$page = "team_edit";
$status = "add";
} else {
// This determines the page to show once the form submission has been successful
$status = "team_add";
// Begin to clean up the $_POST submissions
$user_password = md5(CleanUp($_POST[user_password_1]));
$user_username = CleanUp($_POST[user_username]);
$user_address_1 = CleanUpAddress($_POST[user_address_1]);
$user_address_2 = CleanUpAddress($_POST[user_address_2]);
$user_address_3 = CleanUpAddress($_POST[user_address_3]);
$user_address_town = CleanUpAddress($_POST[user_address_town]);
$user_address_postcode = CleanUpPostcode($_POST[user_address_postcode]);
$user_address_county = CleanUpAddress($_POST[user_address_county]);
$user_name_first = CleanUpNames($_POST[user_name_first]);
$user_name_second = CleanUpNames($_POST[user_name_second]);
$user_num_extension = CleanUp($_POST[user_num_extension]);
$user_num_home = CleanUpPhone($_POST[user_num_home]);
$user_num_mob = CleanUpPhone($_POST[user_num_mob]);
$user_email = CleanUpEmail($_POST[user_email]);
$user_user_rate = CleanUp($_POST[user_user_rate]);
$user_user_added = time();
$user_timesheet = CleanUp($_POST[user_timesheet]);
$user_holidays = CleanUp($_POST[user_holidays]);
$user_active = CleanUp($_POST[user_active]);
$user_usertype = CleanUp($_POST[user_usertype]);
// Construct the MySQL instruction to add these entries to the database
$sql_add = "INSERT INTO intranet_user_details (\nuser_id,\nuser_password,\nuser_address_county,\nuser_address_postcode,\nuser_address_town,\nuser_address_3,\nuser_address_2,\nuser_address_1,\nuser_name_first,\nuser_name_second,\nuser_num_extension,\nuser_num_mob,\nuser_num_home,\nuser_email,\nuser_usertype,\nuser_active,\nuser_username,\nuser_user_rate,\nuser_user_added,\nuser_user_timesheet,\nuser_holidays\n) values (\n'NULL',\n'{$user_password}',\n'{$user_address_county}',\n'{$user_address_postcode}',\n'{$user_address_town}',\n'{$user_address_3}',\n'{$user_address_2}',\n'{$user_address_1}',\n'{$user_name_first}',\n'{$user_name_second}',\n'{$user_num_extension}',\n'{$user_num_mob}',\n'{$user_num_home}',\n'{$user_email}',\n'{$user_usertype}',\n'{$user_active}',\n'{$user_username}',\n'{$user_user_rate}',\n'{$user_user_added}',\n'{$user_user_timesheet}',\n'{$user_holidays}'\n)";
print $sql_add;
$result = mysql_query($sql_add, $conn) or die(mysql_error());
$actionmessage = "User added successfully.";
$page = "contacts_edit";
$action = "add";
} elseif ($_POST[contact_namesecond] == "") {
$alertmessage = "The contact's surname name was left empty.";
$page = "contacts_edit";
$action = "add";
} else {
// This determines the page to show once the form submission has been successful
$page = "contacts_view";
// Begin to clean up the $_POST submissions
$contact_id = $_POST[contact_id];
$contact_prefix = $_POST[contact_prefix];
$contact_namefirst = CleanUpNames($_POST[contact_namefirst]);
$contact_namesecond = CleanUpNames($_POST[contact_namesecond]);
$contact_title = $_POST[contact_title];
$contact_company = CleanUpNames($_POST[contact_company]);
$contact_telephone = CleanUpPhone($_POST[contact_telephone]);
$contact_telephone_home = CleanUpPhone($_POST[contact_telephone_home]);
$contact_fax = CleanUpPhone($_POST[contact_fax]);
$contact_mobile = CleanUpPhone($_POST[contact_mobile]);
$contact_email = CleanUpEmail($_POST[contact_email]);
$contact_sector = $_POST[contact_sector];
$contact_reference = CleanUp($_POST[contact_reference]);
$contact_department = CleanUp($_POST[contact_department]);
$contact_added = time();
$contact_relation = $_POST[contact_relation];
$contact_discipline = $_POST[contact_discipline];
$contact_include = $_POST[contact_include];
$contact_address = CleanUpAddress($_POST[contact_address]);
$contact_city = CleanUp($_POST[contact_city]);
$contact_county = CleanUp($_POST[contact_county]);
<?php
// Begin to clean up the $_POST submissions
$message_id = CleanNumber($_POST[message_id]);
$message_from_id = CleanNumber($_POST[message_from_id]);
$message_from_name = CleanUpNames($_POST[message_from_name]);
