backoffice/html/gestion/add.php

<?php
//die('Inop&eacute;rant pour l\'instant');
include('tables.php');
require('qs_functions.php');

@session_start();
$sessionPage='';

if (isset($_REQUEST['dbtable']) && $_REQUEST['dbtable']<>'') 
{
	$dbtable=$_REQUEST['dbtable'];
	if (array_key_exists($dbtable, $tablesDisp)) {
		$tmp=explode('.', $dbtable);
		$database	= $tmp[0];
		$table		= $tmp[1];
		$sessionPage=$database.'.'.$table;
		$_SESSION['dbtable'] = $sessionPage;
	}
	else die('Table inconnue !');
}

if ($sessionPage=='') {
	$sessionPage=$dbtable=qssession('dbtable');
	$tmp=explode('.', $sessionPage);
	$database	= $tmp[0];
	$table		= $tmp[1];
}

$fields_hidden=$fields_readOnly=$fields_nomChamps=array();
$titre='Ajout de '.$table;

if (isset($tablesInfo[$dbtable]['fields_hidden']))
		$fields_hidden=$tablesInfo[$dbtable]['fields_hidden'];

if (isset($tablesInfo[$dbtable]['fields_readOnly']))
		$fields_readOnly=$tablesInfo[$dbtable]['fields_readOnly'];

if (isset($tablesInfo[$dbtable]['fields_nomChamps']))
		$fields_nomChamps=$tablesInfo[$dbtable]['fields_nomChamps'];

if (isset($tablesInfo[$dbtable]['titres']['list']))
		$titre=$tablesInfo[$dbtable]['titres']['add'];

$nbLignesParPage = 30;

$host = "localhost:3306";
$user = "root";
$passwd = "bzh4231*";
$link = @mysql_connect($host,$user,$passwd);
@mysql_select_db($database);

$row = '';
$err_string = '';
$quotechar = '`';
$quotedate = "'";
$sql = '';
$sql_ext = '';
$insert_sql='';
$value_sql='';

$parammaster = array();
$fields = array();
$fieldcons = array();
$searchmode = array();
$stdsearchopt = array();
$isEditables = array();
$formatdate = array();
$seperatedate = array();
$format = array();
$champ = array();
$SourceFileUpload = array();
$DestFileUpload = array();
$NewFieldUpload = array();

$result = mysql_query("SHOW COLUMNS FROM $table");
if (!$result) {
   echo 'Impossible d\'exécuter la requête : ' . mysql_error();
   exit;
}
if (mysql_num_rows($result) > 0) {
	$sql .= "SELECT ";
	$i=0;
	$singleKey='';
	while ($row = mysql_fetch_assoc($result)) {
	    $sql .= " $table.`".$row['Field'].'`,';
		$fields[$i]=$table.'.`'.$row['Field'].'`';
		$fieldcons[$i]=$table.'.`'.$row['Field'].'`';
		$parammaster[$i]='';
		$searchmode[$i]= 0;
		$stdsearchopt[$i]=0;
		$champ[$i]['nom']=$row['Field'];
		$SourceFileUpload[$i]=0;
		$DestFileUpload[$i]=0;
		$NewFieldUpload[$i]=0;

		if (in_array($row['Field'], $fields_hidden))
			$champ[$i]['hidden']=true;
		else 
			$champ[$i]['hidden']=false;
		// Le champ est il éditable ?
		$isEditables[$i] = true;
		if (in_array($row['Field'], $fields_readOnly))
			$isEditables[$i] = false;
			
		$champ[$i]['type']=$row['Type'];
		$champ[$i]['null']=$row['Null'];
		$champ[$i]['key']=$row['Key'];
		if ($row['Key']=='PRI'){
			if ($singleKey=='')	$singleKey=$row['Field'];
			else 				die('Ne gère pas les tables avec plusieurs clés primaires');
		}
		//elseif 
		$champ[$i]['default']=$row['Default'];
		$champ[$i]['extra']=$row['Extra'];
		$champ[$i]['align']='Default'; // right, left
		$formatdate[$i] = '';
		$seperatedate[$i] = '';

