server side

1. <?php
2. include('install_lang_japanese.php');
3. include('functions.php');
4.  
5.  
6. if (phpversion() >='4.1.0') {
7.     include_once('vars4.1.0.php');
8. }else {
9.     include_once('vars4.0.6.php');
10. }
11.  
12. //connect to database
13. $dbc=mysql_connect(_SRV,_ACCID,_PWD) or die(_ERROR15.": ".mysql_error());
14. $db=mysql_select_db("QPL",$dbc) or die(_ERROR17.": ".mysql_error());
15.  
16.  
17. $target_path = "data/";
18.  
19. $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
20. //print_r($_FILES);
21.         if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
22.                 echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
23.                 }
24.         else{
25.                 echo "There was an error uploading the file, please try again!";
26.                 }
27.  
28. switch(postVar('action')) {
29.     case 'oqcdata' :
30.         oqcdata(postVar('mod'),postVar('no'),postVar('lotno'),postVar('date'),
31.                 postVar('sym'),postVar('coz'),postVar('stat'),postVar('cm'),postVar('detail'));
32.         break;
33. }
34.  
35. function oqcdata($mod,$no,$lotno,$date,$sym,$coz,$stat,$cm,$detail) {
36.  
37.     $Model          = mysql_real_escape_string($mod);
38.         $Serial     = mysql_real_escape_string($no);
39.     $Lot            = mysql_real_escape_string($lotno);
40.     $Date       = mysql_real_escape_string($date);
41.     $Sym        = mysql_real_escape_string($sym);
42.     $Coz        = mysql_real_escape_string($coz);
43.     $Stat           = mysql_real_escape_string($stat);
44.         $CM         = mysql_real_escape_string($cm);
45.     $Detail     = mysql_real_escape_string($detail);
46.     $Model          = strtoupper($Model);
47.     $Serial     = strtoupper($Serial);
48.     $Lot            = strtoupper($Lot);
49.     $Sym        = stripcslashes($Sym);
50.     $Coz            = stripcslashes($Coz);
51.     $Stat           = stripcslashes($Stat);
52.  
53. //build query
54.   $sql = "INSERT INTO OQC ";
55.   $sql.= "(Model, Serial, Lotno, Date, Symptom, Cause, Status, CM,Detail) ";
56.   $sql.= "VALUES ('";
57.   $sql.= $Model."','".$Serial."','".$Lot."','".$Date."','".$Sym."','".$Coz."','";
58.   $sql.= $Stat."','".$CM."','".$Detail."')";
59. echo $sql;
60. $result=mysql_query($sql) or die(_ERROR26.": ".mysql_error());
61. echo $result;
62. mysql_close($dbc);
63. }
64.  
65. ?>