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
include "404.php";
exit;
}
}
$newURL = DOCUMENT_BASE . '/' . SEO_format_url($_GET['id'], 'info', $name, $seo__url_fname, $seo__url_dname);
$SEO_self_URL = (DOCUMENT_BASE == '' ? 'http://www.medical-forms.com' : 'http://www.databusinesssystems.com') . $newURL;
if (strpos($_SERVER['REQUEST_URI'], $newURL) === FALSE) {
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php
include "header.inc";
$db = new dbi();
print "<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" align=\"center\">";
print "<tr><td colspan=\"4\" align=\"center\" style=\"font-weight:bold;font-size:14px;\">Web Server Status</td></tr>";
print "<tr><td colspan=\"4\" align=\"center\">";
system("uptime");
print "</td></tr>";
print "<tr><td colspan=\"4\" align=\"center\" style=\"font-weight:bold;font-size:14px;\">Database Information</td></tr>";
$db->query("show status");
while ($db->loop()) {
if ($db->result("Variable_name") == "Threads_connected") {
$threads_connected = $db->result("Value");
} elseif ($db->result("Variable_name") == "Threads_running") {
$threads_running = $db->result("Value");
} elseif ($db->result("Variable_name") == "Uptime") {
$uptime = $db->result("Value");
}
}
$days = floor($uptime / (60 * 60 * 24));
$uptime = $uptime - $days * (60 * 60 * 24);
$hour = floor($uptime / (60 * 60));
$uptime = $uptime - $hour * 60 * 60;
$min = floor($uptime / 60);
$uptime = $uptime - $min * 60;
$uptime = sprintf("%02d:%02d:%02d", $hour, $min, $uptime);
print "<tr><td colspan=\"2\" align=\"left\">Threads: {$threads_running}/{$threads_connected}</td><td colspan=\"2\" align=\"right\">Uptime: {$days} days, {$uptime}</td></tr>";
}
if (!isset($add) && !isset($mod) || isset($success)) {
if (isset($delete)) {
$deldb = new dbi();
if (isset($confirm) && $confirm == 'y') {
@unlink(BASE_IMAGE_DIR . $delete . ".jpg");
@unlink(BASE_PDF_DIR . $delete . ".jpg");
$deldb->query("delete from sample where id = '{$delete}'");
print "<div align=\"center\" class=\"success\">Sample deleted!</div><br>";
} else {
print "<div align=\"center\" class=\"error\">Are you sure you want to delete this Sample? <a class=\"error\" href=\"sample.php?category={$_GET['category']}&delete={$delete}&confirm=y\">Yes</a> <a class=\"error\" href=\"sample.php?category={$_GET['category']}\">No</a></div><br>";
}
}
$db = new dbi();
$db->query("select * from sample where category = '{$_GET['category']}' order by description asc");
print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\">Samples</td><td align=\"right\"><a href=\"sample.php?category={$_GET['category']}&add=1\" style=\"color:#FFFFFF;\">Add a Sample</a></td></tr>";
if ($db->numrows()) {
while ($db->loop()) {
print "<tr><td><a href=\"sample.php?category={$_GET['category']}&mod=" . $db->result("id") . "\">" . substr($db->result("description"), 0, 100) . "</a></td><td align=\"right\"><a href=\"sample.php?category={$_GET['category']}&delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
}
} else {
print "<tr><td colspan=\"2\" align=\"center\">No Samples for that Category!</td></tr>";
}
print "</table>";
}
include "footer.inc";
?>
</body>
</html>
</table>
</form>
<?php
}
}
if (!isset($add) && !isset($mod) || isset($success)) {
if (isset($delete)) {
$deldb = new dbi();
if (isset($confirm) && $confirm == 'y') {
$deldb->query("delete from state_tax where id = '{$delete}'");
print "<div align=\"center\" class=\"success\">State Tax Entry deleted!</div><br>";
} else {
print "<div align=\"center\" class=\"error\">Are you sure you want to delete this State Tax Entry? <a class=\"error\" href=\"state_tax.php?delete={$delete}&confirm=y\">Yes</a> <a class=\"error\" href=\"state_tax.php\">No</a></div><br>";
}
}
$db = new dbi();
$db->query("select * from state_tax");
if ($db->numrows()) {
print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\" colspan=\"2\">State Tax</td><td><a href=\"state_tax.php?add=1\" style=\"color:#FFFFFF;\">Add an Entry</a></td></tr>";
while ($db->loop()) {
print "<tr><td width=\"50\"><a href=\"state_tax.php?mod=" . $db->result("id") . "\">" . $db->result("state") . "</a></td><td align=\"right\">" . $db->result("tax") . " %</td><td align=\"right\"><a href=\"state_tax.php?delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
