solebox · December 22, 2016 20:45
diff --git a/fuck.php b/fuck.php
 <?php 
            $server = "tcp:shirfisher.database.windows.net,1433"; 
            $user = "shirfisher";
            $pass = "Q1W2r4e3";
            $database = "shirfisher";
            $c = array("Database" => $database, "UID" => $user, "PWD" => $pass);
            sqlsrv_configure('WarningsReturnAsErrors', 0);
            $conn = sqlsrv_connect($server, $c);
            if($conn === false)
            {
                echo "error";
                die(print_r(sqlsrv_errors(), true));
            }		
            $sql = "SELECT car_parts.Part_id
                    FROM car_parts;";
 			$result = sqlsrv_query($conn, $sql);
 			while($row = sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC))
 			{
 				echo "<option value=".$row["car_parts.Part_id"].">".$row["car_parts.Part_name"]."</option>";
            }

            if ($_SERVER["REQUEST_METHOD"] == "POST") {
                if (empty($_POST["CAR_ID"])) {
                    $caridErr = "car ID is required";
                }
                else {
                    $carid = test_input($_POST["CAR_ID"]);
                    if ($_POST["CAR_ID"]<=9999999 & $_POST["CAR_ID"]>=1000000){
                         $sql = "INSERT INTO cars(Car_id) 
                         VALUES (".$_POST["CAR_ID"].");";
                         $result = sqlsrv_query($conn, $sql);
                    }
                    else {
                         $caridErr = "7 digits required";
                    }
                }
                if (empty($_POST["MODEL"])) {
                    $modelErr = "Car Model is required";
                }
                else {
                    $model = test_input($_POST["MODEL"]);
                    $sql = "INSERT INTO cars(Model) 
                    VALUES ('".$_POST["MODEL"]."');";
                    $result = sqlsrv_query($conn, $sql);
                }
                $sql = "INSERT INTO cars(Sub_model) 
                VALUES ('".$_POST["SUB_MODEL"]."');"; // should we reset the sum model variable? because if it doesnt get any value what are we inserting the database?
                $result = sqlsrv_query($conn, $sql);
                if (empty($_POST["YEAR_CAR"])) {
                    $caryearErr = "Car Year is required";
                }
                else {
                    $caryear = test_input($_POST["YEAR_CAR"]);
                    if ($_POST["YEAR_CAR"]<=9999 & $_POST["YEAR_CAR"]>=1000){
                        $sql = "INSERT INTO cars(Car_year) 
                        VALUES (".$_POST["YEAR_CAR"].");";
                        $result = sqlsrv_query($conn, $sql);
                    }
                    else {
                    $caryearErr = "4 digits required";
                    }
                }
                          
                if (empty($_POST["ENGINE_CAPACITY"])) {
                    $enginecapacityErr = "Engine Capacity is required";
                }
                else {
                    $enginecapacity = test_input($_POST["ENGINE_CAPACITY"]);
                    if ($_POST["ENGINE_CAPACITY"]<=10000) {
                        $sql = "INSERT INTO cars(Engine_capacity) 
                        VALUES (".$_POST["ENGINE_CAPACITY"].");";
                        $result = sqlsrv_query($conn, $sql);
                    }
                    else {
                    $enginecapacityErr = "Engine Capacity sould be under 10,000";
                    }
                }  
            }

            function test_input($data) {
                $data = trim($data);
                $data = stripslashes($data);
                $data = htmlspecialchars($data);
                return $data;
            }

            ?>
	<?php
	$server = "tcp:shirfisher.database.windows.net,1433";
	$user = "shirfisher";
	$pass = "Q1W2r4e3";
	$database = "shirfisher";
	$c = array("Database" => $database, "UID" => $user, "PWD" => $pass);
	sqlsrv_configure('WarningsReturnAsErrors', 0);
	$conn = sqlsrv_connect($server, $c);
	if($conn === false)
	{
	echo "error";
	die(print_r(sqlsrv_errors(), true));
	}
	$sql = "SELECT car_parts.Part_id
	FROM car_parts;";
	$result = sqlsrv_query($conn, $sql);
	while($row = sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC))
	{
	echo "<option value=".$row["car_parts.Part_id"].">".$row["car_parts.Part_name"]."</option>";
	}

	if ($_SERVER["REQUEST_METHOD"] == "POST") {
	if (empty($_POST["CAR_ID"])) {
	$caridErr = "car ID is required";
	}
	else {
	$carid = test_input($_POST["CAR_ID"]);
	if ($_POST["CAR_ID"]<=9999999 & $_POST["CAR_ID"]>=1000000){
	$sql = "INSERT INTO cars(Car_id)
	VALUES (".$_POST["CAR_ID"].");";
	$result = sqlsrv_query($conn, $sql);
	}
	else {
	$caridErr = "7 digits required";
	}
	}
	if (empty($_POST["MODEL"])) {
	$modelErr = "Car Model is required";
	}
	else {
	$model = test_input($_POST["MODEL"]);
	$sql = "INSERT INTO cars(Model)
	VALUES ('".$_POST["MODEL"]."');";
	$result = sqlsrv_query($conn, $sql);
	}
	$sql = "INSERT INTO cars(Sub_model)
	VALUES ('".$_POST["SUB_MODEL"]."');"; // should we reset the sum model variable? because if it doesnt get any value what are we inserting the database?
	$result = sqlsrv_query($conn, $sql);
	if (empty($_POST["YEAR_CAR"])) {
	$caryearErr = "Car Year is required";
	}
	else {
	$caryear = test_input($_POST["YEAR_CAR"]);
	if ($_POST["YEAR_CAR"]<=9999 & $_POST["YEAR_CAR"]>=1000){
	$sql = "INSERT INTO cars(Car_year)
	VALUES (".$_POST["YEAR_CAR"].");";
	$result = sqlsrv_query($conn, $sql);
	}
	else {
	$caryearErr = "4 digits required";
	}
	}

	if (empty($_POST["ENGINE_CAPACITY"])) {
	$enginecapacityErr = "Engine Capacity is required";
	}
	else {
	$enginecapacity = test_input($_POST["ENGINE_CAPACITY"]);
	if ($_POST["ENGINE_CAPACITY"]<=10000) {
	$sql = "INSERT INTO cars(Engine_capacity)
	VALUES (".$_POST["ENGINE_CAPACITY"].");";
	$result = sqlsrv_query($conn, $sql);
	}
	else {
	$enginecapacityErr = "Engine Capacity sould be under 10,000";
	}
	}
	}

	function test_input($data) {
	$data = trim($data);
	$data = stripslashes($data);
	$data = htmlspecialchars($data);
	return $data;
	}

	?>