		if (preg_match('/(timestamp|date|datetime)(.*)/i', $row['Type'], $matches)) {
			$formatdate[$i] = 'dd/mm/yyyy';
			$seperatedate[$i] = '/';
			$format[$i] = 'date';
	  } elseif (preg_match('/(tinyint|smallint|mediumint|int|bigint|integer)(.*)/i', $row['Type'], $matches)) {
			$tmp=explode(')',$matches[2]);
			$format[$i]='int';
			$long[$i]=str_replace('(','', $tmp[0]);
	  } elseif (preg_match('/(float|double|real|decimal|numeric)(.*)/i', $row['Type'], $matches))
			$format[$i] = 'float';
		elseif (preg_match('/(char|varchar|text)(.*)/i', $row['Type'], $matches)) {
			$tmp=explode(')',$matches[2]);
			$format[$i]='char';
			$long[$i]=str_replace('(','', $tmp[0]);
	  } elseif (preg_match('/(enum)(.*)/i', $row['Type'], $matches))
			$format[$i]='enum';
		else 
			die ('Format "'.$row['Type'].'" inconnu');
		//enum('A','B','C')
		if (isset($fields_nomChamps[$row['Field']]) && $fields_nomChamps[$row['Field']]<>'')
			$champ[$i]['libelleColonne']=$fields_nomChamps[$row['Field']];
		else
			$champ[$i]['libelleColonne']=$row['Field'];
		//$fields_nomChamps
		$i++;/*Array
(
    [Field] => numMand
    [Type] => mediumint(9)
    [Null] => NO
    [Key] => PRI
    [Default] => 
    [Extra] => auto_increment
)
1*/
	}
    $sql_select = substr($sql,0,-1) . "FROM $table $table\n";
	//die(print_r($champ));
}

if (isset($_POST["act"])) {
$qry_string = "";
$insert_sql = "";
$value_sql = "";
$hidden_tag = "";
$i = 0;
$result = mysql_query($sql_select . " " . $sql_ext . " limit 0,1")
			or die("Invalid query : $sql_select $sql_ext limit 0,1\n" . mysql_error() );

