Jump to content

what's wrong with this input validation scripts?

gege

By gege
in PHP Coding Help

Recommended Posts

gege Newbie

gege

Posted
Posted

i'm really sorry, if there is a word that makes you confused.

 

:-[

 

<?php
$ip = $_SERVER['REMOTE_ADDR'];

if($_POST['hapus']=='Hapus')
{
$qDelDetail = mysql_query("DELETE FROM tbl_u_pekerjaan WHERE id_u_pekerjaan = '".$_POST['id_u_pekerjaan']."'");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style>
.suggestion {
position:absolute;
background-color:#eee;
    border:1px solid #CCC;
    display: none;
    width:400px;
}

.suggestion ul{
    margin : 0 ;
    padding : 5px 5px ;
}

.suggestion ul li{
    padding-top : 2px ;
    cursor : pointer ;
    list-style : none ;
}

.suggestion ul li:hover{
    cursor : pointer ;
    list-style : none ;
    color : red ;
    /*font-weight : bold ;*/
}
#form1 #pagu1 {
border: 1px solid #999999;
height: 21px;
width: 355px;
}
</style>
</head>

<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td class="border_all" height="34" bgcolor="#CCCCCC"><strong><img src="image/icon_1.png" align="absmiddle" width="22" height="22" /> Pemeliharaan Komputer </strong></td>
  </tr>
  <tr>
    <td><hr size="1" color="#999999" /></td>
  </tr>
  <tr>
    <td>
      <table width="100%" border="0" cellspacing="2" cellpadding="3">
	<form id="form1" name="form1" method="post" action="">
        <tr>
      <td width="30%">Tahun Anggaran</td>
      <td width="2%">:</td>
      <td width="68%"><select name="thn_anggaran" id="thn_anggaran">
            <?php
	  $thn_on = date("Y");
		?>
            <option value="<?=$thn_on;?>"><?=$thn_on;?></option>
		<?php
	  for($i = 2000; $i <= $thn_on; $i++)
	  {
	  ?>
            <option value="<?=$i;?>"><?=$i;?></option>
            <?php
	  }
	  ?>
          </select></td>
    </tr>   
        <tr>
      <td width="30%">Jenis Anggaran</td>
      <td width="2%">:</td>
      <td width="68%"><select name="id_jns_anggaran">
	  <?php
	  include "conn_ra.php";
	  ?>
              <?php
	  $qRea = mysql_query("SELECT * FROM tbl_jns_anggaran ORDER BY id_jns_anggaran ASC");
	  while($dtRea = mysql_fetch_array($qRea))
	  {
	  ?>
              <option value="<?=$dtRea['id_jns_anggaran'];?>"><?=$dtRea['nm_jns_anggaran'];?></option>
              <?php 
	  }
	  ?>
          </select></td>
    </tr>
        <tr>
          <td align="left" valign="top">Nama Program</td>
          <td align="left" valign="top">:</td>
          <td align="left" valign="top"><input type="text" id="kd_program" name="kd_program" size="8" onkeyup="javascript:suggestme('program');" autocomplete="off" />
              <input type="text" id="nm_program" name="nm_program" size="50" onkeyup="javascript:suggestme('program');" autocomplete="off" />
              <div id="suggestion_program" class="suggestion"></div></td>
        </tr>
        <tr>
          <td align="left" valign="top">Nama Kegiatan</td>
          <td align="left" valign="top">:</td>
          <td align="left" valign="top"><input type="text" id="kd_kegiatan" name="kd_kegiatan" size="8" onkeyup="javascript:suggestme('kegiatan');" autocomplete="off" />
              <input type="text" id="nm_kegiatan" name="nm_kegiatan" size="50" onkeyup="javascript:suggestme('kegiatan');" autocomplete="off" />
              <div id="suggestion_kegiatan" class="suggestion"></div></td>
        </tr>
        <tr>
          <td align="left" valign="top">Nama Sub Kegiatan</td>
          <td align="left" valign="top">:</td>
          <td align="left" valign="top"><input type="text" id="kd_sub_kegiatan" name="kd_sub_kegiatan" size="8" onkeyup="javascript:suggestme('sub_kegiatan');" autocomplete="off" />
              <input type="text" id="nm_sub_kegiatan" name="nm_sub_kegiatan" size="50" onkeyup="javascript:suggestme('sub_kegiatan');" autocomplete="off" />
              <div id="suggestion_sub_kegiatan" class="suggestion"></div></td>
        </tr>
        <tr>
          <td align="left" valign="top">MAK</td>
          <td align="left" valign="top">:</td>
          <td align="left" valign="top"><input type="text" id="kd_mak" name="kd_mak" size="8" onkeyup="javascript:suggestme('mak');" autocomplete="off" />
              <input type="text" id="nm_mak" name="nm_mak" size="50" onkeyup="javascript:suggestme('mak');" autocomplete="off" />
              <div id="suggestion_mak" class="suggestion"></div></td>
        </tr>
        <!--
	<tr>
          <td align="left" valign="top"><strong>Pagu</strong></td>
