Пример #1
0
 $fundingObj->FundingSourceID = sqlEscapeString($FundingSourceID);
 $fundingObj->FundingTypeID = sqlEscapeString($FundingTypeID);
 $fundingObj->AwardDate = sqlEscapeString($AwdDate);
 $fundingObj->AwardAmount = sqlEscapeString($AwardAmount);
 $fundingObj->Comment = sqlEscapeString($Comment);
 $fundingObj->CompanyID = sqlEscapeString($CompanyID);
 //Financing
 $financingObj->CompanyID = sqlEscapeString($CompanyID);
 $financingObj->Date = sqlEscapeString($Date);
 $financingObj->Amount = sqlEscapeString($Amount);
 $financingObj->FinancingType = sqlEscapeString($FinancingType);
 $financingObj->FinancingProvider1 = sqlEscapeString($FinancingProvider1);
 $financingObj->FinancingProvider2 = sqlEscapeString($FinancingProvider2);
 $financingObj->FinancingProvider3 = sqlEscapeString($FinancingProvider3);
 $financingObj->FinancingProvider4 = sqlEscapeString($FinancingProvider4);
 $financingObj->DataSource = sqlEscapeString($DataSource);
 //error_log(print_r($companyObj));
 //error_log(print_r($fundingObj));
 //error_log(print_r($financingObj));
 // include the data access class
 include_once "SQLUtils.php";
 // init the return code
 $retVal = array(false, "Data not inserted");
 // insert/update the data
 $retVal = updateObjectReturnID($fundingObj);
 //error_log("Funding: " .$retVal);
 $validated = $retVal[0];
 // set the return codes and messages
 if ($retVal[0]) {
     // init the return code
     $retVal = array(false, "Data not inserted");
Пример #2
0
 // validate that the education data is good
 if (isset($Number) && !empty($Number) || isset($WorkHisDetail) && !empty($WorkHisDetail) || isset($PositionHeld) && !empty($PositionHeld) || $W_From != "-1" && $W_To != "-1" || isset($Seniority) && !empty($Seniority) || isset($Position_Domain) && !empty($Position_Domain) || isset($Industry) && !empty($Industry) || isset($Sector) && !empty($Sector)) {
     // create a new founderEdu object
     $founderWorkHisObj = new FounderWorkHis();
     //load the FounderEdu object with the page parameters
     //$founderWorkHisObj->Number = sqlEscapeString($Number);
     //$founderWorkHisObj->WorkHisID = sqlEscapeString($WorkHisID);
     $founderWorkHisObj->FounderID = sqlEscapeString($FounderID);
     $founderWorkHisObj->WorkHisDetail = sqlEscapeString($WorkHisDetail);
     $founderWorkHisObj->PositionHeld = sqlEscapeString($PositionHeld);
     $founderWorkHisObj->Seniority = sqlEscapeString($Seniority);
     $founderWorkHisObj->Position_Domain = sqlEscapeString($Position_Domain);
     $founderWorkHisObj->W_From = sqlEscapeString($W_From);
     $founderWorkHisObj->W_To = $W_To;
     $founderWorkHisObj->Industry = sqlEscapeString($Industry);
     $founderWorkHisObj->Sector = sqlEscapeString($Sector);
     $founderWorkHisObj->LastUpdated = date('Y-m-d H:i:s');
     $founderWorkHisObj->LastUpdatedBy = $userInfo->ID;
     // include the data access class
     include_once "SQLUtils.php";
     // init the return code
     $retVal = array(false, "Data not inserted");
     //insert/update data
     $retVal = updateObject($founderWorkHisObj);
     // set the informational message from the update
     $validated = $retVal[0];
     $validationMessage = $retVal[1];
     // if succeeded clear out the fields
     if ($retVal[0]) {
         //$Number = '';
         $WorkHisDetail = '';
Пример #3
0
        } else {
            //
            $validated = false;
            $validationMessage = 'The founder "' . $FirstName . ' ' . $MidInitial . ' ' . $LastName . '" is in our database. Please select your founder below.';
            $duplicatedFounder = $retVal[1];
        }
    } else {
        $validated = false;
        $validationMessage = "Please enter the first and last name.";
    }
}
// is this a post to add a selected founder
if (isset($AddSelectedFounder)) {
    // validation
