Help I inherited this script and just found that its not inserting anything
into the "workorderform" table in the db, and I'm getting implode() errors
for the 'bannersize' isset line
New and need help in over my head:
here is the code:
<?php
include("inc/dbconn_open.php");
if (empty($_SESSION['AdminLogin']) OR $_SESSION['AdminLogin'] <> 'OK' ){
header ("Location: LogOut.php");
}
if (isset($_POST['AdminID'])){
$AdminID = $_POST['AdminID'];
} elseif (isset($_GET['AdminID'])){
$AdminID = $_GET['AdminID'];
} else {
header ("Location: LogOut.php");
}
if (isset($_POST['GO'])){$GO = $_POST['GO'];} else {$GO = "";}
if (isset($_POST['Location'])){$Location = $_POST['Location'];} else
{$Location = "";}
{$errmsg = 'Please Select a Location';}
if (isset($_POST['WorkOrderName'])){$WorkOrderName =
$_POST['WorkOrderName'];} else {$WorkOrderName = "";}
if (isset($_POST['IONumber'])){$IONumber = $_POST['IONumber'];} else
{$IONumber = "";}
if (isset($_POST['OrderType'])){$OrderType =
implode($_POST['OrderType'],',');} else {$OrderType = "";}
if (isset($_POST['WorkOrderNumber'])){$WorkOrderNumber =
$_POST['WorkOrderNumber'];} else {$WorkOrderNumber = "";}
if (isset($_POST['Advertiser'])){$Advertiser = $_POST['Advertiser'];} else
{$Advertiser = "";}
if (isset($_POST['AccountNum'])){$AccountNum = $_POST['AccountNum'];} else
{$AccountNum = "";}
if (isset($_POST['Address'])){$Address = $_POST['Address'];} else {$Address
= "";}
if (isset($_POST['City'])){$City = $_POST['City'];} else {$City = "";}
if (isset($_POST['State'])){$State = $_POST['State'];} else {$State = "";}
if (isset($_POST['Zip'])){$Zip = $_POST['Zip'];} else {$Zip = "";}
if (isset($_POST['Phone'])){$Phone = $_POST['Phone'];} else {$Phone = "";}
if (isset($_POST['Fax'])){$Fax = $_POST['Fax'];} else {$Fax = "";}
if (isset($_POST['ContactName'])){$ContactName = $_POST['ContactName'];}
else {$ContactName = "";}
if (isset($_POST['URL'])){$URL = $_POST['URL'];} else {$URL = "";}
if (isset($_POST['AdvertisingAgency'])){$AdvertisingAgency =
$_POST['AdvertisingAgency'];} else {$AdvertisingAgency = "";}
if (isset($_POST['ClickThru'])){$ClickThru = $_POST['ClickThru'];} else
{$ClickThru = "";}
if (isset($_POST['Impressions'])){$Impressions = $_POST['Impressions'];}
else {$Impressions = "";}
if (isset($_POST['AdSize'])){$AdSize = $_POST['AdSize'];} else {$AdSize =
"";}
if (isset($_POST['StartMonth']) && isset($_POST['StartDay']) &&
isset($_POST['StartYear'])){
$StartDate = $_POST['StartYear'] ."-". $_POST['StartMonth'] ."-".
$_POST['StartDay'];
} else {
$StartDate = "";
}
if (isset($_POST['EndMonth']) && isset($_POST['EndDay']) &&
isset($_POST['EndYear'])){
$EndDate = $_POST['EndYear'] ."-". $_POST['EndMonth'] ."-".
