--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/fhiiqm/partner_ins.php Wed Aug 31 14:22:19 2011 +0200
@@ -0,0 +1,117 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+ <link href="css/db.css" rel="STYLESHEET" type="TEXT/CSS" />
+
+ <title>Eingabe Partner</title>
+</head>
+
+<body>
+ <div class="float-r"><img src="img/group_gear.png" border="0" alt="Partnerdaten eingeben" title="Partnerdaten eingeben"/></div>
+
+<?php
+
+/**
+ * @author Bettina Schwarzer, Fritz-Haber-Institut
+ * @copyright 07/2011
+ *
+ * INSERT Partnerdaten
+ */
+
+ error_reporting(E_ALL ^ E_NOTICE);
+
+ include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");
+
+ $ok = $_POST["ok"];
+ $ins = $_POST["ins"];
+ $part = $_POST["part"];
+ if (!$part['okn']) $ok=false;
+
+// print_r($part);
+
+ if (!$ok || !$ins )
+ {
+ $upd = $ins; // wegen filename-Pruefung bei Upload
+ include_once("form/partner_form.inc.php");
+
+ if ($ins == "eingeben" )
+ {
+
+ $frage = "Alle Angaben ok?";
+ echo "<tr>
+ <td class=\"red\" valign=\"top\" align=\"left\">$frage</td>
+ <td><input type=\"checkbox\" name=\"ok\" value=\"1\"";
+ if ($ok) echo "checked";
+ echo "></td>\n</tr>\n";
+ }
+
+ echo "<tr>\n";
+ echo "
+ <td> </td>
+ <td><input class=\"button\" type=\"submit\" value=\"eingeben\" name=\"ins\" title=\"insert\" /></td>\n";
+ echo "</tr>\n";
+ echo "</table>\n";
+ echo "</div>\n";
+ echo "</form>\n";
+
+ }
+ else
+ {
+ echo "<div align='center'>\n";
+ //daten speichern
+ if (!isset($dbc) || !$dbc) $dbc = new dbconnection();
+ $part["firma"] = substr($part["firma"],0,50);
+ $part["nname"] = substr($part["nname"],0,30);
+ $part["vname"] = substr($part["vname"],0,30);
+ if ($part['anr']== -1) $part['anr']=null;
+ $part["titel"] = substr($part["titel"],0,10);
+ $part["tel"] = substr($part["tel"],0,20);
+ $part["mobil"] = substr($part["motel"],0,20);
+ $part["fax"] = substr($part["fax"],0,20);
+ $part["email"] = substr($part["email"],0,20);
+ $part["ort"] = substr($part["ort"],0,50);
+ $part["str"] = substr($part["str"],0,50);
+ $part["plz"] = substr($part["plz"],0,10);
+ $part["bem"] = substr($part["bem"],0,500);
+ foreach ($part as $key=>$value)
+ {
+ // NULL - Eintrag in Tabelle
+ if (is_null($value) || $value < "!") $part["$key"] = null;
+ }
+
+ // vermeiden von SQL-Injection
+ $stmt = $dbc -> stmtinit();
+ if (is_object($stmt))
+ {
+ $stmt -> prepare("INSERT INTO fhiiqm.Partner (part_firma,part_nachname,part_vorname,part_titel,part_anrede,
+ part_strasse,part_ort,part_plz,part_tel,part_fax,part_mobil,part_email,part_bemerkung)
+ VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)");
+ $stmt -> bind_param('sssssssssssss',$part["firma"],$part["nname"],$part["vname"],$part["titel"],$part['anr'],
+ $part["str"],$part["ort"],$part["plz"],$part["tel"],$part["fax"],$part["motel"],$part["email"],$part["bem"]);
+ $result = $stmt -> execute();
+ }
+ if ($dbc->error) echo "error: " . $dbc->error . "<br><br>\n";
+// $result=1;
+ if ($result)
+ {
+ // INSERT o.k.
+ // part_ID ermitteln
+ $pid = $dbc -> insertId();
+ echo "<p class='green'><b>Partnerdaten zu ID '$pid' wurden erfolgreich gespeichert.</b></p>\n";
+ echo "<br /><br />\n";
+
+ // Anzeigen gespeicherte Partnerdaten
+ include ("inc/partner_dat_show.inc.php");
+ }
+ else
+ echo "<p class='red'>Eingabe der Partnerdaten ist fehlgeschlagen!</p>\n";
+ $dbc -> close();
+ echo "</div>\n";
+ echo "<p> <a href=\"partner_ins.php\" target=\"_self\" title=\"Partner erfassen\">Weiteren Partner erfassen</a></p>\n";
+ }
+
+?>
+</body>
+</html>
\ No newline at end of file