<?php
/**
* @author Bettina Schwarzer, Fritz-Haber-Institut
* @copyright 07/2011
*
* INSERT Partnerdaten
*/
error_reporting(E_ALL ^ E_NOTICE);
session_start();
if (! isset($_SESSION["userid"]))
{
include_once ("inc/func_lib.inc.php");
login("partner_ins.php");
exit;
}
if (is_null($_SESSION["recht"]) || (!is_null($_SESSION["recht"]) && !in_array("vpe",$_SESSION["recht"])))
{
header("Location: start.php");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="css/db.css" rel="STYLESHEET" type="TEXT/CSS" media="screen"/>
<link href="css/db_print.css" rel="STYLESHEET" type="TEXT/CSS" media="print"/>
<title>Eingabe Partner</title>
</head>
<body>
<?php
echo " ";
echo "<div class=\"float-br smaller\" valign='top'>";
echo " user: " . $_SESSION["userid"];
echo " <a class='sc' href='/fhiiqm/logout.php' title='Session beenden'>logout</a></div>\n";
echo "<div class=\"float-r\"><img src=\"img/group_gear.png\" border=\"0\" alt=\"Partnerdaten eingeben\" title=\"Partnerdaten eingeben\"/></div>\n";
include_once($_SERVER['DOCUMENT_ROOT'] ."/fhiiqm/inc/dbconnect.inc.php");
$ok = $_POST["ok"];
$ins = $_POST["ins"];
$part = $_POST["part"];
if (!$part['okn']) $ok=false;
// print_r($part);
if (!$ok || !$ins )
{
$upd = $ins; // wegen filename-Pruefung bei Upload
include_once("form/partner_form.inc.php");
if ($ins == "eingeben" )
{
$frage = "Alle Angaben ok?";
echo "<tr>
<td class=\"red\" valign=\"top\" align=\"left\">$frage</td>
<td><input type=\"checkbox\" name=\"ok\" value=\"1\"";
if ($ok) echo "checked";
echo "></td>\n</tr>\n";
}
echo "<tr>\n";
echo "
<td> </td>
<td><input class=\"button\" type=\"submit\" value=\"eingeben\" name=\"ins\" title=\"insert\" /></td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "</div>\n";
echo "</form>\n";
}
else
{
echo "<div align='center'>\n";
//daten speichern
if (!isset($dbc) || !$dbc) $dbc = new dbconnection();
$part["firma"] = substr($part["firma"],0,50);
$part["nname"] = substr($part["nname"],0,30);
$part["vname"] = substr($part["vname"],0,30);
if ($part['anr']== -1) $part['anr']=null;
$part["titel"] = substr($part["titel"],0,10);
$part["tel"] = substr($part["tel"],0,20);
$part["mobil"] = substr($part["motel"],0,20);
$part["fax"] = substr($part["fax"],0,20);
$part["email"] = substr($part["email"],0,20);
$part["ort"] = substr($part["ort"],0,50);
$part["str"] = substr($part["str"],0,50);
$part["plz"] = substr($part["plz"],0,10);
$part["bem"] = substr($part["bem"],0,500);
foreach ($part as $key=>$value)
{
// NULL - Eintrag in Tabelle
if (is_null($value) || $value < "!") $part["$key"] = null;
}
// vermeiden von SQL-Injection
$stmt = $dbc -> stmtinit();
if (is_object($stmt))
{
$stmt -> prepare("INSERT INTO fhiiqm.Partner (part_firma,part_nachname,part_vorname,part_titel,part_anrede,
part_strasse,part_ort,part_plz,part_tel,part_fax,part_mobil,part_email,part_bemerkung)
VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt -> bind_param('sssssssssssss',$part["firma"],$part["nname"],$part["vname"],$part["titel"],$part['anr'],
$part["str"],$part["ort"],$part["plz"],$part["tel"],$part["fax"],$part["motel"],$part["email"],$part["bem"]);
$result = $stmt -> execute();
}
if ($dbc->error) echo "error: " . $dbc->error . "<br><br>\n";
// $result=1;
if ($result)
{
// INSERT o.k.
// part_ID ermitteln
$pid = $dbc -> insertId();
echo "<p class='green'><b>Partnerdaten zu ID '$pid' wurden erfolgreich gespeichert.</b></p>\n";
echo "<br /><br />\n";
// Anzeigen gespeicherte Partnerdaten
include ("inc/partner_dat_show.inc.php");
}
else
echo "<p class='red'>Eingabe der Partnerdaten ist fehlgeschlagen!</p>\n";
$dbc -> close();
echo "</div>\n";
echo "<p class='sc'> <a href=\"partner_flist.php\" target=\"_self\" title=\"Partnerliste\">Partnerliste</a></p>\n";
echo "<p class='sc'> <a href=\"partner_ins.php\" target=\"_self\" title=\"Partner erfassen\">Weiteren Partner erfassen</a></p>\n";
}
?>
</body>
</html>