|
 |
| |
ช่วยดู code ให้หน่อยครับ ว่าทำไม่ไม่เช็ดค่าที่ช้ำ ทำไหมถึงบันทึกข้อมูลได้ครับ |
| |
 |
|
|
 |
 |
|
Code (PHP)
<?php
$strSQL = "SELECT * FROM telephone WHERE user = '".$_POST["user"]."'or '".$_POST["pass"]."'";
$objQuery = mysql_query($strSQL);
$objResult = mysql_query($objQuery);
if($objResult)
{
echo "<script language=\"JavaScript\" type=\"text/JavaScript\">alert('มีผู้ใช้งานแล้ว') </script> ";
echo "</script>";
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=main.php?case_i=6\">";
exit();
}
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO telephone (Telephone_ID, `user`, pass, t_name, t_surname, Status) VALUES (%s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['Telephone_ID'], "int"),
GetSQLValueString($_POST['user'], "text"),
GetSQLValueString($_POST['pass'], "text"),
GetSQLValueString($_POST['t_name'], "text"),
GetSQLValueString($_POST['t_surname'], "text"),
GetSQLValueString($_POST['Status'], "text"));
mysql_select_db($database_stu, $stu);
mysql_query("SET NAMES 'UTF8'");
$Result1 = mysql_query($insertSQL, $stu) or die(mysql_error());
{
echo "<script language=\"JavaScript\" type=\"text/JavaScript\">alert('เพิ่มผู้ใช้งานแล้ว') </script> ";
echo "</script>";
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=main.php?case_i=6\">";
exit();
}
Tag : PHP
|
|
|
 |
 |
 |
 |
| Date :
2015-05-28 20:07:20 |
By :
panyaadd |
View :
576 |
Reply :
2 |
|
 |
 |
 |
 |
|
|
|
|
 |
 |
|
 |
 |
| |
|
|
|
| |
|
ให้คำสั่งมันอยู่ในลูปเงื่อนไขเดียวกันครับ
Code
<?php
$strSQL = "SELECT * FROM telephone WHERE user = '".$_POST["user"]."'or '".$_POST["pass"]."'";
$objQuery = mysql_query($strSQL);
$objResult = mysql_query($objQuery);
if($objResult)
{
echo "<script language=\"JavaScript\" type=\"text/JavaScript\">alert('มีผู้ใช้งานแล้ว') </script> ";
echo "</script>";
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=main.php?case_i=6\">";
exit();
} else {
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO telephone (Telephone_ID, `user`, pass, t_name, t_surname, Status) VALUES (%s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['Telephone_ID'], "int"),
GetSQLValueString($_POST['user'], "text"),
GetSQLValueString($_POST['pass'], "text"),
GetSQLValueString($_POST['t_name'], "text"),
GetSQLValueString($_POST['t_surname'], "text"),
GetSQLValueString($_POST['Status'], "text"));
mysql_select_db($database_stu, $stu);
mysql_query("SET NAMES 'UTF8'");
$Result1 = mysql_query($insertSQL, $stu) or die(mysql_error());
{
echo "<script language=\"JavaScript\" type=\"text/JavaScript\">alert('เพิ่มผู้ใช้งานแล้ว') </script> ";
echo "</script>";
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=main.php?case_i=6\">";
exit();
}
}
}
?>
|
| |
|
|
| |
| Date :
2015-05-28 22:14:32 |
By :
arm8957 |
|
|
| |
|
|
|
|
|
| |
|
|
|
|
|
| |
|
 Load balance : Server 02
|
