<?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString(

1. <?php
2. if (!function_exists("GetSQLValueString")) {
3. function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
4. {
5. if (PHP_VERSION < 6) {
6. $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
7. }
8.  
9. $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
10.  
11. switch ($theType) {
12. case "text":
13. $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
14. break;
15. case "long":
16. case "int":
17. $theValue = ($theValue != "") ? intval($theValue) : "NULL";
18. break;
19. case "double":
20. $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
21. break;
22. case "date":
23. $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
24. break;
25. case "defined":
26. $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
27. break;
28. }
29. return $theValue;
30. }
31. }
32.  
33. $editFormAction = $_SERVER['PHP_SELF'];
34. if (isset($_SERVER['QUERY_STRING'])) {
35. $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
36. }
37.  
38. if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
39. $insertSQL = sprintf("INSERT INTO users (id, `First Name`, `Last Name`, `User ID`, Password, `Secret Question`, Answer, `Date of Birth`, Gender, Profession, Phone, `Email ID`, Address, Time_Stamp, AdminLevel) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
40. GetSQLValueString($_POST['id'], "int"),
41. GetSQLValueString($_POST['First_Name'], "text"),
42. GetSQLValueString($_POST['Last_Name'], "text"),
43. GetSQLValueString($_POST['User_ID'], "text"),
44. GetSQLValueString($_POST['Password'], "text"),
45. GetSQLValueString($_POST['Secret_Question'], "text"),
46. GetSQLValueString($_POST['Answer'], "text"),
47. GetSQLValueString($_POST['Date_of_Birth'], "date"),
48. GetSQLValueString($_POST['Gender'], "text"),
49. GetSQLValueString($_POST['Profession'], "text"),
50. GetSQLValueString($_POST['Phone'], "double"),
51. GetSQLValueString($_POST['Email_ID'], "text"),
52. GetSQLValueString($_POST['Address'], "text"),
53. GetSQLValueString($_POST['Time_Stamp'], "date"),
54. GetSQLValueString($_POST['AdminLevel'], "int"));
55.  
56. mysql_select_db($database_user, $user);
57. $Result1 = mysql_query($insertSQL, $user) or die(mysql_error());
58.  
59. $insertGoTo = "/mashwani/thank.php";
60. if (isset($_SERVER['QUERY_STRING'])) {
61. $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
62. $insertGoTo .= $_SERVER['QUERY_STRING'];
63. }
64. header(sprintf("Location: %s", $insertGoTo));
65. }
66.  
67. mysql_select_db($database_user, $user);
68. $query_User = "SELECT * FROM users";
69. $User = mysql_query($query_User, $user) or die(mysql_error());
70. $row_User = mysql_fetch_assoc($User);
71. $totalRows_User = mysql_num_rows($User);
72. ?>