DEFINE("ADMINLEVELNEEDED", 'AddTemp'); include_once "include_files/access.inc.php"; $db = new mysqli($db_server, $db_username, $db_password, $db_name); $temps = FALSE; $station = FALSE; $user = FALSE; $temps = FALSE; $unit = FALSE; $inserts = array(); $station = Is_Set_Request('Station', $db); $user = $_SESSION['USER']; if (isset($_REQUEST['temp']) && !empty($_REQUEST['temp'])) { $temps = $_REQUEST['temp']; } if (Check_Admin_String('ChangeUnit', $_SESSION['ADMINLEVEL'])) { $unit = Is_Set_Request('Unit', $db); } else { $unit = $_SESSION['UNIT']; } if ($station != FALSE && $user != FALSE && $unit != FALSE && $temps != FALSE) { foreach ($temps as $item => $temp) { if (is_numeric($item)) { $item = $db->real_escape_string($item); } else { $item = FALSE; } if (is_numeric($temp)) { $temp = $db->real_escape_string($temp); } else { $temp = FALSE; }
<?php //TODO Add everything /* Define the admin level needed. Valid values are: 'ChangeUnit','AddTemp','AddItem','AddUser','ViewLog' */ DEFINE("ADMINLEVELNEEDED", 'AddTemp'); include_once "include_files/access.inc.php"; $db = new mysqli($db_server, $db_username, $db_password, $db_name); $station = Is_Set_Request('Station', $db); $name = Is_Set_Request('Name', $db); $temp = Is_Set_Request('Temp', $db); $meal = Is_Set_Request('Meal', $db); $user = $_SESSION['USER']; /* Insert new temp into the temp table then take any necessary action */ $sql = "INSERT INTO `ITEMS` (`Name`, `Temp`,`DefaultStation`,`AddedBy`,`Created`,`Meal`) VALUES ('{$name}','{$temp}',{$station},{$user},now(),'{$meal}')"; if ($db->query($sql) === TRUE) { $db->close(); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $extra = 'items.php'; // change accordingly header("Location: http://{$host}{$uri}/{$extra}"); exit; } else { echo "Error: {$sql} AddTemp - " . $db->error; $db->close(); }