$message_from_company = CleanUpNames($_POST[message_from_company]);
$message_from_number = CleanUp($_POST[message_from_number]);
$message_for_user = CleanNumber($_POST[message_for_user]);
$message_text = CleanUp($_POST[message_text]);
$message_viewed = CleanNumber($_POST[message_viewed]);
$message_date = time();
$message_project = CleanNumber($_POST[message_project]);
$message_taken = CleanNumber($_POST[message_taken]);
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($_POST[message_from_id] == "" and $_POST[message_from_name] == "") {
$alertmessage = "You have not entered the name of the caller.";
$page_redirect = "phonemessage_edit";
} elseif ($_POST[message_text] == "") {
$alertmessage = "The message was left empty.";
$page_redirect = "timesheet_expense_edit";
} else {
// Construct the MySQL instruction to add these entries to the database
if ($message_id > 0) {
$sql_edit = "UPDATE intranet_phonemessage SET\n\t\tmessage_from_id = '{$message_from_id}',\n\t\tmessage_from_name = '{$message_from_name}',\n\t\tmessage_from_company = '{$message_from_company}',\n\t\tmessage_from_number = '{$message_from_number}',\n\t\tmessage_for_user = '******',\n\t\tmessage_text = '{$message_text}',\n\t\tmessage_viewed = '{$message_viewed}',\n\t\tmessage_date = '{$message_date}',\n\t\tmessage_project = '{$message_project}',\n\t\tmessage_taken = '{$message_taken}'\n\t\tWHERE message_id = '{$message_id}'\n\t\tLIMIT 1";
$result = mysql_query($sql_edit, $conn) or die(mysql_error());
$actionmessage = "Telephone message updated successfully.";
$techmessage = $sql_edit;
} else {
$sql_add = "INSERT INTO intranet_phonemessage (\n\t\tmessage_id,\n\t\tmessage_from_id,\n\t\tmessage_from_name,\n\t\tmessage_from_company,\n\t\tmessage_from_number,\n\t\tmessage_for_user,\n\t\tmessage_text,\n\t\tmessage_viewed,\n\t\tmessage_date,\n\t\tmessage_project,\n\t\tmessage_taken\n\t\t) values (\n\t\t'NULL',\n\t\t'{$message_from_id}',\n\t\t'{$message_from_name}',\n\t\t'{$message_from_company}',\n\t\t'{$message_from_number}',\n\t\t'{$message_for_user}',\n\t\t'{$message_text}',\n\t\t'{$message_viewed}',\n\t\t'{$message_date}',\n\t\t'{$message_project}',\n\t\t'{$message_taken}'\n\t\t)";
$result = mysql_query($sql_add, $conn) or die(mysql_error());
<?php
// Check that the required values have been entered, and alter the page to show if these values are invalid
if ($_POST[company_name] == "") {
$alertmessage = "The company name was left empty.";
$page = "company_edit";
$action = "add";
} else {
// This determines the page to show once the form submission has been successful
$page = "company_view";
// Begin to clean up the $_POST submissions
$company_id = $_POST[company_id];
$company_name = CleanUpNames($_POST[company_name]);
$company_phone = CleanUpPhone($_POST[company_phone]);
$company_fax = CleanUpPhone($_POST[company_fax]);
$company_address = CleanUpAddress($_POST[company_address]);
$company_city = CleanUp($_POST[company_city]);
$company_county = CleanUp($_POST[company_county]);
$company_postcode = CleanUpPostcode($_POST[company_postcode]);
$company_country = $_POST[company_country];
$company_web = str_replace("http://", "", $_POST[company_web]);
$company_notes = $_POST[company_notes];
// Construct the MySQL instruction to add these entries to the database
$sql_add = "UPDATE contacts_companylist SET\ncompany_name = '{$company_name}',\ncompany_phone = '{$company_phone}',\ncompany_fax = '{$company_fax}',\ncompany_address = '{$company_address}',\ncompany_city = '{$company_city}',\ncompany_county = '{$company_county}',\ncompany_postcode = '{$company_postcode}',\ncompany_country = '{$company_country}',\ncompany_web = '{$company_web}',\ncompany_notes = '{$company_notes}'\nWHERE company_id = '{$company_id}' LIMIT 1\n";
$result = mysql_query($sql_add, $conn) or die(mysql_error());
$actionmessage = "The entry for company <b>{$company_name}</b> was updated successfully.";
$techmessage = $sql_add;
$company_id = mysql_affected_rows($result);
}