$_POST['EndDay'];
} else {
$EndDate = "";
}
if (isset($_POST['CPM'])){$CPM = $_POST['CPM'];} else {$CPM = "";}
if (isset($_POST['FlatRate'])){$FlatRate = $_POST['FlatRate'];} else
{$FlatRate = "";}
if (isset($_POST['IncludeSites'])){$IncludeSites = $_POST['IncludeSites'];}
else {$IncludeSites = "";}
if (isset($_POST['Package'])){$Package = $_POST['Package'];} else {$Package
= "";}
if (isset($_POST['Salesperson'])){$Salesperson = $_POST['Salesperson'];}
else {$Salesperson = "";}
if (isset($_POST['SalespersonID'])){$SalespersonID =
$_POST['SalespersonID'];} else {$SalespersonID = "";}
if (isset($_POST['SalespersonEmail'])){$SalespersonEmail =
$_POST['SalespersonEmail'];} else {$SalespersonEmail = "";}
if (isset($_POST['SalespersonExt'])){$SalespersonExt =
$_POST['SalespersonExt'];} else {$SalespersonExt = "";}
if (isset($_POST['NameCampaign'])){$NameCampaign = $_POST['NameCampaign'];}
else {$NameCampaign = "";}
if (isset($_POST['SpecialInstructions'])){$SpecialInstructions =
$_POST['SpecialInstructions'];} else {$SpecialInstructions = "";}
if (isset($_POST['AdContactName'])){$AdContactName =
$_POST['AdContactName'];} else {$AdContactName = "";}
if (isset($_POST['AdContactPhone'])){$AdContactPhone =
$_POST['AdContactPhone'];} else {$AdContactPhone = "";}
if (isset($_POST['AdContactEmail'])){$AdContactEmail =
$_POST['AdContactEmail'];} else {$AdContactEmail = "";}
if (isset($_POST['Artwork'])){$Artwork = $_POST['Artwork'];} else {$Artwork
= "";}
if (isset($_POST['PrintMonth']) && isset($_POST['PrintDay']) &&
isset($_POST['PrintYear'])){
$PrintDate = $_POST['PrintYear'] ."-". $_POST['PrintMonth'] ."-".
$_POST['PrintDay'];
} else {
$PrintDate = "";
}
if (isset($_POST['ElectronicAd'])){$ElectronicAd = $_POST['ElectronicAd'];}
else {$ElectronicAd = "";}
if (isset($_POST['EmailProof'])){$EmailProof = $_POST['EmailProof'];} else
{$EmailProof = "";}
if (isset($_POST['ProofMonth']) && isset($_POST['ProofDay']) &&
isset($_POST['ProofYear'])){
$ProofDate = $_POST['ProofYear'] ."-". $_POST['ProofMonth'] ."-".
$_POST['ProofDay'];
} else {
$ProofDate = "";
}
if (isset($_POST['ArtInstructions'])){$ArtInstructions =
$_POST['ArtInstructions'];} else {$ArtInstructions = "";}
if (isset($_POST['Focus'])){$Focus = $_POST['Focus'];} else {$Focus = "";}
if (isset($_POST['BannerSize'])){$BannerSize =
implode($_POST['BannerSize'],',');} else {$BannerSize = "";}
if (isset($_POST['BannerSizeOther'])){$BannerSizeOther =
$_POST['BannerSizeOther'];} else {$BannerSizeOther = "";}
if (isset($_POST['BannerType'])){$BannerType =
implode($_POST['BannerType'],',');} else {$BannerType = "";}
if (isset($_POST['BannerTypeOther'])){$BannerTypeOther =
$_POST['BannerTypeOther'];} else {$BannerTypeOther = "";}
if (isset($_POST['ExtraImage1Desc'])){$ExtraImage1Desc =
$_POST['ExtraImage1Desc'];} else {$ExtraImage1Desc = "";}
if (isset($_POST['ExtraImage2Desc'])){$ExtraImage2Desc =
$_POST['ExtraImage2Desc'];} else {$ExtraImage2Desc = "";}
if (isset($_POST['ExtraImage3Desc'])){$ExtraImage3Desc =
$_POST['ExtraImage3Desc'];} else {$ExtraImage3Desc = "";}
if (isset($_POST['ExtraImage4Desc'])){$ExtraImage4Desc =
$_POST['ExtraImage4Desc'];} else {$ExtraImage4Desc = "";}
if (isset($_POST['ExtraImage5Desc'])){$ExtraImage5Desc =
$_POST['ExtraImage5Desc'];} else {$ExtraImage5Desc = "";}
if ($GO == "Save") {
$sql = "SELECT Name FROM admin WHERE AdminID='$AdminID'";
$result = mysql_query ($sql);
$row = mysql_fetch_object ($result);
$Notes = "~". date("F j, Y g:i a") ." - Work Order Submitted by ".
