Here is the PHP code for the whole page:
<?php require_once('../../../Connections/connWill.php'); ?><?php//initialize the sessionif (!isset($_SESSION)) { session_start();}//session_register("studentID");//$studentID = $HTTP_POST_VARS['txtStudent'];// ** Logout the current user. **$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){ $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);}if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){ //to fully log out a visitor we need to clear the session varialbles $_SESSION['MM_Username'] = NULL; $_SESSION['MM_UserGroup'] = NULL; $_SESSION['PrevUrl'] = NULL; unset($_SESSION['MM_Username']); unset($_SESSION['MM_UserGroup']); unset($_SESSION['PrevUrl']); $logoutGoTo = "../index.php"; if ($logoutGoTo) { header("Location: $logoutGoTo"); exit; }}?><?phpif (!isset($_SESSION)) { session_start();}$MM_authorizedUsers = "";$MM_donotCheckaccess = "true";// *** Restrict Access To Page: Grant or deny access to this pagefunction isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid;}$MM_restrictGoTo = "../accessDenied.php";if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit;}?><?phpif (!function_exists("GetSQLValueString")) {function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = ""){ if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue;}}$editFormAction = $_SERVER['PHP_SELF'];if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);}if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2")) { $insertSQL = sprintf("INSERT IGNORE INTO textbooktable (authorLastName, authorFirstName, title, edition, isbn, publisher, pages, format, subject, amx) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['authorLastName'], "text"), GetSQLValueString($_POST['authorFirstName'], "text"), GetSQLValueString($_POST['title'], "text"), GetSQLValueString($_POST['edition'], "text"), GetSQLValueString($_POST['isbn'], "int"), GetSQLValueString($_POST['publisher'], "text"), GetSQLValueString($_POST['pages'], "int"), GetSQLValueString($_POST['format'], "text"), GetSQLValueString($_POST['subject'], "text"), GetSQLValueString($_POST['amx'], "text")); mysql_select_db($database_connWill, $connWill); $Result1 = mysql_query($insertSQL, $connWill) or die(mysql_error()); $insertGoTo = "requestChapters.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); $studentVar = $_SESSION['studentID']; mysql_select_db($database_connWill, $connWill);$sql="INSERT INTO tblstudentbookjunc (studentID, bookID)VALUES(" .$studentVar. ",LAST_INSERT_ID())";if (!mysql_query($sql,$connWill)) { die('Error: ' . mysql_error()); }echo "1 record added"; }mysql_select_db($database_connWill, $connWill);$query_rsStudents = "SELECT * FROM students";$rsStudents = mysql_query($query_rsStudents, $connWill) or die(mysql_error());$row_rsStudents = mysql_fetch_assoc($rsStudents);$totalRows_rsStudents = mysql_num_rows($rsStudents);?>