D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
home
/
diafrica
/
result.dominicaninstitute.org
/
back_up
/
Filename :
forall.php
back
Copy
<?php function getst($theValue) { //unset($temp); $theValue = trim($theValue); $theValue = stripslashes($theValue); //if($theValue!=""){ //if(preg_match('/^[a-zA-Z0-9^$.*+\[\]{,}]/u',$theValue)) $temp=$theValue; //if(!isset($temp)){echo "Sorry! Wrong Data!"; exit();} //} //$theValue=$temp; //$new_string=urlencode ($theValue); //$new_string=ereg_replace("%0D", "<br>", $new_string); //$new_string=ereg_replace("%22", """, $new_string); //$new_string=ereg_replace("%27", "'", $new_string); //$new_string=ereg_replace("%5C", "", $new_string); //$theValue=urldecode ($new_string); return $theValue; } function getva($theValue) { unset($temp); $theValue = trim($theValue); if($theValue!=""){ if(preg_match('/^[0-9]/u',$theValue)){ settype($theValue, 'int'); $temp=(int)$theValue; } if(!isset($temp)){echo "Sorry! Wrong Data!"; exit();} } $theValue=$temp; $new_string=urlencode ($theValue); $new_string=ereg_replace("%0D", "<br>", $new_string); $new_string=ereg_replace("%22", """, $new_string); $new_string=ereg_replace("%27", "'", $new_string); $theValue=urldecode ($new_string); return $theValue; } function generateCode($characters) { /* list all possible characters, similar looking characters and vowels have been removed */ $possible = '23456789bcdfghjkmnpqrstvwxyzBCDFGHJKMNPQRSTVWXYZ'; $code = ''; $i = 0; while ($i < $characters) { $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1); $i++; } return $code; } if(isset($_POST['addfaculty'])){ for($k=1;$k<=10;$k++){ $dnameadd='nameadd'.$k; $dmembers='dean'.$k; if($_POST[$dnameadd]!=''){ $nameadd=getst($_POST[$dnameadd]); $members=getst($_POST[$dmembers]); $status="No"; $sql=sprintf("insert into faculties (namer, dean, archived) VALUES ('%s', '%s', '%s')", mysql_real_escape_string($nameadd), mysql_real_escape_string($members), mysql_real_escape_string($status)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editfaculty'])){ $nameadd=getst($_POST['nameadd']); $members=getst($_POST['members']); $id=getva($_POST['sn']); $sql=sprintf("update faculties set namer='%s', dean='%s' where sn = %s", mysql_real_escape_string($nameadd), mysql_real_escape_string($members), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['adddepartment'])){ for($k=1;$k<=10;$k++){ $dnameadd='nameadd'.$k; $dmembers='hod'.$k; $dstatus='status'.$k; if($_POST[$dnameadd]!=''){ $status=getst($_POST[$dstatus]); $nameadd=getst($_POST[$dnameadd]); $members=getst($_POST[$dmembers]); $sql=sprintf("insert into departments (namer, hod, facultysn, archived) VALUES ('%s', '%s', '%s', 'No')", mysql_real_escape_string($nameadd), mysql_real_escape_string($members), mysql_real_escape_string($status)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editdepartment'])){ $nameadd=getst($_POST['nameadd']); $members=getst($_POST['members']); $facultysn=getst($_POST['facultysn']); $id=getva($_POST['sn']); $sql=sprintf("update departments set namer='%s', hod='%s', facultysn='$facultysn' where sn = %s", mysql_real_escape_string($nameadd), mysql_real_escape_string($members), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addprogramme'])){ for($k=1;$k<=10;$k++){ $dnameadd='namer'.$k; $dtyper='typer'.$k; $dstatus='status'.$k; $ddept='dept'.$k; $dofficer='officer'.$k; $dpass='pass'.$k; if($_POST[$dnameadd]!