}
print "</table>";
}
}
include "footer.inc";
?>
</body>
</html>
<body>
<?php
function dollar($num)
{
return "\$" . number_format($num, 2, ".", ",");
}
if (isset($_GET[id])) {
$db->query("select orders.*,account.email from orders inner join account on account.id = orders.account where orders.id = '" . $_GET['id'] . "'");
if (!$db->numrows()) {
print "No Such Order!";
} else {
?>
<table align="center" width="98%" cellpadding="2" cellspacing="0" border="0" style="border-bottom:2px solid black;">
<tr><td align="left" style="font-size:16px;"><b>Data Business Systems, Inc.</b></td><td align="right" style="font-size:16px;"><b>Order #: <?php
echo $db->result("id");
?>
</b></td></tr>
</table>
<table bgcolor="#FFFFFF" width="96%" cellpadding="0" cellspacing="0" style="margin:2px auto 2px auto;">
<tr><td colspan="2">
<table width="100%" cellpadding="5" cellspacing="0">
<tr><td align="left" nowrap="nowrap"><?php
if ($_GET['history']) {
?>
<form style="margin:0;" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
?id=<?php
echo $db->result("id");
?>
$deldb->query("select * from menu where site = '" . SITE . "' and type = 'info' and type_id = '{$delete}'");
if ($deldb->numrows()) {
print "<div align=\"center\" class=\"error\">Information attached to Menu! Please remove from Menu first.</div><br>";
} else {
if (isset($confirm) && $confirm == 'y') {
$deldb->query("delete from info where site = '" . SITE . "' and id = '{$delete}'");
print "<div align=\"center\" class=\"success\">Information deleted!</div><br>";
} else {
print "<div align=\"center\" class=\"error\">Are you sure you want to delete this info? <a class=\"error\" href=\"info.php?delete={$delete}&confirm=y\">Yes</a> <a class=\"error\" href=\"info.php\">No</a></div><br>";
}
}
}
$db = new dbi();
$db->query("select * from info where site = '" . SITE . "'");
print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\">Information</td><td colspan=\"2\"><a href=\"info.php?add=1\" style=\"color:#FFFFFF;\">Add Information Page</a></td></tr>";
if ($db->numrows()) {
print "<tr><td class=\"bold\" align=\"left\">Name</td><td class=\"bold\" align=\"center\">View</td><td class=\"bold\" align=\"right\">Delete?</td></tr>";
while ($db->loop()) {
print "<tr><td><a href=\"info.php?mod=" . $db->result("id") . "\">" . $db->result("name") . "</a></td><td align=\"center\"><a href=\"" . DOCUMENT_BASE . "/info/" . $db->result("id") . "\" target=\"_blank\">View</a></td><td align=\"right\"><a href=\"info.php?delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
}
} else {
print "<tr><td colspan=\"3\" align=\"center\">No Information available!</td></tr>";
}
print "</table>";
}
include "footer.inc";
?>
</body>
</html>
include "../inc/header.inc";
?>
<h1>Password Reminder</h1>
<table align="center" cellpadding="4" cellspacing="0" align="center">
<?php
if (isset($_POST[email])) {
if ($_POST[email] == "") {
$error = "Please specify a valid email address!";
}
if (!$error) {
$edb = new dbi();
$edb->query("select email,password from account where email = '{$_POST['email']}' limit 0,1");
if ($edb->numrows()) {
$from = "DBS Support <*****@*****.**>";
$header = "Return-Path: {$from}\r\nFrom: {$from}\r\nReply-To: {$from}";
$message = "This is your requested password reminder from a Data Business Systems Site. Below is your account email address and password.\n\n Email Address: " . $edb->result("email") . "\n Password: "******"password")), substr($edb->result("email"), 0, 2))) . "\n\nThis information was requested from (" . $_SERVER[REMOTE_ADDR] . ").\n\nRegards,\nCustomer Support\nsupport@databusinesssystems.com";
mail($edb->result("email"), "Password Reminder", $message, $header);
print "<tr><td align=\"left\">Your password has been sent! If you do not receive the email or if you are still having difficulties using your account, please email us at <a href=\"mailto:support@databusinesssystems.com\">support@databusinesssystems.com</a> or call us at 1-800-778-6247.</td></tr>";
} else {
$error = "No account with that email address!";
}
}
}
if (!isset($_POST[email]) || $error) {
?>
<tr><td>If you have lost your password, enter your email address below and your information will be sent to you.<br><br></td></tr>
<?php