$row->Name ."\n";
$sql = "INSERT INTO workorders (CreatedDate, Location, WorkOrderName,
AdminID, FormName, Status, Notes) VALUES (";
$sql .= "Now(), '$Location', '$WorkOrderName', '$AdminID', 'WorkOrder',
'New Order', '$Notes')";
mysql_query($sql);
$WorkOrderID = mysql_insert_id();
if ($_FILES) {
if (isset($_FILES['ExtraImage1'])) {
if (is_uploaded_file ($_FILES['ExtraImage1']['tmp_name'])) {
$ImageExt = strtolower(end(explode('.',
$_FILES['ExtraImage1']['name'])));
$ExtraImage1Name = "Artwork/". $WorkOrderID ."_Image1.".
$ImageExt;
move_uploaded_file($_FILES['ExtraImage1']['tmp_name'],$ExtraImage1Name);
}
}
if (isset($_FILES['ExtraImage2'])) {
if (is_uploaded_file ($_FILES['ExtraImage2']['tmp_name'])) {
$ImageExt = strtolower(end(explode('.',
$_FILES['ExtraImage2']['name'])));
$ExtraImage2Name = "Artwork/". $WorkOrderID ."_Image2.".
$ImageExt;
move_uploaded_file($_FILES['ExtraImage2']['tmp_name'],$ExtraImage2Name);
}
}
if (isset($_FILES['ExtraImage3'])) {
if (is_uploaded_file ($_FILES['ExtraImage3']['tmp_name'])) {
$ImageExt = strtolower(end(explode('.',
$_FILES['ExtraImage3']['name'])));
$ExtraImage3Name = "Artwork/". $WorkOrderID ."_Image3.".
$ImageExt;
move_uploaded_file($_FILES['ExtraImage3']['tmp_name'],$ExtraImage3Name);
}
}
if (isset($_FILES['ExtraImage4'])) {
if (is_uploaded_file ($_FILES['ExtraImage4']['tmp_name'])) {
$ImageExt = strtolower(end(explode('.',
$_FILES['ExtraImage4']['name'])));
$ExtraImage4Name = "Artwork/". $WorkOrderID ."_Image4.".
$ImageExt;
move_uploaded_file($_FILES['ExtraImage4']['tmp_name'],$ExtraImage4Name);
}
}
if (isset($_FILES['ExtraImage5'])) {
if (is_uploaded_file ($_FILES['ExtraImage5']['tmp_name'])) {
$ImageExt = strtolower(end(explode('.',
$_FILES['ExtraImage5']['name'])));
$ExtraImage5Name = "Artwork/". $WorkOrderID ."_Image5.".
$ImageExt;
move_uploaded_file($_FILES['ExtraImage5']['tmp_name'],$ExtraImage5Name);
}
}
}
$sql .= "Now(), ";
$sql = "INSERT INTO workorderform (WorkOrderID, CreatedDate, IONumber,
OrderType, WorkOrderNumber, Advertiser, AccountNum, ";
$sql .= "Address, City, State, Zip, Phone, Fax, ContactName, URL,
AdvertisingAgency, ClickThru, Impressions, AdSize, ";
$sql .= "StartDate, EndDate, CPM, FlatRate, IncludeSites, Package,
Matrix, MatrixDate, Salesperson, SalespersonID, ";
$sql .= "SalespersonEmail, SalespersonExt, NameCampaign,
SpecialInstructions, AdContactName, AdContactPhone, AdContactEmail, ";
$sql .= "Artwork, PrintDate, ElectronicAd, EmailProof, ProofDate,
ArtInstructions, Focus, BannerSize, BannerSizeOther, ";
$sql .= "BannerType, BannerTypeOther, ExtraImage1, ExtraImage1Desc,
ExtraImage2, ExtraImage2Desc, ExtraImage3, ";
$sql .= "ExtraImage3Desc, ExtraImage4, ExtraImage4Desc, ExtraImage5,
ExtraImage5Desc) VALUES (";
$sql .= "'". mysql_real_escape_string($WorkOrderID) ."', ";
$sql .= "'". mysql_real_escape_string($IONumber) ."', ";
$sql .= "'". mysql_real_escape_string($OrderType) ."', ";
$sql .= "'". mysql_real_escape_string($WorkOrderNumber) ."', ";
$sql .= "'". mysql_real_escape_string($Advertiser) ."', ";
$sql .= "'". mysql_real_escape_string($AccountNum) ."', ";
$sql .= "'". mysql_real_escape_string($Address) ."', ";
$sql .= "'". mysql_real_escape_string($City) ."', ";
$sql .= "'". mysql_real_escape_string($State) ."', ";
$sql .= "'". mysql_real_escape_string($Zip) ."', ";
$sql .= "'". mysql_real_escape_string($Phone) ."', ";
$sql .= "'". mysql_real_escape_string($Fax) ."', ";