=''){ $status=getst($_POST[$dstatus]); $nameadd=getst($_POST[$dnameadd]); $dept=getst($_POST[$ddept]); $typer=getst($_POST[$dtyper]); $officer=getst($_POST[$dofficer]); $pass=getst($_POST[$dpass]); $sql=sprintf("insert into programmes (namer, numberofyears, departmentsn, typer, archived, username, passwrd) VALUES ('%s', '%s', '%s', '%s', 'No', '%s', '%s')", mysql_real_escape_string($nameadd), mysql_real_escape_string($status), mysql_real_escape_string($dept), mysql_real_escape_string($typer), mysql_real_escape_string($officer), mysql_real_escape_string($pass)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editprogramme'])){ $nameadd=getst($_POST['nameadd']); $typer=getst($_POST['typer']); $status=getst($_POST['status']); $departmentsn=getst($_POST['departmentsn']); $officer=getst($_POST['officer']); $pass=getst($_POST['pass']); $id=getva($_POST['sn']); $sql=sprintf("update programmes set namer='%s', typer='%s', numberofyears='%s', departmentsn='$departmentsn', username='%s', passwrd='%s' where sn = %s", mysql_real_escape_string($nameadd), mysql_real_escape_string($typer), mysql_real_escape_string($status), mysql_real_escape_string($officer), mysql_real_escape_string($pass), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addlecturer'])){ for($k=1;$k<=10;$k++){ $dnameadd='namer'.$k; $dtyper='user'.$k; $dstatus='pass'.$k; $ddept='deptsn'.$k; if($_POST[$dnameadd]!=''){ $status=getst($_POST[$dstatus]); $nameadd=getst($_POST[$dnameadd]); $dept=getst($_POST[$ddept]); $typer=getst($_POST[$dtyper]); $sql=sprintf("insert into lecturers (namer, passwrd, departmentsn, username, archived) VALUES ('%s', '%s', '%s', '%s', 'No')", mysql_real_escape_string($nameadd), mysql_real_escape_string($status), mysql_real_escape_string($dept), mysql_real_escape_string($typer)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editlecturer'])){ $nameadd=getst($_POST['nameadd']); $typer=getst($_POST['username']); $status=getst($_POST['passwrd']); $departmentsn=getst($_POST['departmentsn']); $id=getva($_POST['sn']); $sql=sprintf("update lecturers set namer='%s', username='%s', passwrd='%s', departmentsn='$departmentsn' where sn = %s", mysql_real_escape_string($nameadd), mysql_real_escape_string($typer), mysql_real_escape_string($status), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addcourse'])){ for($k=1;$k<=10;$k++){ $dnameadd='namer'.$k; $dtyper='unit'.$k; $dstatus='status'.$k; $ddept='code'.$k; if($_POST[$dnameadd]!=''){ $status=getst($_POST[$dstatus]); $nameadd=getst($_POST[$dnameadd]); $dept=getst($_POST[$ddept]); $typer=getst($_POST[$dtyper]); $dept=strtoupper($dept); $sql=sprintf("insert into courses (namer, status, code, unit, archived) VALUES ('%s', '%s', '%s', '%s', 'No')", mysql_real_escape_string($nameadd), mysql_real_escape_string($status), mysql_real_escape_string($dept), mysql_real_escape_string($typer)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editcourse'])){ $nameadd=getst($_POST['nameadd']); $typer=getst($_POST['code']); $status=getst($_POST['status']); $departmentsn=getst($_POST['unit']); $id=getva($_POST['sn']); $sql=sprintf("update courses set namer='%s', code='%s', status='%s', unit='$departmentsn' where sn = %s", mysql_real_escape_string($nameadd), mysql_real_escape_string($typer), mysql_real_escape_string($status), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['addstudent'])){ for($k=1;$k<=10;$k++){ $dmatric='matric'.$k; $dpass='pass'.$k; $dsur='sur'.$k; $dfir='fir'.$k; $doth='oth'.$k; $dyea='yea'.$k; $dprogsn='progsn'.$k; $ddob='dob'.$k; $dde='de'.$k; if($_POST[$dmatric]!