    if (isset($dupeSelect) && !empty($dupeSelect)) {
        $retVal = checkForDuplicateRelationshipFounderName(sqlEscapeString($dupeSelect), sqlEscapeString($CompanyID));
        if ($retVal[0] == false) {
            // get the conpany object definition loaded
            include_once "FounderToCompanyJoin.cls.php";
            // create a new company object
            $founderToCompany = new FounderToCompanyJoin();
            // load the join object
            $founderToCompany->FounderID = $dupeSelect;
            $founderToCompany->CompanyID = $CompanyID;
            // include the data access class
            include_once "SQLUtils.php";
            // init the return code
            $retVal = array(false, "Data not inserted");
            // insert the data
            $retVal = updateObject($founderToCompany);
            // set the return codes and messages
Пример #4
0
 $FirstName = htmlspecialchars($FirstName, ENT_QUOTES);
 $LastName = htmlspecialchars($LastName, ENT_QUOTES);
 $MidInitial = htmlspecialchars($MidInitial, ENT_QUOTES);
 // check for a duplucate name or prev/other name
 $retVal = checkForDuplicateFounderName($FirstName, $LastName, $MidInitial);
 // was this a new founder
 if ($retVal[0] == false) {
     // get the founder object definition loaded
     include_once "Founder.cls.php";
     // create a new founder object
     $founder = new Founder();
     // load the founder object
     $founder->FirstName = sqlEscapeString($FirstName);
     $founder->LastName = sqlEscapeString($LastName);
     $founder->MidInitial = sqlEscapeString($MidInitial);
     $founder->CompanyName = sqlEscapeString($CompanyName);
     $founder->LastUpdatedBy = $userInfo->ID;
     // include the data access class
     include_once "SQLUtils.php";
     // init the return code
     $retVal = array(false, "Data not inserted");
     // insert the data
     $retVal = updateObjectReturnID($founder);
     // set the return codes and messages
     $validated = $retVal[0];
     $validationMessage = $retVal[1];
     // clear out for the next run
     $FirstName = '';
     $LastName = '';
     $MidInitial = '';
     // redirect to the company detail page
Пример #5
0
function generateCSVData($selectedCol)
{
    // include the data access class
    include_once "SQLUtils.php";
    $out = "";
    // init the return code
    $retVal = array(false, "No data.");
    // create sql statement
    $sql = "EXEC dbo.GetCompanies";
    // get the data
    $companyObjs = query($sql, "Company");
    $colcount = 0;
    // did we get valid data back
    if (isset($companyObjs) && !empty($companyObjs) && count($companyObjs) > 0) {
        // loop through the selected cols for the file header
        foreach ($selectedCol as $Col) {
            if ($Col == "UserName") {
                $out .= '"Last Updated By",';
            } else {
                $out .= '"' . $Col . '",';
            }
        }
        $out = substr($out, 0, strlen($out) - 1);
        // put in a line feed/carriage return
        $out .= PHP_EOL;
        // loop through the data which are company ojbjects
        foreach ($companyObjs as $companyObj) {
            // loop trhough the selected cols for the output
            foreach ($selectedCol as $Col) {
                if (is_numeric($companyObj->{$Col})) {
                    $out .= sqlEscapeString($companyObj->{$Col}) . ',';
                } else {
                    $out .= '"' . sqlEscapeString($companyObj->{$Col}) . '",';
                }
                // put in a line feed/carriage return
            }
            $out = substr($out, 0, strlen($out) - 1);
            $out .= PHP_EOL;
        }
        return $out;
    }
}
Пример #6
0
    $companyObj->Fax = sqlEscapeString($Fax);
    $companyObj->Inc_DE = nullpulldown($Inc_DE);
    $companyObj->RTP = nullpulldown($RTP);