while ($i < mysql_num_fields($result)) {
    $meta = mysql_fetch_field($result);
    $field_name = $meta->name;
    $field_type = $meta->type;
    $type_field = "";
    $type_field = returntype($field_type);
    if (qsvalidRequest("search_fd" .$i)) {
        if ($qry_string == "") {
            $qry_string = "search_fd" . $i . "=" . urlencode(stripslashes(qsrequest("search_fd" . $i)));
        } else {
            $qry_string .= "&search_fd" .$i . "=" . urlencode(stripslashes(qsrequest("search_fd" . $i)));
        }
        $hidden_tag .= "<input type=\"hidden\" name=\"search_fd" .$i . "\" value=\"" . qsreplace_html_quote(stripslashes(qsrequest("search_fd" . $i))) . "\">\n";
        if ($qry_string == "") {
            $qry_string = "multisearch_fd" . $i . "=" . urlencode(stripslashes(qsrequest("multisearch_fd" . $i)));
        } else {
            $qry_string .= "&multisearch_fd" .$i . "=" . urlencode(stripslashes(qsrequest("multisearch_fd" . $i)));
        }
        $hidden_tag .= "<input type=\"hidden\" name=\"multisearch_fd" .$i . "\" value=\"" . qsreplace_html_quote(stripslashes(qsrequest("multisearch_fd" . $i))) . "\">\n";
    }
    if (qsvalidRequest("add_fd" . $i)) {
        $idata = qsrequest("add_fd" . $i);
        if ($meta) {
            if ($type_field == "type_datetime") {
                    if ($insert_sql == "") {
                        $insert_sql .= $quotechar . $field_name . $quotechar;
                        $value_sql  .= $quotedate . qsconvertdate2ansi($idata,$formatdate[$i],$seperatedate[$i]) .  $quotedate;
                    } else {
                        $insert_sql .= "," . $quotechar . $field_name . $quotechar;
                        $value_sql  .= "," . $quotedate . qsconvertdate2ansi($idata,$formatdate[$i],$seperatedate[$i]) .$quotedate;
                    }
            } elseif ($type_field == "type_integer") {
                if (is_numeric($idata)) {
                    if ($insert_sql == "") {
                        $insert_sql .= $quotechar . $field_name . $quotechar;
                        $value_sql  .= $idata;
                    } else {
                        $insert_sql .= "," . $quotechar . $field_name . $quotechar;
                        $value_sql  .= "," . $idata;
                    }
                } else {
                    $err_string .= "<strong>Error:</strong>while adding<strong>" . $field_name . "</strong>.<br>";
                    $err_string .= "Description: Type mismatch.<br>";
                }
            } elseif ($type_field == "type_string") {
                if ($insert_sql == "") {
                    $insert_sql .= $quotechar . $field_name . $quotechar;
                    $value_sql  .= "'" . ereg_replace("'","''",stripslashes($idata)) . "'";
                } else {
                    $insert_sql .= "," . $quotechar . $field_name . $quotechar;
                    $value_sql  .= ",'" . ereg_replace("'","''",stripslashes($idata)) . "'";
                }
            } else {
                if ($insert_sql == "") {
                    $insert_sql .= $quotechar . $field_name . $quotechar;
                    $value_sql  .= "'" . ereg_replace("'","''",stripslashes($idata)) . "'";
                } else {
                    $insert_sql .= "," . $quotechar . $field_name . $quotechar;
                    $value_sql  .= ",'" . ereg_replace("'","''",stripslashes($idata)) . "'";
                }
            }
        }
    } else {
        if ((strtolower($field_type) != "int identity")
         && (strtolower($field_type) != "autoincrement")
         && (strtolower($field_type) != "counter")) {
            if ($insert_sql == "") {
                $insert_sql .= $quotechar . $field_name . $quotechar;
                $value_sql  .= "null";
            } else {
                $insert_sql .= "," . $quotechar . $field_name . $quotechar;
                $value_sql  .= ", null";
            }
        }
    }
$i++;
}
$sql  = '';
$sql  = "INSERT INTO " . $quotechar. $table . $quotechar;
$sql .= " (" . $insert_sql . ")";
$sql .= ' VALUES ';
$sql .= " (" . $value_sql . ")";
echo $sql;
//die();
#----get submit url page----
    $submiturl = "./liste.php";
    if ($result > 0) {mysql_free_result($result);}
    if (!$result = @mysql_query($sql)){
        $err_string .= "<strong>Erreur : </strong> lors de l'ajout en base (<strong>" . mysql_errno() . "</strong>).<br/>";
		$err_string .= "Description : " . mysql_error();
    }
    
    //Start update data of upload field
        $value_sql = "";
        $max_id = -1;
        $max_id = GetLastRecordID($table, $singleKey);
        $updateCond = "";
        $updateCond = $singleKey.'='. $max_id;
    if ($err_string == "") {
        if ($qry_string != "") {
            $URL= $submiturl . "&" . $qry_string;
        } else {
            $URL= $submiturl;
        }
        header ("Location: $URL");
        exit;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title><?=htmlentities($titre)?></title>
<link rel="stylesheet" type="text/css" href="../nonimg/gestion.css">
<script src="../nonimg/validate.js"></script>
<script language="javascript">
function check(frm) {
    var szAlert = "Erreur(s) :\n";
    var nIndex = 0;
<?php

foreach ($champ as $i=>$field) {
	if (!$field['hidden'] && $isEditables[$i]) 
	{
/*		// On test si le champ peut être vide
?>
		if (!RequiredField(frm.edit_fd<?=$i?>.value)) {
    	    nIndex++;
			szAlert += "- " +"'<?=htmlentities($field['libelleColonne'])?>' ne peut être vide\n";
		}
<?
*/		// Si le champ est au format date, ajout du test de contrôle de la date en JavaScript
		if ($formatdate[$i]<>'') {
?>
		if (frm.edit_fd<?=$i?>.value!="" && !isDate(frm.edit_fd<?=$i?>.value)) {
			nIndex++;
			szAlert += "- " +"'<?=htmlentities($field['libelleColonne'])?>' n'est pas une date valide\n";
		}
<?
		}
	
