1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168
| <?php
$dbhost = "127.0.0.1";
$dbuser = "repertoire";
$dbpassword = "repertoire";
$dbdatabase = "repertoire";
$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
mysql_query("SET NAMES 'utf8'");
if(isset($_POST['submit'])) {
if(((isset($_POST['validid'])) == TRUE) && ((empty($_POST['validid'])) == FALSE)) {
if(is_numeric($_POST['validid']) == FALSE) {
$error = 1;
}
if($error == 1) {
header("Location: " . $config_basedir);
}
else {
$validid = $_POST['validid'];
}
}
/* Verification si la fonction get_magic_quotes_gpc() est activé sur le Serveur, la fonction mysql_real_escape_string n'est plus utile dans ce cas */
if(get_magic_quotes_gpc()){
if($validid) {
$etab_mo_sql = "UPDATE etablissement SET
nom = '" . (isset($_POST['nom']) ? ($_POST['nom']): '') .
"', sigle = '" . (isset($_POST['sigle']) ? ($_POST['sigle']): '') .
"', statut ='" . (isset($_POST['statut']) ? ($_POST['statut']): '') .
"', autre ='" . (isset($_POST['autre']) ? ($_POST['autre']): '') .
"', type_etab = '" . (isset($_POST['type_etab']) ? ($_POST['type_etab']): '') .
"', presentation = '" . (isset($_POST['presentation']) ? ($_POST['presentation']): '') .
"', pays ='" . (isset($_POST['pays']) ? ($_POST['pays']): '') .
"', ville = '" . (isset($_POST['ville']) ? ($_POST['ville']): '') .
"', domaines = '" . (isset($_POST['domaines']) ? ($_POST['domaines']): '') .
"', genre_respo = '" . (isset($_POST['genre_respo']) ? ($_POST['genre_respo']): '') .
"', nom_respo = '" . (isset($_POST['nom_respo']) ? ($_POST['nom_respo']): '') .
"', adresse = '" . (isset($_POST['adresse']) ? ($_POST['adresse']): '') .
"', telephone = '" . (isset($_POST['telephone']) ? ($_POST['telephone']): '') .
"', couriel = '" . (isset($_POST['couriel']) ? ($_POST['couriel']): '') .
"', url = '" . (isset($_POST['url']) ? ($_POST['url']): '') .
"', ens_permanant =" . (isset($_POST['ens_permanant']) ? ($_POST['ens_permanant']): '') .
", ens_vacataire = " . (isset($_POST['ens_vacataire']) ? ($_POST['ens_vacataire']): '') .
", etd_fille = " . (isset($_POST['etd_fille']) ? ($_POST['etd_fille']): '') .
", etd_garcon = " . (isset($_POST['etd_garcon']) ? ($_POST['etd_garcon']): '') .
", etd_total = " . (isset($_POST['etd_total']) ? ($_POST['etd_total']): '') .