    $companyObj->MoveoutNC = nullpulldown($MoveoutNC);
    $companyObj->MoveoutDate = sqlEscapeString($MoveoutDate);
    $companyObj->DUNS = sqlEscapeString($DUNS);
    $companyObj->AffiliationID = nullpulldown($AffiliationID);
    $companyObj->EntryType = sqlEscapeString($EntryType);
    $companyObj->TLOSource = sqlEscapeString($TLOSource);
    $companyObj->TLOAffiliation = sqlEscapeString($TLOAffiliation);
    $companyObj->IFUniAffiliation = sqlEscapeString($IFUniAffiliation);
    $companyObj->RTPAnchor = sqlEscapeString($RTPAnchor);
    $companyObj->EstaEntryLoc = sqlEscapeString($EstaEntryLoc);
    $companyObj->EntryTypeSource = sqlEscapeString($EntryTypeSource);
    $companyObj->EstEntryLocationSource = sqlEscapeString($EstEntryLocationSource);
    $companyObj->CompanyAddressSource = sqlEscapeString($CompanyAddressSource);
    // include the data access class
    include_once "SQLUtils.php";
    // init the return code
    $retVal = array(false, "Data not inserted");
    // insert/update the data
    $retVal = updateObjectReturnID($companyObj);
    // set the return codes and messages
    $validated = $retVal[0];
    $validationMessage = "Update successful.";
}
// if we camne in with a company ID
if (isset($CompanyID) && !empty($CompanyID)) {
    // get the data
    $company = doGetCompany($CompanyID);
    // did we get a company back
Пример #7
0
 $founderObj = new Founder();
 // load the founder object with the page parameters
 $founderObj->FounderID = $FounderID;
 $founderObj->CompanyID = $CompanyID;
 $founderObj->LastName = sqlEscapeString($LastName);
 $founderObj->MidInitial = sqlEscapeString($MidInitial);
 $founderObj->FirstName = sqlEscapeString($FirstName);
 $founderObj->Suffix = sqlEscapeString($Suffix);
 $founderObj->NameSource = sqlEscapeString($NameSource);
 $founderObj->ContactInfoSource = sqlEscapeString($ContactInfoSource);
 $founderObj->HomepageSource = sqlEscapeString($HomepageSource);
 $founderObj->PhoneNumber = $PhoneNumber;
 $founderObj->Email = sqlEscapeString($Email);
 $founderObj->Homepage = sqlEscapeString($Homepage);
 $founderObj->Other_Name = sqlEscapeString($Other_Name);
 $founderObj->F_Remark = sqlEscapeString($F_Remark);
 $founderObj->LastUpdated = date('Y-m-d H:i:s');
 $founderObj->LastUpdatedBy = $userInfo->ID;
 // if the user added a suffix save it
 if ($Suffix != "-1") {
     $founderObj->Suffix = $Suffix;
 }
 // include the data access class
 include_once "SQLUtils.php";
 // init the return code
 $retVal = array(false, "Data not inserted");
 // insert/update the data
 $retVal = updateObjectReturnID($founderObj);
 // set the return codes and messages
 $validated = $retVal[0];
 // updateObjectReturnID returns an id. so set update successful text if so
Пример #8
0
getExtraParams(array("CompanyID", "FundingID", "AcquisitionID", "Refresh", "Update", "AddAcquisition", "Source", "State", "Amount", "Date", "Source", "Remove"));
// set the title name to be displayed in the header
$title = "Acquisition Detail Information";
$scripts = "<script type=\"text/javascript\" src=\"AcquisitionDetails.js\" />";
// add flag to detect pages that need update messages
$DirtyPageEnabled = true;
// the update button was hit
if (isset($Update)) {
    // create a new founder object
    $acquisitionObj = new Acquisition();
    // load the founder object with the page parameters
    $acquisitionObj->AcquisitionID = sqlEscapeString($AcquisitionID);
    $acquisitionObj->CompanyID = sqlEscapeString($CompanyID);
    $acquisitionObj->Date = sqlEscapeString($Date);
    $acquisitionObj->Amount = sqlEscapeString($Amount);
    $acquisitionObj->Source = sqlEscapeString($Source);
    // if the user added a suffix save it
    //if($Suffix != "-1")
    //$founderObj->Suffix = $Suffix;
    // include the data access class
    include_once "SQLUtils.php";
    // init the return code