	// Si le champ est de type int au sens large, ajout du test de contrôle de validité en JavaScript
		if ($format[$i]=='int') {
?>
		if (frm.edit_fd<?=$i?>.value!="" && !NumberValidate(frm.edit_fd<?=$i?>.value)) {
			nIndex++;
			szAlert += "- " +"'<?=htmlentities($field['libelleColonne'])?>' n'est pas un nombre\n";
		}
<?
		}
	}
}

?>
	if(nIndex > 0) {
		alert(szAlert) ;
		return false ;
	}
	return true ;
}
</script>
</head>
<body>
<center>
<center><strong><font size="5"><?=htmlentities($titre)?></font></strong></center><br>

<A NAME=top></A>

<script>
function getURLParam(strParamName){
var strReturn = "";
var strHref = window.location.href;
if ( strHref.indexOf("?") > -1 ){
  var strQueryString = strHref.substr(strHref.indexOf("?")).toLowerCase();
  var aQueryString = strQueryString.split("&");
  for ( var iParam = 0; iParam < aQueryString.length; iParam++ ){
    if (
	aQueryString[iParam].indexOf(strParamName + "=") > -1 ){
      var aParam = aQueryString[iParam].split("=");
      strReturn = aParam[1];
      break;
    }
  }
}
return strReturn;
}
</script>


<Form name="qs_add_form" method="post" action="./add.php" onSubmit="return check(this)">
<script language='javascript' src='qwikcalendar.js'></script>
<?php
if (isset($hidden_tag))	print $hidden_tag;
?>
<Table Border="0" Cellpadding="2" Cellspacing="1" BgColor="#177AE9">

<?php
$css_class = "\"TrOdd\"";
?>
<tr>
<td colspan="2" class="ThRows"><?=htmlentities($titre)?></td>
</tr>
<?php
if ($err_string != "") {
	print '<tr>';
	print '<td class="ThRows"><b><font color="red">Erreur :</font></b></td>';
	print '<td colspan="2" class=' . $css_class . ' align=Default>' . $err_string . '</td>';
	print '</tr>';
}

foreach ($champ as $i=>$field) {
	if (!$field['hidden'])
	{
 ?>
<tr>
<td class="ThRows"><?=htmlentities($field['libelleColonne'])?></td>
<!--popUpCalendar(ctl, ctl2, format, frameOffSetLeft, frameOffSetTop)-->
<?php
$cellvalue = "";
if ((!isset($_GET["add_fd".$i])) && (!isset($_POST["add_fd".$i]))) {
	if ($formatdate[$i]<>'')
		$itemvalue = qsconvertdate($row[$i],"dd/mm/yyyy");
	else
    	$itemvalue = $row[$i];
} else {
    $itemvalue = qsrequest("add_fd".$i);
}
	if ($isEditables[$i]) {
 		$cellvalue = '<input type="text" name="add_fd'.$i.'" value="' . qsreplace_html_quote(stripslashes($itemvalue)) . '">';
 		if ($formatdate[$i]<>'') $cellvalue.='<a href="#add_fd'.$i.'"><a name="add_fd'.$i.'"><img src="../images/Calendar.gif" width="20" height="21" border=0 align="absmiddle" onClick="popUpCalendar(this, document.forms[0].add_fd'.$i.', \'dd/mm/yyyy\', 0, 0)"></a>';
	}
 	else
    	$cellvalue =  htmlentities($itemvalue);
    	
    if ($cellvalue == '') {
        $cellvalue = '&nbsp;';
    }
    print "<td class=" . $css_class . " align=Default >" . $cellvalue . "</td>";

?>
</tr>
<?php
	}
}

#----get back url page----
  $backurl = "./liste.php?";
?>
<tr>
<td class="ThRows">&nbsp;</td>
<td class="TrOdd" align=Default>
<input type="hidden" name="act" value="n">
<input type="button" name="QS_Back" value="Retour" OnClick="javascript:window.location='<?=$backurl?>'">&nbsp;&nbsp;
<input type="submit" name="QS_Submit" value="Ajout">&nbsp;&nbsp;
<input type="reset" name="QS_Reset" value="R&eacute;initialisation">
</td>
</tr>
</Table><br>
</Form>
<?php
if (isset($result) && $result > 0) {mysql_free_result($result);}
if ($link > 0) {mysql_close($link);}
?>
<A NAME=bottom></A>
</center>
</body>
</html>