function createProject() { $account = getAccount(); $projdue = tryRetrieve($_POST, 'projDue'); $projtime = strtotime($projdue); $duedate = sqlsafe(date("Y-m-d H:i:s", $projtime)); $title = sqlSafe(tryRetrieve($_POST, 'projName')); //$notes = sqlSafe(tryRetrieve($_POST, 'projNotes')); $query = "INSERT INTO projects (account_id, duedate, title) VALUES ({$account}, {$duedate}, {$title})"; if (writeQuery($query)) { $id = getInsertID(); //Now give the project a hash $hash = sqlSafe(hash('adler32', $id)); $query = "UPDATE projects SET hash={$hash} where id='{$id}'"; if (writeQuery($query)) { $_SESSION['project'] = $id; return getProjectInfo(); } } return null; }
$sql = "usp_Insert_NewService " . $_POST["ChooseClientID"] . ", " . $_POST["ChooseJobSiteID"] . ", " . $_POST["ChooseProposalID"] . ", "; if (isset($_POST["InvoiceDate"]) and isset($_POST["TimeIn"])) { $sql .= "'" . $_POST["InvoiceDate"] . " " . $_POST["TimeIn"] . "', "; } $sql .= $_POST["LaborTime"] . ", " . $_POST["TravelTime"] . ", "; if (isset($_POST["Contractual"])) { $sql .= "'Y', "; } else { $sql .= "'N', "; } if (isset($_POST["Complete"])) { $sql .= "'Y', "; } else { $sql .= "'N', "; } $sql .= "'" . sqlsafe($_POST["Description"]) . "'"; $foo = $sql; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); $zax = "A"; while (odbc_fetch_row($rs)) { $zax = "B"; $ServiceID = odbc_result($rs, "ServiceID"); $ServiceDetailID = odbc_result($rs, "ServiceDetailID"); } /* while($row=odbc_fetch_array($rs)){ $zax="B"; $ServiceID = $row["ServiceID"]; $ServiceDetailID = $row["ServiceDetailID"]; }
$FieldString = "DateType"; $ViewString = "Date Type"; $ini_array = parse_ini_file("incl/edl.ini"); include "header.php"; header("Cache: private"); $CurrentID = 0; if (isset($_POST[$SelectedID])) { $CurrentID = $_POST[$SelectedID]; } if (isset($_POST["Submit"])) { if (isset($_POST["Active"])) { $Active = "Y"; } else { $Active = "N"; } $sql = $UpdateSP . " '" . sqlsafe($_POST["TheString"]) . "', '" . $Active . "'"; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg(), $sql); while ($row = odbc_fetch_array($rs)) { $CurrentID = $row["NewID"]; } odbc_free_result($rs); odbc_close($conn); } echo $HEAD; echo "<div class='main' id='main'>"; echo "<span class='title2'>" . $ViewString . "</span><br><br>"; echo "<form action='" . $PageName . "' method='post' name='List' id='List'>"; $sql = $ListSP; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg(), $sql);
while ($row = odbc_fetch_array($rs)) { $ProposalID = $row['NewID']; $JobSiteID = $row['JobSiteID']; } odbc_close($conn); } if (isset($_REQUEST["PID"])) { $ProposalID = $_REQUEST["PID"]; } if (isset($_POST["ProposalID"])) { $ProposalID = $_POST["ProposalID"]; } if (isset($_POST['Submit'])) { if ($_POST['Submit'] == "Save") { $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $sql = "usp_Insert_ProposalInformation " . $_POST["ProposalID"] . ", " . $_POST["JobSiteID"] . ", " . $_POST["PlantMarkup"] . ", " . $_POST["LaborCostPerHour"] . ", '" . sqlsafe($_POST["ProposalName"]) . "', '" . $_POST["DueDate"] . "', '" . $_POST["ShowDetail"] . "'"; $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } if ($_POST['Submit'] == "Add") { $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $sql = "usp_Insert_ProposalDetail " . $_POST["ProposalID"] . ", " . $_POST["WorkItemID"] . ", " . $_POST["Units"] . ", " . $_POST["Cost"] . ", '" . SQLSafe($_POST["Detail"]) . "'"; $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } //if ($_POST['Submit'] == "Note") { // $conn=odbc_connect($ini_array["DSN"],$ini_array["UN"],$ini_array["PWD"]); // $sql = "usp_Insert_ProposalText ".$_POST["ProposalID"].", '".SQLSafe($_POST["Description"])."'"; // $rs=odbc_exec($conn,$sql) or die_well(__FILE__, __LINE__,odbc_errormsg()); // odbc_close($conn); //}