" WHERE id = ". $validid . ";";
$resultat = mysql_query($etab_mo_sql);
if($resultat) {
header("Location: " . $config_basedir . "/view_etab.php");
exit;
}
else {
$message = 'Requête invalide : ' . mysql_error() . "\n";
$message .= 'Requête complète : ' . $etab_mo_sql;
die($message);
}
}
else {
$etab_sql = "INSERT INTO etablissement(nom, sigle, statut, autre, type_etab, presentation, pays, ville, domaines, genre_respo, nom_respo, adresse, telephone, couriel, url, ens_permanant, ens_vacataire, etd_fille, etd_garcon, etd_total)
values('"
. (isset($_POST['nom']) ? ($_POST['nom']): '')
. "', '" . (isset($_POST['sigle']) ? ($_POST['sigle']): '')
. "', '" . (isset($_POST['statut']) ? ($_POST['statut']): '')
. "', '" . (isset($_POST['autre']) ? ($_POST['autre']): '')
. "', '" . (isset($_POST['type_etab']) ? ($_POST['type_etab']): '')
. "', '" . (isset($_POST['presentation']) ? ($_POST['presentation']): '')
. "', '" . (isset($_POST['pays']) ? ($_POST['pays']): '')
. "', '" . (isset($_POST['ville']) ? ($_POST['ville']): '')
. "', '" . (isset($_POST['domaines']) ? ($_POST['domaines']): '')
. "', '" . (isset($_POST['genre_respo']) ? ($_POST['genre_respo']): '')
. "', '" . (isset($_POST['nom_respo']) ? ($_POST['nom_respo']): '')
. "', '" . (isset($_POST['adresse']) ? ($_POST['adresse']): '')
. "', '" . (isset($_POST['telephone']) ? ($_POST['telephone']): '')
. "', '" . (isset($_POST['couriel']) ? ($_POST['couriel']): '')
. "', '" . (isset($_POST['url']) ? ($_POST['url']): '')
. "', '" . (isset($_POST['ens_permanant']) ? ($_POST['ens_permanant']): '')
. "', '" . (isset($_POST['ens_vacataire']) ? ($_POST['ens_vacataire']): '')
. "', '" . (isset($_POST['etd_fille']) ? ($_POST['etd_fille']): '')
. "', '" . (isset($_POST['etd_garcon']) ? ($_POST['etd_garcon']): '')
. "', '" . (isset($_POST['validid']) ? ($_POST['validid']): '')
. "' )";
$resultat = mysql_query($etab_sql);
if($resultat){
header("Location: " . $config_basedir . "/view_etab.php");
exit;
}
else{
$message = 'Requête invalide : ' . mysql_error() . "\n";
$message .= 'Requête complète : ' . $etab_sql;
die($message);
}
}
}
else{
if($validid) {
$etab_mo_sql = "UPDATE etablissement SET
nom = '" . (isset($_POST['nom']) ? (mysql_real_escape_string($_POST['nom'])): '') .
"', sigle = '" . (isset($_POST['sigle']) ? (mysql_real_escape_string($_POST['sigle'])): '') .
"', statut ='" . (isset($_POST['statut']) ? (mysql_real_escape_string($_POST['statut'])): '') .
"', autre ='" . (isset($_POST['autre']) ? (mysql_real_escape_string($_POST['autre'])): '') .
"', type_etab = '" . (isset($_POST['type_etab']) ? (mysql_real_escape_string($_POST['type_etab'])): '') .
"', presentation = '" . (isset($_POST['presentation']) ? (mysql_real_escape_string($_POST['presentation'])): '') .
"', pays ='" . (isset($_POST['pays']) ? (mysql_real_escape_string($_POST['pays'])): '') .
"', ville = '" . (isset($_POST['ville']) ? (mysql_real_escape_string($_POST['ville'])): '') .
"', domaines = '" . (isset($_POST['domaines']) ? (mysql_real_escape_string($_POST['domaines'])): '') .
"', genre_respo = '" . (isset($_POST['genre_respo']) ? (mysql_real_escape_string($_POST['genre_respo'])): '') .
"', nom_respo = '" . (isset($_POST['nom_respo']) ? (mysql_real_escape_string($_POST['nom_respo'])): '') .
"', adresse = '" . (isset($_POST['adresse']) ? (mysql_real_escape_string($_POST['adresse'])): '') .
"', telephone = '" . (isset($_POST['telephone']) ? (mysql_real_escape_string($_POST['telephone'])): '') .
"', couriel = '" . (isset($_POST['couriel']) ? (mysql_real_escape_string($_POST['couriel'])): '') .
"', url = '" . (isset($_POST['url']) ? (mysql_real_escape_string($_POST['url'])): '') .
"', ens_permanant =" . (isset($_POST['ens_permanant']) ? (mysql_real_escape_string($_POST['ens_permanant'])): '') .