=''){ $matric=getst($_POST[$dmatric]); $pass=getst($_POST[$dpass]); $sur=getst($_POST[$dsur]); $fir=getst($_POST[$dfir]); $oth=getst($_POST[$doth]); $yea=getst($_POST[$dyea]); $progsn=getst($_POST[$dprogsn]); $dob=getst($_POST[$ddob]); $de=getst($_POST[$dde]); $matric=strtoupper($matric); $sql=sprintf("insert into students (matric, passwrd, surname, firstname, othernames, dob, programmesn, de, yearofentry, archived) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 'No')", mysql_real_escape_string($matric), mysql_real_escape_string($pass), mysql_real_escape_string($sur), mysql_real_escape_string($fir), mysql_real_escape_string($oth), mysql_real_escape_string($dob), mysql_real_escape_string($progsn), mysql_real_escape_string($de), mysql_real_escape_string($yea)); if (mysql_query($sql)){ $bb=$bb . "<p>Record ".$k.", Successfully added</p>"; } else { $bb=$bb . "<p>Unable to create Record ".$k.": " . mysql_error() . "</p>"; } } } } if(isset($_POST['editstudent'])){ $matric=getst($_POST['matric']); $passwrd=getst($_POST['passwrd']); $surname=getst($_POST['surname']); $firstname=getst($_POST['firstname']); $othernames=getst($_POST['othernames']); $yearofentry=getst($_POST['yearofentry']); $programmesn=getst($_POST['programmesn']); $dob=getst($_POST['dob']); $de=getst($_POST['de']); $id=getva($_POST['sn']); $sql=sprintf("update students set matric='%s', passwrd='%s', surname='%s', firstname='%s', othernames='%s', yearofentry='%s', programmesn='%s', dob='%s', de='%s' where sn = %s", mysql_real_escape_string($matric), mysql_real_escape_string($passwrd), mysql_real_escape_string($surname), mysql_real_escape_string($firstname), mysql_real_escape_string($othernames), mysql_real_escape_string($yearofentry), mysql_real_escape_string($programmesn), mysql_real_escape_string($dob), mysql_real_escape_string($de), mysql_real_escape_string($id)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } if(isset($_POST['changematric'])){ $oldmatric=getst($_POST['oldmatric']); $newmatric=getst($_POST['newmatric']); $sql="select * from students where matric='".$newmatric."'"; $result=mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_assoc($result); $numfeli = mysql_num_rows($result); if($numfeli==0){ $sql=sprintf("update students set matric='%s' where matric='%s'", mysql_real_escape_string($newmatric), mysql_real_escape_string($oldmatric)); if (mysql_query($sql)){ $bb="<p>Record Successfully Edited</p>"; $sql=sprintf("update studentsexisting set matric='%s' where matric='%s'", mysql_real_escape_string($newmatric), mysql_real_escape_string($oldmatric)); $result=@mysql_query($sql); $sql=sprintf("update coursesregistered set matric='%s' where matric='%s'", mysql_real_escape_string($newmatric), mysql_real_escape_string($oldmatric)); $result=@mysql_query($sql); $sql=sprintf("update coursesregisteredall set matric='%s' where matric='%s'", mysql_real_escape_string($newmatric), mysql_real_escape_string($oldmatric)); $result=@mysql_query($sql); $sql=sprintf("update tempstudents set matric='%s' where matric='%s'", mysql_real_escape_string($newmatric), mysql_real_escape_string($oldmatric)); $result=@mysql_query($sql); $sql=sprintf("update tempgraduating set matric='%s' where matric='%s'", mysql_real_escape_string($newmatric), mysql_real_escape_string($oldmatric)); $result=@mysql_query($sql); } else { $bb="<p>Unable to edit your record: " . mysql_error() . "</p>"; } } else {$bb="<p>The new matric number <b>".$newmatric."</b> already belongs to another student!</p>";} } ?>