    $retVal = array(false, "Data not inserted");
    // insert/update the data
    $retVal = updateObjectReturnID($acquisitionObj);
    //error_log(print_r($retVal));
    // set the return codes and messages
    $validated = $retVal[0];
    // updateObjectReturnID returns an id. so set update successful text if so
    if ($validated) {
        $validationMessage = "Update successful";
Пример #9
0
$title = "Founder Education Information";
$scripts = "<script type=\"text/javascript\" src=\"FounderEdu.js\" />";
// add flag to detect pages that need update messages
$DirtyPageEnabled = true;
// the update button was hit
if (isset($Update)) {
    // validate that the education data is good
    if (1) {
        // create a new founderEdu object
        $founderEduObj = new FounderEdu();
        //load the FounderEdu object with the page parameters
        //$founderEduObj->FounderEduID = NULL;
        $founderEduObj->FounderID = $FounderID;
        $founderEduObj->DegreeFrom = sqlEscapeString($NewDegreeFrom);
        $founderEduObj->GraduatedYr = $NewGraduatedYr;
        $founderEduObj->Major = sqlEscapeString($NewMajor);
        $founderEduObj->LastUpdated = date('Y-m-d H:i:s');
        $founderEduObj->LastUpdatedBy = $userInfo->ID;
        $founderEduObj->DegreeLookupID = $NewDegreeType;
        // include the data access class
        include_once "SQLUtils.php";
        // init the return code
        $retVal = array(false, "Data not inserted");
        //insert/update data
        $retVal = updateObject($founderEduObj);
        // set the informational message from the update
        $validated = $retVal[0];
        $validationMessage = $retVal[1];
        // if succeeded clear out the fields
        if ($retVal[0]) {
            $NewMajor = '';
Пример #10
0
    }
}
// is this a post to add a new founder
if (isset($AddFundingType)) {
    // validation
    if (isset($TypeName) && !empty($TypeName)) {
        // check for a duplucate name or prev/other name
        $retVal = checkForDuplicateTypeName($TypeName);
        // was this a new founder
        if ($retVal[0] == false) {
            // get the founder object definition loaded
            include_once "FundingType.cls.php";
            // create a new founder object
            $type = new FundingType();
            // load the founder object
            $type->Name = sqlEscapeString($TypeName);
            // include the data access class
            include_once "SQLUtils.php";
            // init the return code
            $retVal = array(false, "Data not inserted");
            // insert the data
            $retVal = updateObject($type);
            // set the return codes and messages
            $validated = $retVal[0];
            $validationMessage = "Insert new type successful.";
            // clear out for the next run
            $TypeName = '';
        } else {
            // set the return codes and messages
            $validated = false;
            $validationMessage = 'Insertion of type "' . $TypeName . '" was not successful because duplicates were detected.</br></br>';
Пример #11
0
/**
name:sqlFormat
parm:string type
parm:any Value
parm:int Clip_Length
returns:string

Takes any input value and type and formats it for direct substitution
into a SQL string.  So for instance character values are escaped for
quotes and then surrounded by single quotes.  Numerics are returned
as-is, dates are formatted and so forth.

The optional third parameter specifies a maximum length for character
and varchar fields.  If it is non-zero, the value will be clipped to
that length.

If you use this command for every value received from the browser when
you build SQL queries, then your code will be safe from SQL Injection
attacks.  All framework commands that build queries use this command for
all literals provided to them.