          <td align="left" valign="top"><strong>:</strong></td>
          <td align="left" valign="top"><div id="pagu1"></div>
              <input name="pagu" type="text" id="pagu" size="60"  maxlength="250" /></td>
        </tr>
	-->
        <tr>
          <td width="30%"> Komputer </td>
          <td width="2%">:</td>
          <td width="68%"><select name="id_inventaris" id="id_inventaris">
          <?php
	  include "conn.php";
	  if(isset($_POST['id_inventaris']))
	  {
	  $qKomputer = mysql_query("SELECT a.id_inventaris, a.nmr_inventaris, a.merk, a.type, a.processor_type FROM v_inventaris a WHERE id_inventaris = '".$_POST['id_inventaris']."'");
	  $dtKomputer = mysql_fetch_array($qKomputer);
	  ?>
          <option value="<?=$dtKomputer['id_inventaris']?>"><?=$dtKomputer['nmr_inventaris'];?> | <?=$dtKomputer['merk'];?> <?=$dtKomputer['type'];?> <?=$dtKomputer['processor_type'];?></option>
           <?php
	   }else
	   {
	   ?>
		<option>-Pilih Komputer-</option>
		<?php
		}
		?>
          <?php
	  $qKomputer = mysql_query("SELECT a.id_inventaris, a.nmr_inventaris, a.merk, a.type, a.processor_type FROM v_inventaris a WHERE EXISTS ( SELECT b.id_inventaris FROM tbl_memiliki b WHERE a.id_inventaris = b.id_inventaris ) ORDER BY id_inventaris ASC");
	  while($dtKomputer = mysql_fetch_array($qKomputer))
	  {
	  ?>
          <option value="<?=$dtKomputer['id_inventaris']?>"><?=$dtKomputer['nmr_inventaris'];?> | <?=$dtKomputer['merk'];?> <?=$dtKomputer['type'];?> <?=$dtKomputer['processor_type'];?></option>
          <?
	  }
	  ?>
          </select>          </td>
        </tr>
        <tr>
          <td>Jenis Pemeliharaan </td>
          <td>:</td>
          <td><select name="id_jenis" id="id_jenis">
          <?php
	  include "conn.php";
	  if(isset($_POST['id_jenis']))
	  {
	  $qJenis = mysql_query("SELECT * FROM tbl_jenis WHERE id_jenis = '".$_POST['id_jenis']."'");
	  $dtJenis = mysql_fetch_array($qJenis);
	  ?>
	    <option value="<?=$dtJenis['id_jenis'];?>"><?=$dtJenis['nm_jenis'];?></option>
          <?php
	  }else
	  {
	  ?>
	    <option>-Pilih Jenis Pemeliharaan-</option>
          <?php
	  }
	  ?>
	  <?php
	  $qJenis = mysql_query("SELECT * FROM tbl_jenis ORDER BY id_jenis ASC");
	  while($dtJenis = mysql_fetch_array($qJenis))
	  {
	  ?>
	    <option value="<?=$dtJenis['id_jenis'];?>"><?=$dtJenis['nm_jenis'];?></option>
	  <?
	  }
	  ?>
          </select>          </td>
        </tr>
        <tr>
          <td>No. Surat/Memo</td>
          <td>:</td>
          <td><input name="no_surat" type="text" id="no_surat" size="50" /></td>
        </tr>
        <tr>
          <td>Tanggal Surat/Memo </td>
          <td>:</td>
          <td><input name="tgl_surat" type="text" id="tgl_surat" size="10" value="<?=$_POST['tgl_surat'];?>" />
            <script language="JavaScript" type="text/javascript">
		new tcal ({
			// form name
			'formname': 'form1',
			// input name
			'controlname': 'tgl_surat'
		});	
		</script></td>
        </tr>
        <tr>
          <td>Asal Surat </td>
          <td>:</td>
          <td><input name="asal_surat" type="text" id="asal_surat" size="50" /></td>
        </tr>
        <tr>
          <td>Penanggung Jawab Pemeliharaan </td>
          <td>:</td>
          <td><select name="nip" id="nip">
          <?php
	  if(isset($_POST['nip']))
	  {
	  $qNip = mysql_query("SELECT * FROM tbl_pegawai WHERE nip = '".$_POST['nip']."'");
	  $dtNip = mysql_fetch_array($qNip);
	  ?>
	    <option value="<?=$dtNip['nip'];?>"><?=$dtNip['nama'];?></option>
          <?php
	  }else
	  {
	  ?>
	    <option>-Pilih Penanggung Jawab Pemeliharaan-</option>
          <?php
	  }
	  ?>
	  <?php
	  $qNip = mysql_query("SELECT * FROM tbl_pegawai ORDER BY nama ASC");
	  while($dtNip = mysql_fetch_array($qNip))
	  {
	  ?>
	    <option value="<?=$dtNip['nip'];?>"><?=$dtNip['nama'];?></option>
	  <?
	  }
	  ?>
          </select>          </td>
        </tr>
        <tr>
          <td>No. SPK/Kuitansi </td>
          <td>:</td>
          <td><input name="no_spk" type="text" id="no_spk" size="50" /></td>
        </tr>
        <tr>
          <td>Tanggal SPK/Kuitansi </td>
          <td>:</td>
          <td><input name="tgl_pemeliharaan" type="text" id="tgl_pemeliharaan" size="10" value="<?=$_POST['tgl_pemeliharaan'];?>" />
          <script language="JavaScript" type="text/javascript">
		new tcal ({
			// form name
			'formname': 'form1',
			// input name
			'controlname': 'tgl_pemeliharaan'
		});	
		</script></td>
        </tr>
        