if ($error) {
?>
<tr><td align="center" class="error"><?php
echo $error;
</form>
<?php
}
}
if (!isset($add) && !isset($mod) || isset($success)) {
$db = new dbi();
if (isset($delete)) {
if (isset($confirm) && $confirm == 'y') {
$db->query("delete from coupon where site = '" . SITE . "' and id = '{$delete}'");
print "<div align=\"center\" class=\"success\">Coupon deleted!</div><br>";
} else {
print "<div align=\"center\" class=\"error\">Are you sure you want to delete this coupon? <a class=\"error\" href=\"{$_SERVER['PHP_SELF']}?delete={$delete}&confirm=y\">Yes</a> <a class=\"error\" href=\"{$_SERVER['PHP_SELF']}\">No</a></div><br>";
}
}
$db->query("select * from coupon where site = '" . SITE . "'");
print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\" colspan=\"2\">Coupons</td><td><a href=\"{$_SERVER['PHP_SELF']}?add=1\" style=\"color:#FFFFFF;\">Add a Coupon</a></td></tr>";
if ($db->numrows()) {
while ($db->loop()) {
print "<tr><td valign=\"top\"><a href=\"{$_SERVER['PHP_SELF']}?mod=" . $db->result("id") . "\">" . $db->result("code") . "</a></td><td width=\"300\">" . $db->result("description") . "<td align=\"right\" valign=\"top\"><a href=\"{$_SERVER['PHP_SELF']}?delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
}
} else {
print "<tr><td colspan=\"2\">No Coupons Available</td></tr>";
}
print "</table>";
}
include "footer.inc";
?>
</body>
</html>
$error = "Email account already exists.";
}
}
if (!$error) {
if (isset($_POST['po'])) {
$po = 'y';
} else {
$po = 'n';
}
if (isset($_GET['mod'])) {
$query = "update account set email = '" . $_POST['email'] . "', password = "******"") {
$query .= "'" . base64_encode(encrypto($_POST['password'], strtolower(substr($_POST['email'], 0, 2)))) . "'";
} else {
$db->query("select email,password from account where id = '" . $_GET['mod'] . "'");
$oldpassword = trim(decrypto(base64_decode($db->result("password")), substr($db->result("email"), 0, 2)));
$query .= "'" . base64_encode(encrypto($oldpassword, strtolower(substr($_POST['email'], 0, 2)))) . "'";
}
$query .= ", po = '{$po}', taxrate = " . (is_numeric($_POST['taxrate']) ? "'" . $_POST['taxrate'] . "'" : "null") . " where id = '" . $_GET['mod'] . "'";
$db->query($query);
$id = $mod;
} else {
#$error = 'success';
$id = $db->query("insert into account (email, password, po, taxrate, created) values('{$_POST['email']}', '" . base64_encode(encrypto($_POST[password], strtolower(substr($_POST['email'], 0, 2)))) . "', '{$po}', " . (is_numeric($_POST['taxrate']) ? "'" . $_POST['taxrate'] . "'" : "null") . ", '" . date("Y-m-d H:i:s", time()) . "')");
}
print "<div align=\"center\" class=\"success\">Account updated successfully!</div><br>";
}
}
}
if (!isset($_POST[email]) || $error) {
if (isset($_GET['mod']) && !$error) {
<?php
require_once "/home/bocawebgroup/public_html/inc/ad_track.inc";
require_once "inc/config.inc";
require_once "../inc/dbi.inc";
if (isset($_POST['name']) && isset($_POST['data'])) {
$name = $_POST['name'];
$date = $_POST['data'];
} else {
$db = new dbi();
$db->query("select * from info where id = '" . $_GET[id] . "' and site = '" . SITE . "'");
if ($db->numrows()) {
$name = $db->result("info.name");
$data = $db->result("info.data");
} else {
header("HTTP/1.1 404 Not Found");
exit;
}
}
?>
<html>
<head>
<title>One-Write - <?php
echo $name;
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="<?php
echo DOCUMENT_BASE;
?>
/style.css">
print ">" . $prodb->result("name") . "</option>";
}
?>
</select></td></tr>
<tr><td><input type="radio" name="type" value="product"<?php
if (isset($error) && $_POST[type] == 'product') {
print " checked=\"checked\"";
} elseif (isset($moddb) && $moddb->result("type") == 'product') {
print " checked=\"checked\"";
}
?>
></td><td>Product <select name="product"><option value=""></option><?php
$prodb = new dbi();
$prodb->query("select * from product_category where site = '" . SITE . "' order by name asc");
while ($prodb->loop()) {
print "<option value=\"" . $prodb->result("id") . "\"";
if (isset($error) && $_POST[type] == "product" && $prodb->result("id") == $_POST[product] || !isset($error) && isset($moddb) && $moddb->result("type") == "product" && $moddb->result("type_id") == $prodb->result("id")) {
print " selected=\"selected\"";
