CodingForums.com - View Single Post

willscarlet · 12-18-2012, 08:18 PM

Fantastic, this is working great so far. you guys are awesome. I promise after this project I am never messing with PHP and MsSQL again, going back to MySQL, maybe I wont have to bug you guys as much then

anyways thanks a bunch. Ima go make a new post.

PHP Code:


			
<?php

include 'includes/db/connect.php';



error_reporting(E_ALL); 

ini_set("display_errors", "on");



/**

First thing, we create a function that will make your data safe! 

**/ 

function mssql_escape($data) { 

    if(is_numeric($data)) 

        return $data; 

    $unpacked = unpack('H*hex', $data); 

    return '0x' . $unpacked['hex']; 

} 



if (isset($_POST['LOWNUMBER'])) {

    

    $aAllowed = array(    'StreetPrefix', 

                        'StreetName', 

                        'StreetSuffix', 

                        'StreetPostDir', 

                        'COMMUNITY',

                        'LOWNUMBER',

                        'HighNumber',

                        'EOB',

                        'ESN',

                        'TELCO',

                        'PostOffice',

                        'ZONE',

                        'MAP',

                        'DateEntered',

                        'DateUpdated',

                        'Comment',

                        ); // all the allowed items.

function removeUnknowns(&$item, $key, array $aAllowed)

{

    if (!in_array($key, $aAllowed))

    {

        $item = "";

    }

}



$aSubmitted = $_POST;

array_walk($aSubmitted, 'removeUnknowns', $aAllowed);

$aSubmitted = array_filter($aSubmitted);



$sFields = implode('], [', array_keys($aSubmitted));

$sReplacement = rtrim(str_repeat('?, ', count($aSubmitted)), ', ');

$sQry = "INSERT INTO [MSAG] ([$sFields]) VALUES ($sReplacement)";



if (false === ($stmt = sqlsrv_query($conn, $sQry, array_values($aSubmitted))))

{

    die(print_r(sqlsrv_errors(), true));

}  



}

?>



<?php include 'includes/head/head_main.php'; ?> 



<div id = "top_content"> 

<body> 



<?php include 'includes/header/header_main.php'; ?> 



<h1>Add New Record</h1> 



<div id = "enter_record"> 



</center> 

<div id = "modify"> 



<form id="login" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method = "post" >



<table>

<tr>

<td>Pre Dir:    <br><input type="text" name="StreetPrefix"> <br></td>

<td>Street:     <br><input type="text" name="StreetName"> <br></td>

<td>Suffix:     <br><input type="text" name="StreetSuffix"> <br></td>

<td>Post Dir:   <br><input type="text" name="StreetPostDir"> <br></td>

<td>Community:  <br><input type="text" name="COMMUNITY"> <br></td>

</tr></table>

<br>



<table>

<tr>

<td>Low:    <br><input type="text" name="LOWNUMBER"> <br></td>

<td>High:   <br><input type="text" name="HighNumber"> <br></td>

<td>EOB:    <br><input type="text" name="EOB"> <br></td>

<td>ESN:    <br><input type="text" name="ESN"> <br></td>

</tr>

</table>

<br>



<table>

<tr>

<td>Telco:  <br><input type="text" name="TELCO"> <br></td>

<td>ZIP:    <br><input type="text" name="PostOffice"> <br></td>

<td>Zone:   <br><input type="text" name="ZONE"> <br></td>

<td>Map:    <br><input type="text" name="MAP"> <br></td>

</tr>

</table>

<br>



<table> 

<tr> 

<td>Entered:    <br><input type="text" name="DateEntered"> <br></td> 

<td>Modified:   <br><input type="text" name="DateUpdated"> <br></td> 

</tr> 

</table> 

<br> 



<table> 

<tr> 

<td>Comments:    <br><input type="text" name="Comment"> <br></td> 

</tr> 

</table> 

<br> 

</div> 



<input type="submit" align = "left" name="submit" value="Submit"/> 

</table> 



</form> 

<br>     



</div>

12-18-2012, 08:18 PM	PM User \| #52
willscarlet New Coder Join Date: Aug 2012 Posts: 65 Thanks: 5 Thanked 0 Times in 0 Posts	Fantastic, this is working great so far. you guys are awesome. I promise after this project I am never messing with PHP and MsSQL again, going back to MySQL, maybe I wont have to bug you guys as much then anyways thanks a bunch. Ima go make a new post. PHP Code: <?php include 'includes/db/connect.php'; error_reporting(E_ALL); ini_set("display_errors", "on"); / First thing, we create a function that will make your data safe! / function mssql_escape($data) { if(is_numeric($data)) return $data; $unpacked = unpack('H*hex', $data); return '0x' . $unpacked['hex']; } if (isset($_POST['LOWNUMBER'])) { $aAllowed = array( 'StreetPrefix', 'StreetName', 'StreetSuffix', 'StreetPostDir', 'COMMUNITY', 'LOWNUMBER', 'HighNumber', 'EOB', 'ESN', 'TELCO', 'PostOffice', 'ZONE', 'MAP', 'DateEntered', 'DateUpdated', 'Comment', ); // all the allowed items. function removeUnknowns(&$item, $key, array $aAllowed) { if (!in_array($key, $aAllowed)) { $item = ""; } } $aSubmitted = $_POST; array_walk($aSubmitted, 'removeUnknowns', $aAllowed); $aSubmitted = array_filter($aSubmitted); $sFields = implode('], [', array_keys($aSubmitted)); $sReplacement = rtrim(str_repeat('?, ', count($aSubmitted)), ', '); $sQry = "INSERT INTO [MSAG] ([$sFields]) VALUES ($sReplacement)"; if (false === ($stmt = sqlsrv_query($conn, $sQry, array_values($aSubmitted)))) { die(print_r(sqlsrv_errors(), true)); } } ?> <?php include 'includes/head/head_main.php'; ?> <div id = "top_content"> <body> <?php include 'includes/header/header_main.php'; ?> <h1>Add New Record</h1> <div id = "enter_record"> </center> <div id = "modify"> <form id="login" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method = "post" > <table> <tr> <td>Pre Dir: <br><input type="text" name="StreetPrefix"> <br></td> <td>Street: <br><input type="text" name="StreetName"> <br></td> <td>Suffix: <br><input type="text" name="StreetSuffix"> <br></td> <td>Post Dir: <br><input type="text" name="StreetPostDir"> <br></td> <td>Community: <br><input type="text" name="COMMUNITY"> <br></td> </tr></table> <br> <table> <tr> <td>Low: <br><input type="text" name="LOWNUMBER"> <br></td> <td>High: <br><input type="text" name="HighNumber"> <br></td> <td>EOB: <br><input type="text" name="EOB"> <br></td> <td>ESN: <br><input type="text" name="ESN"> <br></td> </tr> </table> <br> <table> <tr> <td>Telco: <br><input type="text" name="TELCO"> <br></td> <td>ZIP: <br><input type="text" name="PostOffice"> <br></td> <td>Zone: <br><input type="text" name="ZONE"> <br></td> <td>Map: <br><input type="text" name="MAP"> <br></td> </tr> </table> <br> <table> <tr> <td>Entered: <br><input type="text" name="DateEntered"> <br></td> <td>Modified: <br><input type="text" name="DateUpdated"> <br></td> </tr> </table> <br> <table> <tr> <td>Comments: <br><input type="text" name="Comment"> <br></td> </tr> </table> <br> </div> <input type="submit" align = "left" name="submit" value="Submit"/> </table> </form> <br> </div>