$sql .= "'". mysql_real_escape_string($ContactName) ."', ";
$sql .= "'". mysql_real_escape_string($URL) ."', ";
$sql .= "'". mysql_real_escape_string($AdvertisingAgency) ."', ";
$sql .= "'". mysql_real_escape_string($ClickThru) ."', ";
$sql .= "'". mysql_real_escape_string($Impressions) ."', ";
$sql .= "'". mysql_real_escape_string($AdSize) ."', ";
$sql .= "'". mysql_real_escape_string($StartDate) ."', ";
$sql .= "'". mysql_real_escape_string($EndDate) ."', ";
$sql .= "'". mysql_real_escape_string($CPM) ."', ";
$sql .= "'". mysql_real_escape_string($FlatRate) ."', ";
$sql .= "'". mysql_real_escape_string($IncludeSites) ."', ";
$sql .= "'". mysql_real_escape_string($Package) ."', ";
$sql .= "'". mysql_real_escape_string($Matrix) ."', ";
$sql .= "'". mysql_real_escape_string($MatrixDate) ."', ";
$sql .= "'". mysql_real_escape_string($Salesperson) ."', ";
$sql .= "'". mysql_real_escape_string($SalespersonID) ."', ";
$sql .= "'". mysql_real_escape_string($SalespersonEmail) ."', ";
$sql .= "'". mysql_real_escape_string($SalespersonExt) ."', ";
$sql .= "'". mysql_real_escape_string($NameCampaign) ."', ";
$sql .= "'". mysql_real_escape_string($SpecialInstructions) ."', ";
$sql .= "'". mysql_real_escape_string($AdContactName) ."', ";
$sql .= "'". mysql_real_escape_string($AdContactPhone) ."', ";
$sql .= "'". mysql_real_escape_string($AdContactEmail) ."', ";
$sql .= "'". mysql_real_escape_string($Artwork) ."', ";
$sql .= "'". mysql_real_escape_string($PrintDate) ."', ";
$sql .= "'". mysql_real_escape_string($ElectronicAd) ."', ";
$sql .= "'". mysql_real_escape_string($EmailProof) ."', ";
$sql .= "'". mysql_real_escape_string($ProofDate) ."', ";
$sql .= "'". mysql_real_escape_string($ArtInstructions) ."', ";
$sql .= "'". mysql_real_escape_string($Focus) ."', ";
$sql .= "'". mysql_real_escape_string($BannerSize) ."', ";
$sql .= "'". mysql_real_escape_string($BannerSizeOther) ."', ";
$sql .= "'". mysql_real_escape_string($BannerType) ."', ";
$sql .= "'". mysql_real_escape_string($BannerTypeOther) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage1Name) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage1Desc) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage2Name) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage2Desc) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage3Name) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage3Desc) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage4Name) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage4Desc) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage5Name) ."', ";
$sql .= "'". mysql_real_escape_string($ExtraImage5Desc) ."')";
mysql_query($sql);
$Message = "<HTML>";
$Message.= "<STYLE TYPE=\"text/css\">";
$Message.= "<!--";
$Message.= "body {font-size:12px; font-family:arial, sans-serif;}";
$Message.= "-->";
$Message.= "</STYLE>";
$Message.= "</HEAD>";
$Message.= "<body>";
$Message.= "A new online work order form was submitted.";
$Message.= "</body>";
$Message = wordwrap($Message, 70);
$Subject = "New Online Work Order Form";
$Email = "[EMAIL PROTECTED]";
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "To: [EMAIL PROTECTED]";
$headers .= "From: [EMAIL PROTECTED]";
@mail($Email, $Subject, $Message, $headers);
?>
<script language="javascript">
alert("Your Online Work Order has been received. \n\nThank You.");
window.location="Welcome.php?AdminID=<?php echo $AdminID; ?>";
</script>
<?php
exit();
}
?>