}
print ">" . $prodb->result("name") . "</option>";
}
?>
</select></td></tr>
</table>
</td></tr>
<tr bgcolor="#990000"><td colspan="2" align="center"><input type="submit" value="Update"></td></tr>
</table>
</form>
<?php
}
}
<body>
<?php
include "header.inc";
$db = new dbi();
$db->query("select * from ad_track order by timestamp desc limit 0,25");
?>
<table width="98%" align="center" cellpadding="3" cellspacing="0">
<tr class="bar"><td>Date/Time</td><td>Campaign</td><td>IP/HOST</td></tr>
<?php
while ($db->loop()) {
?>
<tr bgcolor="#<?php
echo $db->currentrow() % 2 ? "DDDDDD" : "FFFFFF";
?>
"><td valign="top"><?php
echo date("n/d/Y", strtotime($db->result("timestamp")));
?>
<?php
echo date("h:i a", strtotime($db->result("timestamp")));
?>
</td><td style="font-weight:bold;"><?php
echo $db->result("campaign");
?>
</td><td><?php
echo gethostbyaddr($db->result("ip"));
?>
</td></tr>
<tr bgcolor="#<?php
echo $db->currentrow() % 2 ? "DDDDDD" : "FFFFFF";
?>
"><td colspan="3" style="font-weight:bold;">File: <?php
}
$db = new dbi();
if (isset($_GET['category'])) {
$results = mysql_query("select name from product_category where id = '" . $_GET['category'] . "'", $dbh);
$bar_title = "Products for '" . mysql_result($results, 0, "name") . "'";
$db->query("select * from product where category = '{$_GET['category']}' and user = '******' order by sort, description asc");
} else {
$results = mysql_query("select email from account where id = '" . $_GET['user'] . "'", $dbh);
$bar_title = "Products for '" . mysql_result($results, 0, "email") . "'";
$db->query("select product_category.site,product.* from product inner join product_category on product_category.id = product.category where user = '******'user']}' order by sort, description asc");
}
print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
print "<tr class=\"bar\"><td>{$bar_title}</td><td align=\"right\"><a href=\"product.php?" . (isset($_GET[category]) ? "category=" . $_GET['category'] : "user="******"&add=1\">Add a Product</a></td></tr>";
if ($db->numrows()) {
while ($db->loop()) {
print "<tr><td align=\"left\"><a href=\"product.php?" . (isset($_GET[category]) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "&mod=" . $db->result("id");
if (isset($_GET[user])) {
print "&setsite=" . $db->result("product_category.site");
}
print "\">" . substr($db->result("description"), 0, 60) . "</td><td align=\"right\"><a href=\"product.php?" . (isset($_GET[category]) ? "category=" . $_GET['category'] : "user={$_GET['user']}") . "&delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
}
} else {
print "<tr><td colspan=\"2\" align=\"center\">No Products for that Category/User!</td></tr>";
}
print "</table>";
}
include "footer.inc";
?>
</body>
</html>
}
if (!$error) {
mysql_query("update order_address set name = '" . addslashes($_POST['name']) . "', company = '" . addslashes($_POST['company']) . "', address1 = '" . addslashes($_POST['address1']) . "', address2 = '" . addslashes($_POST['address2']) . "', city = '" . addslashes($_POST['city']) . "', state = '" . addslashes($_POST['state']) . "', zip_code = '" . addslashes($_POST['zip_code']) . "', phone = '" . addslashes($_POST['phone']) . "', fax = '" . addslashes($_POST['fax']) . "' where account = '" . $_SESSION['account_id'] . "' and id = '" . $_GET['modify'] . "'", $dbh);
print "<div align=\"center\" class=\"success\">Address updated successfully!</div>";
}
}
if (isset($error) || !sizeof($_POST)) {
if ($error) {
print "<div align=\"center\" class=\"error\">{$error}</div><br>";
}
?>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
?modify=<?php
echo $db->result("id");
?>
" method="post">
<table width="95%" border="0" cellspacing="1" cellpadding="4" align="center">
<tr><td class="bar" align="left" colspan="2">Modify Address</td></tr>
<tr><td align="right" width="40%" style="font-weight:bold;">Full Name</td><td align="left" width="60%"><input type="text" name="name" size="35" value="<?php
if ($error) {
print $_POST['name'];
} else {
print $db->result("name");
}
?>
"></td></tr>
<tr><td align="right" width="40%" style="font-weight:bold;">Company</td><td align="left" width="60%"><input type="text" name="company" size="35" value="<?php
if ($error) {
print $_POST['company'];
