function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "dati")) {
$insertSQL = sprintf("INSERT INTO t1 (a1, a2, a3, 1a, 2a1, 2a2, 2a3, 2a4, 2a5, 2a6, 2b, 3a, 3b, 4a) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['1_a1'], "text"),
GetSQLValueString($_POST['1_a2'], "text"),
GetSQLValueString($_POST['1_a3'], "text"),
GetSQLValueString($_POST['1_a4'], "text"),
GetSQLValueString($_POST['1_2a1'], "int"),
GetSQLValueString($_POST['1_2a2'], "int"),
GetSQLValueString($_POST['1_2a3'], "int"),
GetSQLValueString($_POST['1_2a4'], "int"),
GetSQLValueString($_POST['1_2a5'], "int"),
GetSQLValueString($_POST['1_2a6'], "int"),
GetSQLValueString($_POST['1_2b'], "text"),
GetSQLValueString($_POST['1_3a'], "int"),
GetSQLValueString($_POST['1_3b'], "text"),
GetSQLValueString($_POST['1_4a'], "int"));
mysql_select_db($database_prova, $prova);
$Result1 = mysql_query($insertSQL, $prova) or die(mysql_error());
$id = mysql_insert_id();
}