        <tr>
          <td align="left" valign="top">Nama Rekanan </td>
          <td align="left" valign="top">:</td>
          <td align="left" valign="top"><input name="nm_rekanan" value="<?=$_POST['nm_rekanan'];?>" type="text" id="nm_rekanan" size="35" /></td>
        </tr>
	<tr>
          <td> </td>
          <td> </td>
          <td><input type="submit" name="Submit" value="Simpan" /></td>
        </tr>
  <?php
  if($_POST['Submit']=='Simpan')
  {
  
 	// data sudah ada atau belum
	$qCr = mysql_query("SELECT id_pemeliharaan FROM tbl_pemeliharaan WHERE tgl_pemeliharaan = STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y') AND id_jenis = '".$_POST['id_jenis']."' AND nm_rekanan = '".$_POST['nm_rekanan']."' AND id_pemeliharaan = '".$_POST['id_pemeliharaan']."'");
	$dtCr = mysql_num_rows($qCr);

	if($dtCr <= 0)
	{
	/*
	$qId = mysql_query("SELECT id_pemeliharaan FROM tbl_pemeliharaan ORDER BY id_pemeliharaan DESC");
	$dtId = mysql_fetch_array($qId);

	$id_pemeliharaan = $dtId[0] + 1;
	$id_realisasi_anggaran = $dtId[0] + 1;		