*/
function sqlFormat($t, $v, $clip = 0)
{
    global $AG;
    switch ($t) {
        case 'mime-x':
            return "'" . base64_encode($v) . "'";
            break;
        case "char":
        case "vchar":
        case "text":
        case "url":
        case "obj":
        case "cbool":
        case 'ssn':
        case 'ph12':
        case "gender":
            if ($clip > 0 && strlen($v) > $clip) {
                $v = substr($v, 0, $clip);
            }
            return "'" . sqlEscapeString($v) . "'";
        case "mime-h":
            if ($clip > 0 && strlen($v) > $clip) {
                $v = substr($v, 0, $clip);
            }
            return "'" . base64_encode($v) . "'";
            break;
        case "dtime":
            if ($v == "") {
                return "null";
            } else {
                return "'" . date('r', tsFromAny($v)) . "'";
            }
            break;
        case "date":
        case "rdate":
            // A blank is sent as null to server
            if ($v == "") {
                return "null";
            }
            if ($v == '0') {
                return 'null';
            }
            // Try to detect case like 060507
            if (strlen($v) == 6 && strpos($v, '/') === false && strpos($v, '-') === false) {
                $year = substr($v, 4);
                $year = $year < 20 ? '20' . $year : '19' . $year;
                $v = substr($v, 0, 2) . '/' . substr($v, 2, 2) . '/' . $year;
                $v = strtotime($v);
            } elseif (strlen($v) == 8 && strpos($v, '/') === false && strpos($v, '-') === false) {
                if (substr($v, 0, 2) == '19' || substr($v, 0, 2) == '20') {
                    $v = substr($v, 0, 2) . '/' . substr($v, 2, 2) . '/' . substr($v, 4);
                } else {
                    $v = substr($v, 4, 2) . '/' . substr($v, 6, 2) . '/' . substr($v, 0, 4);
                }
                $v = strtotime($v);
            } elseif (!is_numeric($v)) {
                // A USA prejudice, assume they will always enter m-d-y, and
                // convert dashes to slashes so they can use dashes if they want
                $v = str_replace('-', '/', $v);
                $parts = explode('/', $v);
                if (count($parts) == 2) {
                    $parts = array($parts[0], 1, $parts[1]);
                }
                if (strlen($parts[0]) == 4) {
                    $parts = array($parts[1], $parts[2], $parts[0]);
                } elseif (strlen($parts[2]) == 2) {
                    $parts[2] = $parts[2] < 20 ? '20' . $parts[2] : '19' . $parts[2];
                }
                $v = implode('/', $parts);
                $v = strtotime($v);
            }
            // Any case not handled above we conclude was a unix timestamp
            // already.  So by now we are confident we have a unix timestamp
            return "'" . date('Y-m-d', $v) . "'";
            break;
        case "money":
        case "numb":
        case "int":
            if ($v == "") {
                return "0";
            } else {
                return sqlEscapeString(trim($v));
            }
        case "rtime":
        case "time":
            // Originally we were making users type this in, and here we tried
            // to convert it.  Now we use time drop-downs, which are nifty because
            // the display times while having values of numbers, so we don't need
            // this in some cases.
            //if (strpos($v,":")===false) {	return $v; }
            if ($v == '') {
                return 'null';
            }
            return $v;
            //$arr = explode(":",$v);
            //return ($arr[0]*60) + $arr[1];
    }
}
Пример #12
0
// include the dump utils
include_once 'DumpUtils.php';
// include the pulldown helpers
include_once "Pulldown.php";
// get the user info object from the session
$userInfo = getUserSessionObj();
// get whether they clicked proceed and a possible RBP database ID
getExtraParams(array("validationMessage", "CompanyData", "FoundersData", "FundingData", "NoteData", "ProductData", "ExecutiveData", "EventData", "SearchCompanyName", "SearchCompany", "companySelect", "ViewSelectedCompany", "CompanySearchResult"));
// set the title name to be displayed in the header
$title = "Enter Company ID";
$scripts = "<script type=\"text/javascript\" src=\"EnterCompanyID.js\" />";
if (isset($SearchCompany)) {
    // validation
    if (isset($SearchCompanyName) && !empty($SearchCompanyName)) {
        // search for company names
