Untitled

<?php
if($_GET['act']=='student.note.list.save') {
         $dTables = new DataTables($academicConfig);
         if($_SESSION['groupid']==9 || $_SESSION['groupid']==5){
         //check is it there?
         $checkQuery=$dTables->ExecuteQuery("select * from studentactivity where studentid='".StrToDB($_GET['studentId'])."' and schoolYear='".StrToDB($_GET['schoolYear'])."' and semester='".StrToDB($_GET['semester'])."' ");
         $checkData=$dTables->FetchArray($checkQuery);


            if($checkData['STUDENTID']){
             $query="update studentactivity set COMMENTOFLECTURER='".@str_replace('\'','\'\'',$_POST['note'])."', COMMENTOFPARENTS='".StrToDB($_POST['note_parent'])."' where studentid='".StrToDB($_GET['studentId'])."' and schoolYear='".StrToDB($_GET['schoolYear'])."' and semester='".StrToDB($_GET['semester'])."' ";

            $dTables->ExecuteQuery($query);
             }else{
                $newData=array(
                  "STUDENTID"=>"'".StrToDB($_GET['studentId'])."'",
                  "SCHOOLYEAR"=>"'".StrToDB($_GET['schoolYear'])."'",
                  "SEMESTER"=>"'".StrToDB($_GET['semester'])."'",
                  "COMMENTOFLECTURER"=>"'".@str_replace('\'','\'\'',$_POST['note'])."'",
                  "COMMENTOFPARENTS"=>"'".StrToDB($_POST['note_parent'])."'",
                  "APPROVALBYPRODI"=>"'TIDAK'",
                );
                $dTables->Insert("STUDENTACTIVITY",$newData);

             }
         }


    }else if($_GET['act']=='student.note.list.approve') {
         $dTables = new DataTables($academicConfig);


         if($_SESSION['groupid']==9){
             $query="update studentactivity set APPROVALBYPRODI='YA', PRODIAPPROVEMENTDATE=SYSDATE where studentid='".intval($_GET['studentId'])."' and schoolYear='".StrToDB($_GET['schoolYear'])."' and semester='".intval($_GET['semester'])."' ";

            $dTables->ExecuteQuery($query);
         }


    }else if($_GET['act']=='student.note.list.un.approve') {
         $dTables = new DataTables($academicConfig);
         if($_SESSION['groupid']==9){
             $query="update studentactivity set APPROVALBYPRODI='TIDAK', PRODIAPPROVEMENTDATE=NULL where studentid='".intval($_GET['studentId'])."' and schoolYear='".StrToDB($_GET['schoolYear'])."' and semester='".intval($_GET['semester'])."' ";

            $dTables->ExecuteQuery($query);
         }


    }
?>