  	$qInsertData = mysql_query("INSERT INTO tbl_pemeliharaan(id_pemeliharaan, id_inventaris, id_jenis, nip, tgl_input, tgl_pemeliharaan, nm_rekanan, no_surat, tgl_surat, asal_surat, no_spk) VALUES('".$id_pemeliharaan."', '".$_POST['id_inventaris']."', '".$_POST['id_jenis']."', '".$_POST['nip']."', CURRENT_DATE(), STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'), '".$_POST['nm_rekanan']."', '".$_POST['no_surat']."', STR_TO_DATE('".$_POST['tgl_surat']."','%m/%d/%Y'), '".$_POST['asal_surat']."', '".$_POST['no_spk']."')")or die(mysql_error());

include "include/conn_ra.php";
  	$qInsertData = mysql_query("INSERT INTO tbl_realisasi_anggaran(thn_anggaran, id_jns_anggaran, kd_program, kd_kegiatan, kd_sub_kegiatan, kd_bas, tgl_realisasi) VALUES('".$_POST['thn_anggaran']."', '".$_POST['id_jns_anggaran']."', '".$_POST['kd_program']."', '".$_POST['kd_kegiatan']."', '".$_POST['kd_sub_kegiatan']."', '".$_POST['kd_bas']."', STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'))")or die(mysql_error());
	*/

	$qId = mysql_query("SELECT id_pemeliharaan FROM tbl_pemeliharaan ORDER BY id_pemeliharaan DESC");
	$dtId = mysql_fetch_array($qId);
	$id_pemeliharaan = $dtId[0] + 1;

	include("conn_ra.php");
	$kd_sub_sistem = "PMKOM-".$id_pemeliharaan; //kd sub sistem di sistem anggaran

	$queryAlokasi = "SELECT alokasi_anggaran FROM tbl_alokasi_anggaran
				WHERE thn_anggaran = '".$_POST['thn_anggaran']."' AND id_jns_anggaran = '".$_POST['id_jns_anggaran']."' AND kd_program = '".$_POST['kd_program']."' 
				AND kd_kegiatan = '".$_POST['kd_kegiatan']."' AND kd_sub_kegiatan = '".$_POST['kd_sub_kegiatan']."' AND kd_bas = '".$_POST['kd_mak']."' 
				AND pj_anggaran = 'Bagian Sistem Informasi'";

	$qAlokasi = mysql_query($queryAlokasi);
	$dtAlokasi = mysql_fetch_array($qAlokasi);

	$queryRealisasi = "SELECT realisasi_anggaran FROM tbl_realisasi_anggaran
				WHERE thn_anggaran = '".$_POST['thn_anggaran']."' AND id_jns_anggaran = '".$_POST['id_jns_anggaran']."' AND kd_program = '".$_POST['kd_program']."' 
				AND kd_kegiatan = '".$_POST['kd_kegiatan']."' AND kd_sub_kegiatan = '".$_POST['kd_sub_kegiatan']."' AND kd_bas = '".$_POST['kd_mak']."' 
				AND pj_anggaran = 'Bagian Sistem Informasi'";

	$qRealisasi = mysql_query($queryRealisasi);
	$dtRealisasi = mysql_fetch_array($qRealisasi);
	$sisaAnggaran = $dtAlokasi['alokasi_anggaran'] - $dtRealisasi['realisasi_anggaran'];

	$qInsertAnggaran = mysql_query("INSERT INTO tbl_realisasi_anggaran(thn_anggaran, id_jns_anggaran, kd_program, kd_kegiatan, kd_sub_kegiatan, kd_bas, kd_sub_sistem, 
	pj_anggaran, tgl_realisasi) VALUES('".$_POST['thn_anggaran']."', '".$_POST['id_jns_anggaran']."', '".$_POST['kd_program']."', '".$_POST['kd_kegiatan']."', 
	'".$_POST['kd_sub_kegiatan']."', '".$_POST['kd_mak']."', '".$kd_sub_sistem."', 'Bagian Sistem Informasi', STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'))") or die(mysql_error());

	mysql_close($link1);