if ($_POST["Submit"] == "Edit") { $ClientID = $_POST["ClientID"]; $sql = "usp_Update_Client " . $_POST["ClientID"] . ", " . $_POST["SexID"] . ", '" . $_POST["CompanyName"] . "', '" . $_POST["FirstName"] . "', '" . $_POST["MiddleName"] . "', '" . $_POST["LastName"] . "', '" . $_POST["Title"] . "', '" . $_POST["Active"] . "'"; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } if ($_POST["Submit"] == "Add Address") { $sql = "usp_Insert_ClientAddresses " . $_POST["ClientID"] . ", " . $_POST["AddressTypeID"] . ", " . $_POST["StreetTypeID"] . ", " . $_POST["UnitTypeID"] . ", '" . sqlsafe($_POST["House"]) . "', '" . $_POST["Direction"] . "', '" . sqlsafe($_POST["Street"]) . "', '" . sqlsafe($_POST["Unit"]) . "', '" . sqlsafe($_POST["City"]) . "', '" . $_POST["State"] . "', '" . sqlsafe($_POST["Zip"]) . "'"; $foo = $sql; $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } if ($_POST["Submit"] == "Add Number") { if ($_POST["NumberTypeID"] > 0 and strlen($_POST["Number"]) > 0) { $sql = "usp_Insert_ClientNumber " . $ClientID . ", " . $_POST["NumberTypeID"] . ", '" . sqlsafe($_POST["Number"]) . "'"; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } } } ?> <div class='main' id='main'> <span class='title2'>Clients</span> <?php /* echo "<br>"; echo print_r($_POST); echo "<br>"; echo print_r($_REQUEST);
$DisplayOrder = 0; } if (isset($_POST["JobDescription"])) { $JobDescription = sqlsafe($_POST["JobDescription"]); } else { $JobDescription = ""; } if ($_POST["Submit"] == "Edit") { $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $sql = "usp_Update_JobDescription " . $_POST["DescriptionList"] . ", " . $DisplayOrder . ", '" . $_POST["JobTitle"] . "', '" . $JobDescription . "', '" . $FieldWork . "', '" . $Active . "'"; $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg(), $sql); odbc_free_result($rs); } if ($_POST["Submit"] == "Add") { $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $sql = "usp_Insert_JobDescription " . $DisplayOrder . ", '" . sqlsafe($_POST["JobTitle"]) . "', '" . $JobDescription . "', '" . $FieldWork . "', '" . $Active . "'"; $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg(), $sql); while ($row = odbc_fetch_array($rs)) { $JobDescriptionID = $row["NewID"]; } odbc_free_result($rs); } } if (isset($_POST["DescriptionList"])) { $JobDescriptionID = $_POST["DescriptionList"]; } ?> <div class='main' id='main'> <span class='title2'>Job Descriptions</span><br><br> <?php echo "<form action='JobDescriptions.php' method='post' name='ListChoice' id='ListChoice'>";
$conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } if ($_POST["Submit"] == "Add Number") { if ($_POST["NumberTypeID"] > 0 and strlen($_POST["Number"]) > 0) { $sql = "usp_Insert_JobsiteNumber " . $JobSiteID . ", " . $_POST["NumberTypeID"] . ", '" . sqlsafe($_POST["Number"]) . "'"; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } } if ($_POST["Submit"] == "Add Note") { if (strlen($_POST["Note"]) > 0) { //debug add the employee number here. $sql = "usp_Insert_JobsiteNote " . $JobSiteID . ", 0, '" . sqlsafe($_POST["Note"]) . "'"; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } } } ?> <div class='main' id='main'> <span class='title2'>Job Sites</span><br><br> <?php //if (isset($foo)) {echo "|".$foo."|<br>";} //echo print_r($_POST); echo "<form action='jobsites.php' method='post' name='List' id='List'>"; $sql = "usp_Select_ClientList_All"; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]);
$sql = "usp_Insert_EmployeeAddresses " . $EmployeeID . ", " . $_POST["AddressTypeID"] . ", " . $_POST["StreetTypeID"] . ", " . $_POST["UnitTypeID"] . ", '" . sqlsafe($_POST["House"]) . "', '" . $_POST["Direction"] . "', '" . sqlsafe($_POST["Street"]) . "', '" . sqlsafe($_POST["Unit"]) . "', '" . sqlsafe($_POST["City"]) . "', '" . $_POST["State"] . "', '" . sqlsafe($_POST["Zip"]) . "'"; $foo = $sql; $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } if ($_POST["Submit"] == "Add Number") { if ($_POST["NumberTypeID"] > 0 and strlen($_POST["Number"]) > 0) { $sql = "usp_Insert_EmployeeNumber " . $EmployeeID . ", " . $_POST["NumberTypeID"] . ", '" . sqlsafe($_POST["Number"]) . "'"; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } } if ($_POST["Submit"] == "Add Date") { if ($_POST["DateTypeID"] > 0) { $sql = "usp_Insert_EmployeeDate " . $EmployeeID . ", " . $_POST["DateTypeID"] . ", '" . sqlsafe($_POST["Date"]) . "'"; $conn = odbc_connect($ini_array["DSN"], $ini_array["UN"], $ini_array["PWD"]); $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg()); odbc_close($conn); } } } echo $HEAD; ?> <div class='main' id='main'> <span class='title2'>Employees</span><br><br> <?php //echo print_r($_POST); echo "<form action='employees.php' method='post' name='ListChoice' id='ListChoice'>"; $sql = "usp_select_EmployeeList_all"; $rs = odbc_exec($conn, $sql) or die_well(__FILE__, __LINE__, odbc_errormsg());