        $retVal = searchForCompanyName(sqlEscapeString($SearchCompanyName));
        // companies found
        if ($retVal[0]) {
            // set the validation error flag
            $validated = false;
            // reset the validation error message
            $validationMessage = '';
            // save the search results
            $CompanySearchResult = $retVal[1];
        } else {
            // set the validation error flag
            $validated = false;
            // set the validation error message
            $validationMessage = 'No Match Company was found.</br>';
            // save the search results
            $duplicatedFounder = $retVal[1];
Пример #13
0
            $validationMessage = 'No Match Company was found.</br>';
            // save the search results
            $duplicatedFounder = $retVal[1];
        }
    } else {
        // set the validation error flag
        $validated = false;
        // set the validation error message
        $validationMessage = "Please enter the first and last name.";
    }
}
// was the add selected company button hit
if (isset($AddSelectedCompany)) {
    // is there a selected company
    if (isset($companySelect) && !empty($companySelect) && is_numeric($companySelect)) {
        $retVal = checkForDuplicateRelationship(sqlEscapeString($companySelect), sqlEscapeString($FounderID));
        if ($retVal[0] == false) {
            // get the conpany object definition loaded
            include_once "FounderToCompanyJoin.cls.php";
            // create a new company object
            $founderToCompany = new FounderToCompanyJoin();
            // load the join object
            $founderToCompany->FounderID = $FounderID;
            $founderToCompany->CompanyID = $companySelect;
            // include the data access class
            include_once "SQLUtils.php";
            // init the return code
            $retVal = array(false, "Data not inserted");
            // insert the data
            $retVal = updateObject($founderToCompany);
            // set the return codes and messages
Пример #14
0
// set the title name to be displayed in the header
$title = "Merger Detail Information";
$scripts = "<script type=\"text/javascript\" src=\"MergerDetails.js\" />";
// add flag to detect pages that need update messages
$DirtyPageEnabled = true;
// the update button was hit
if (isset($Update)) {
    // create a new founder object
    $mergerObj = new Merger();
    // load the founder object with the page parameters
    $mergerObj->MergerID = sqlEscapeString($MergerID);
    $mergerObj->CompanyID = sqlEscapeString($CompanyID);
    $mergerObj->StateID = sqlEscapeString($StateID);
    $mergerObj->Date = sqlEscapeString($Date);
    $mergerObj->Amount = sqlEscapeString($Amount);
    $mergerObj->Source = sqlEscapeString($Source);
    // if the user added a suffix save it
    //if($Suffix != "-1")
    //$founderObj->Suffix = $Suffix;
    // include the data access class
    include_once "SQLUtils.php";
    // init the return code
    $retVal = array(false, "Data not inserted");
    // insert/update the data
    $retVal = updateObjectReturnID($mergerObj);
    // set the return codes and messages
    $validated = $retVal[0];
    // updateObjectReturnID returns an id. so set update successful text if so
    if ($validated) {
        $validationMessage = "Update successful";
    } else {
Пример #15
0
 $eventObj->ProductType = sqlEscapeString($ProductType);
 $eventObj->ECSource = sqlEscapeString($ECSource);
 $eventObj->S1 = sqlEscapeString($S1);
 $eventObj->S2 = sqlEscapeString($S2);
 $eventObj->S3 = sqlEscapeString($S3);
 $eventObj->S4 = sqlEscapeString($S4);
 $eventObj->S5 = sqlEscapeString($S5);
 $eventObj->S6 = sqlEscapeString($S6);
 $eventObj->S7 = sqlEscapeString($S7);
 $eventObj->S8 = sqlEscapeString($S8);
 $eventObj->S9 = sqlEscapeString($S9);
 $eventObj->S10 = sqlEscapeString($S10);
 $eventObj->S11 = sqlEscapeString($S11);
 $eventObj->S12 = sqlEscapeString($S12);
 $eventObj->S13 = sqlEscapeString($S13);
 $eventObj->S14 = sqlEscapeString($S14);
 // if the user added a suffix save it
 //if($Suffix != "-1")
 //$founderObj->Suffix = $Suffix;
 // include the data access class
 include_once "SQLUtils.php";
 // init the return code
 $retVal = array(false, "Data not inserted");
 // insert/update the data
 $retVal = updateObjectReturnID($eventObj);
 //error_log(print_r($retVal));
 // set the return codes and messages
 $validated = $retVal[0];
 // updateObjectReturnID returns an id. so set update successful text if so
 if ($validated) {
     $validationMessage = "Update successful";