", ens_vacataire = " . (isset($_POST['ens_vacataire']) ? (mysql_real_escape_string($_POST['ens_vacataire'])): '') .
", etd_fille = " . (isset($_POST['etd_fille']) ? (mysql_real_escape_string($_POST['etd_fille'])): '') .
", etd_garcon = " . (isset($_POST['etd_garcon']) ? (mysql_real_escape_string($_POST['etd_garcon'])): '') .
", etd_total = " . (isset($_POST['etd_total']) ? (mysql_real_escape_string($_POST['etd_total'])): '') .
" WHERE id = ". $validid . ";";
$resultat = mysql_query($etab_mo_sql);
if($resultat) {
header("Location: " . $config_basedir . "/view_etab.php");
exit;
}
else {
$message = 'Requête invalide : ' . mysql_error() . "\n";
$message .= 'Requête complète : ' . $etab_mo_sql;
die($message);
}
}
else {
$etab_sql = "INSERT INTO etablissement(nom, sigle, statut, autre, type_etab, presentation, pays, ville, domaines, genre_respo, nom_respo, adresse, telephone, couriel, url, ens_permanant, ens_vacataire, etd_fille, etd_garcon, etd_total)
values('"
. (isset($_POST['nom']) ? (mysql_real_escape_string($_POST['nom'])): '')
. "', '" . (isset($_POST['sigle']) ? (mysql_real_escape_string($_POST['sigle'])): '')
. "', '" . (isset($_POST['statut']) ? (mysql_real_escape_string($_POST['statut'])): '')
. "', '" . (isset($_POST['autre']) ? (mysql_real_escape_string($_POST['autre'])): '')
. "', '" . (isset($_POST['type_etab']) ? (mysql_real_escape_string($_POST['type_etab'])): '')
. "', '" . (isset($_POST['presentation']) ? (mysql_real_escape_string($_POST['presentation'])): '')
. "', '" . (isset($_POST['pays']) ? (mysql_real_escape_string($_POST['pays'])): '')
. "', '" . (isset($_POST['ville']) ? (mysql_real_escape_string($_POST['ville'])): '')
. "', '" . (isset($_POST['domaines']) ? (mysql_real_escape_string($_POST['domaines'])): '')
. "', '" . (isset($_POST['genre_respo']) ? (mysql_real_escape_string($_POST['genre_respo'])): '')
. "', '" . (isset($_POST['nom_respo']) ? (mysql_real_escape_string($_POST['nom_respo'])): '')
. "', '" . (isset($_POST['adresse']) ? (mysql_real_escape_string($_POST['adresse'])): '')
. "', '" . (isset($_POST['telephone']) ? (mysql_real_escape_string($_POST['telephone'])): '')
. "', '" . (isset($_POST['couriel']) ? (mysql_real_escape_string($_POST['couriel'])): '')
. "', '" . (isset($_POST['url']) ? (mysql_real_escape_string($_POST['url'])): '')
. "', '" . (isset($_POST['ens_permanant']) ? (mysql_real_escape_string($_POST['ens_permanant'])): '')
. "', '" . (isset($_POST['ens_vacataire']) ? (mysql_real_escape_string($_POST['ens_vacataire'])): '')
. "', '" . (isset($_POST['etd_fille']) ? (mysql_real_escape_string($_POST['etd_fille'])): '')
. "', '" . (isset($_POST['etd_garcon']) ? (mysql_real_escape_string($_POST['etd_garcon'])): '')
. "', '" . (isset($_POST['etd_total']) ? (mysql_real_escape_string($_POST['etd_total'])): '')
. "' )";
$resultat = mysql_query($etab_sql);
if($resultat){
header("Location: " . $config_basedir . "/view_etab.php");
exit;
}
else{
$message = 'Requête invalide : ' . mysql_error() . "\n";
$message .= 'Requête complète : ' . $etab_sql;
die($message);
}
}
}
}
ob_end_flush();
?> |
Partager