1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
| if($HTTP_SERVER_VARS['REQUEST_METHOD']=="POST")
{
/**** SERVER VALIDATION ****/
if(!(chk($HTTP_POST_VARS['member_id'],"IsSelected")))
$error_msg.= "- Please select a Dealer<br>";
if(!(chk($HTTP_POST_VARS['stock'],"IsNotEmpty")))
$error_msg.= "- Please enter a Stock number<br>";
if(!(chk($HTTP_POST_VARS['year'],"IsNotEmpty,IsNumber")))
$error_msg.= "- Please enter a Year<br>";
if(!(chk($HTTP_POST_VARS['model'],"IsNotEmpty")))
$error_msg.= "- Please enter a Make<br>";
if(!(chk($HTTP_POST_VARS['type'],"IsNotEmpty")))
$error_msg.= "- Please enter a Model<br>";
if(!(chk($HTTP_POST_VARS['engine'],"IsNotEmpty")))
$error_msg.= "- Please enter an Engine<br>";
if(!(chk($HTTP_POST_VARS['trans'],"IsNotEmpty")))
$error_msg.= "- Please enter a Trans<br>";
if(!(chk($HTTP_POST_VARS['drive'],"IsNotEmpty")))
$error_msg.= "- Please enter a Drive<br>";
if(!(chk($HTTP_POST_VARS['color'],"IsNotEmpty")))
$error_msg.= "- Please enter a Color<br>";
if(!(chk($HTTP_POST_VARS['millage'],"IsNotEmpty,IsNumber")))
$error_msg.= "- Please enter a valid numeric value for Mileage<br>";
if(!(chk($HTTP_POST_VARS['price'],"IsMoney")))
$error_msg.= "- Please enter a valid money value for Price<br>";
/*
if(!(chk($HTTP_POST_VARS['low'],"IsMoney")))
$error_msg.= "- Please enter a valid money value for Low Book<br>";
if(!(chk($HTTP_POST_VARS['high'],"IsMoney")))
$error_msg.= "- Please enter a valid money value for High Book<br>";
*/
if(!(chk($HTTP_POST_VARS['certified'],"IsSelected")))
$error_msg.= "- Please select an option for Certified<br>";
if(isset($HTTP_POST_VARS['special']))
$special="Y";
else
$special="N";
$str = "";
foreach($_POST['features'] as $feature)
$str .= " " . $feature;
if($error_msg == "")
{
#############################################################################
# IF MAGIC QUOTE IN PHP.INI IS SET OFF ADD SLASHES TO SUBMITED VARIABLES #
#############################################################################
$sql = "INSERT INTO ".$db_prefix."cars SET
member_id='".$HTTP_POST_VARS["member_id"]."',
stock='".add_slashes($HTTP_POST_VARS['stock'])."',
stored='".$HTTP_POST_VARS['stored_year']."-".$HTTP_POST_VARS['stored_month']."-".$HTTP_POST_VARS['stored_day']."',
year='".add_slashes($HTTP_POST_VARS['year'])."',
model='".add_slashes($HTTP_POST_VARS['model'])."',
type='".add_slashes($HTTP_POST_VARS['type'])."',
engine='".add_slashes($HTTP_POST_VARS['engine'])."',
trans='".add_slashes($HTTP_POST_VARS['trans'])."',
drive='".add_slashes($HTTP_POST_VARS['drive'])."',
color='".add_slashes($HTTP_POST_VARS['color'])."',
millage='".add_slashes($HTTP_POST_VARS['millage'])."',
vin='".add_slashes($HTTP_POST_VARS['vin'])."',
price='".add_slashes(strip_out($HTTP_POST_VARS['price']))."',
low='".add_slashes(strip_out($HTTP_POST_VARS['low']))."',
high='".add_slashes(strip_out($HTTP_POST_VARS['high']))."',
features='".add_slashes($HTTP_POST_VARS['features'])."',
comments='".add_slashes($HTTP_POST_VARS['comments'])."',
certified='".add_slashes($HTTP_POST_VARS['certified'])."',
special= '".$special."'";
if(@mysql_query($sql))
die(header("Location: index.php?status=insert"));
else
$error_msg = "Record was not inserted because of invalid data posted.<br>- Stock must be unique.";
}
else//if($error_msg == "")
$error_msg = "Record was not inserted because of invalid data posted.<br>".$error_msg;
$member_id = $HTTP_POST_VARS["member_id"];
$stock = $HTTP_POST_VARS["stock"];
$stored_month = $HTTP_POST_VARS["stored_month"];
$stored_day = $HTTP_POST_VARS["stored_day"];
$stored_year = $HTTP_POST_VARS["stored_year"];
$year = $HTTP_POST_VARS["year"];
$model = $HTTP_POST_VARS["model"];
$type = $HTTP_POST_VARS["type"];
$engine = $HTTP_POST_VARS["engine"];
$trans = $HTTP_POST_VARS["trans"];
$drive = $HTTP_POST_VARS["drive"];
$color = $HTTP_POST_VARS["color"];
$millage = $HTTP_POST_VARS["millage"];
$vin = $HTTP_POST_VARS["vin"];
$price = $HTTP_POST_VARS["price"];
$low = $HTTP_POST_VARS["low"];
$high = $HTTP_POST_VARS["high"];
$str = $HTTP_POST_VARS["str"];
$comments = $HTTP_POST_VARS["comments"];
$certified = $HTTP_POST_VARS["certified"];
}
else
{
$stock = "";
$stored_month = date("m");
$stored_day = date("d");
$stored_year = date("Y");
$year = "";
$model = "";
$type = "";
$engine = "";
$trans = "";
$drive = "";
$color = "";
$millage = "";
$vin = "";
$price = "";
$low = "";
$high = "";
$str = "";
$comments = "";
$special ="";
$member_id=$HTTP_SESSION_VARS['ses_mem_id'];
$certified="0";
}//e |
Partager