	include("conn.php");
	/*
	$qInsertData = mysql_query("INSERT INTO tbl_pemeliharaan(thn_anggaran, id_jns_anggaran, kd_program, kd_kegiatan, kd_sub_kegiatan, kd_bas, id_pemeliharaan, 
	id_kendaraan, id_jenis, nip, tgl_input, tgl_pemeliharaan, nm_bengkel, no_surat, tgl_surat, asl_surat, no_spk, pagu) 
	VALUES('".$_POST['thn_anggaran']."', '".$_POST['id_jns_anggaran']."', '".$_POST['kd_program']."', '".$_POST['kd_kegiatan']."', 
	'".$_POST['kd_sub_kegiatan']."', '".$_POST['kd_mak']."','".$id_pemeliharaan."', '".$_POST['id_kendaraan']."', '".$_POST['id_jenis']."', '".$_POST['nip']."', 
	CURRENT_DATE(), STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'), '".$_POST['nm_bengkel']."', '".$_POST['no_surat']."', 
	STR_TO_DATE('".$_POST['tgl_surat']."','%m/%d/%Y'), '".$_POST['asl_surat']."', '".$_POST['no_spk']."', '".$sisaAnggaran."')") or die(mysql_error());
	*/

	 if(empty($_POST['thn_anggaran']) OR empty($_POST['id_jns_anggaran']) OR empty($_POST['kd_program']) OR empty($_POST['kd_kegiatan']) OR empty($_POST['kd_sub_kegiatan'])OR empty($_POST['kd_mak'])OR empty($_POST['id_inventaris'])OR empty($_POST['id_jenis'])OR empty($_POST['no_surat'])OR empty($_POST['tgl_surat'])OR empty($_POST['asal_surat'])OR empty($_POST['nip'])OR empty($_POST['no_spk'])OR empty($_POST['tgl_pemeliharaan'])OR empty($_POST['nm_rekanan']))
        {
        echo '<script>alert("Data masih ada yang kosong!");</script>';
        echo '<html><head>
            <meta http-equiv="refresh" content="0;url=index.php?p=tambah_pemeliharaan">
            </head></html>';
        }
        elseif($qInsertData = mysql_query("INSERT INTO tbl_pemeliharaan(thn_anggaran, id_jns_anggaran, kd_program, kd_kegiatan, kd_sub_kegiatan, kd_bas, id_pemeliharaan, id_inventaris, id_jenis, nip, tgl_input, tgl_pemeliharaan, nm_rekanan, no_surat, tgl_surat, asal_surat, no_spk) VALUES('".$_POST['thn_anggaran']."', '".$_POST['id_jns_anggaran']."', '".$_POST['kd_program']."', '".$_POST['kd_kegiatan']."', '".$_POST['kd_sub_kegiatan']."', '".$_POST['kd_mak']."','".$id_pemeliharaan."', '".$_POST['id_inventaris']."', '".$_POST['id_jenis']."', '".$_POST['nip']."', CURRENT_DATE(), STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'), '".$_POST['nm_rekanan']."', '".$_POST['no_surat']."', STR_TO_DATE('".$_POST['tgl_surat']."','%m/%d/%Y'), '".$_POST['asal_surat']."', '".$_POST['no_spk']."')") or die(mysql_error()))

	/*if($qInsertData)
	{*/
	 ?>{
		 <script type="text/javascript">
		 var answer = confirm("Input data berhasil, Lanjutkan ke uraian pekerjaan ?")
		 if (answer)
		 {
			window.location = "index.php?p=u_pekerjaan&id_pemeliharaan=<?=$id_pemeliharaan;?>";
		 }
		 else{
			window.location = "index.php?p=pemeliharaan";
		 }

		</script> }
	 <?
	/*}else
	{
		echo ("<script> alert (\"Input data gagal dilakukan !!\");</script><br>");
		echo "<html><head>
			<meta http-equiv='refresh' content='0;url=index.php?p=tambah_pemeliharaan'>
			</head></html>";
	}*/
	}
	else
	{
		echo ("<script> alert (\"Data yang dimasukkan sudah ada\");</script><br>");
		echo "<html><head>
			<meta http-equiv='refresh' content='0;url=index.php?p=pemeliharaan'>
			</head></html>";
	}

  }
  ?>
      
	</form>
      </table>
    </td>
  </tr>
  <tr>
    <td><hr size="1" color="#999999" /></td>
  </tr>
</table>
</body>
</html>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.