Expand|Select|Wrap|Line Numbers
- <?php
- require_once "../inc/functions.php";
- //require_once "../inc/vars.inc.php";
- sessionCheck();
- session_start();
- $old_sessionid = session_id(); //i've added these lines
- session_regenerate_id(); //i've added these lines
- $new_sessionid = session_id(); //i've added these lines
- function cleanInput($input) {
- $search = array(
- '@<\s*script[^>]*?>.*?<\s*/\s*script\s*>@si', // Strip out javascript
- '@<\s*[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
- '@<\s*style[^>]*?>.*?<\s*/\s*style\s*>@siU', // Strip style tags properly
- '@<![\s\S]*?–[ \t\n\r]*>@',
- '/<img[^>]+\>/i' // Strip multi-line comments
- );
- $output = preg_replace($search, '', $input);
- return $output;
- }
- // ’slashing
- function sanitize($input) {
- if (is_array($input)) {
- foreach($input as $var=>$val) {
- $output[$var] = sanitize($val);
- }
- } else {
- $input = @trim($input);
- if (get_magic_quotes_gpc()) {
- $input = stripslashes($input);
- }
- $input = cleanInput($input);
- $output = mysql_real_escape_string($input);
- }
- return $output;
- }
- function chk_text($str) {
- return ( preg_match("/[`|~|!|@|#|$|%|^|*|=|+|{|}|[|]|:|;|<|>]/", $var) ? true : ( strpos($var, "?") === false ? false : true ) );
- }
- if($_POST['submit']){
- $district = escape($_POST['dis']);
- $taluka = escape($_POST['tal']);
- $village = escape(trim($_POST['village']));
- $address= escape(trim($_POST['addr']));
- $errCnt = 0;
- echo "$district";
- echo "$taluka";
- echo "$village";
- echo "$address";
- if(!$district)
- {$msg[]="please select a district";
- $errCnt++;
- }
- if(!$taluka)
- {$msg[]="please select a taluka";
- $errCnt++;
- }
- /*if($district != '1' || $district != '2'){
- $msg[]="please select a district";
- $errCnt++;
- }
- if($taluka == "Select one")
- {
- $msg[]="please select a taluka";
- $errCnt++;
- }*/
- if(!$village){
- $msg[] = "Village is required<br />";
- $errCnt++;}
- else
- if(preg_match("/[`|~|!|@|#|$|%|^|*|=|+|{|}|[|]|:|;|<|>]/", $village))
- {
- $msg[] = "No special characters allowed in name<br />";
- $errCnt++;
- }
- if(!$address){
- $msg[] = "Address is required";
- $errCnt++;}
- else
- if(preg_match("/[`|~|!|@|#|$|%|^|*|=|+|{|}|[|]|:|;|<|>]/", $address))
- {
- $msg[] = "No special characters allowed in address<br />";
- $errCnt++;
- }
- $sub_id="select subcat_id from subcat where type='".$taluka."'";
- $execute=caseQuery($sub_id);
- $reslt = mysql_fetch_row($execute);
- $sub=$reslt[0];
- echo "$sub";
- if($errCnt == 0){
- $sql = 'INSERT INTO `subcat2` (
- `cat_id` ,
- `subcat_id` ,
- `type` ,
- `vil_name` ,
- `vil_addr`
- )
- VALUES (
- "'.$district.'","'.$sub.'", "'.$taluka.'","'.$village.'" ,"'.$address.'"
- )';
- $dist = caseInsertQuery($sql);
- if($dist)
- {
- $ms= "data added succesfully";
- }
- else
- {
- $ms= "error adding data";
- }
- }
- else
- {
- $msgs = addslashes(@implode("<br>",$msg));
- }
- }
- ?>
- <?php include_once "admin_templates/case_header.php"; ?>
- <html>
- <head>
- <!-- <title>Multiple drop down list box from plus2net</title>
- <link type="text/css" rel="stylesheet" href="../../gpp/inc/jscalender/css/jscal2.css" />
- <link type="text/css" rel="stylesheet" href="../../gpp/inc/jscalender/css/border-radius.css" />
- <link id="skin-win2k" title="Win 2K" type="text/css" rel="alternate stylesheet" href="../../gpp/inc/jscalender/css/win2k/win2k.css" />
- <link id="skinhelper-compact" type="text/css" rel="alternate stylesheet" href="../../gpp/inc/jscalender/css/reduce-spacing.css" />
- <script src="../../gpp/inc/jscalender/js/jscal2.js"></script>
- <script src="../../gpp/inc/jscalender/js/lang/en.js"></script>
- -->
- <SCRIPT>
- function frmSubmit(){
- var error='';
- var dis = document.getElementById('dis').value;
- var tal = document.getElementById('tal').value;
- var vil = document.getElementById('village').value;
- var addr = document.getElementById('addr').value;
- if(dis != 1 || dis != 2){
- error += "district is Required \n";}
- else
- if(dis==1)
- {
- if(tal=="Select one")
- {
- error += "Select taluka \n";
- }
- }
- else if(dis==2)
- {
- if(tal=="Select one")
- {
- error += "Select taluka \n";
- }
- }
- if(!vil){
- error += "Panchayat Name is Required \n";
- }
- if(!addr){
- error += "Address is Required \n";
- }
- if(error) {
- alert(error);
- }else{
- srch_frm.submit();
- }
- }
- </script>
- <SCRIPT language=JavaScript>
- function reload(form)
- {
- var val=form.dis.options[form.dis.options.selectedIndex].value;
- self.location='master.php?dis=' + val ;
- }
- </script>
- </head>
- <body>
- <?
- @$dis=$_GET['dis'];
- if(strlen($dis) > 0 and !is_numeric($dis)){
- echo "Data Error";
- exit;
- }
- $quer2=caseQuery("SELECT DISTINCT dis_name,dis_id FROM district order by dis_name");
- if(isset($dis) and strlen($dis) > 0){
- $quer=caseQuery("SELECT DISTINCT tal_name FROM taluka where dis_id=$dis order by tal_name");
- }else{$quer=caseQuery("SELECT DISTINCT tal_name FROM taluka order by tal_name"); }
- ?>
- <form action="master.php" name="srch_frm" method="post">
- <fieldset style="width:20px">
- <legend ><b> Search File</b></legend>
- <table width="328" border="1">
- <tr width="320">
- <td >District:</td>
- <td>
- <?php
- echo "<select name='dis' onchange=\"reload(this.form)\" ><option value=''>Select one</option>";
- while($noticia2 = mysql_fetch_array($quer2)) {
- if($noticia2['dis_id']==@$dis){echo "<option selected value='$noticia2[dis_id]'>$noticia2[dis_name]</option>"."<BR>";}
- else{echo "<option value='$noticia2[dis_id]'>$noticia2[dis_name]</option>";}
- }
- echo "</select>";
- ?>
- </td>
- </tr>
- <tr>
- <td>Taluka:</td>
- <td>
- <?php
- echo "<select name='tal' ><option value=''>Select one</option>";
- while($noticia = mysql_fetch_array($quer)) {
- echo "<option value='$noticia[tal_name]'>$noticia[tal_name]</option>";
- }
- echo "</select>";
- ?>
- </td>
- </tr>
- <td>Panchayat Name:</td>
- <td><input name="village" id="village" type="text" size="15" value="<?=$_POST['village']?>" /></td>
- </tr>
- <td>Panchayat Address :</td>
- <td><input name="addr" id="addr" type="text" size="15" value="<?=$_POST['addr']?>" /></td>
- </tr>
- </table>
- <input name="submit" type="submit" value="submit" >
- <input name="cancel" value="Cancel" type="reset" onClick="reload(this.form)">
- </fieldset>
- </form>
- <?php
- echo "$msgs";
- echo "$ms";
- //onclick="frmSubmit()"
- ?>
- </body>
- </html>