diff options
| author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2005-10-21 17:39:16 +0000 |
|---|---|---|
| committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2005-10-21 17:39:16 +0000 |
| commit | 1cccb4a2ad14a8f6e9d7dd79cc978f27b87de62f (patch) | |
| tree | 2b7a55630e1686a4d9f4ec635c06041c4889b0be | |
| parent | 1c8b0b3784cf5614652f5207b3bee6bd6234b2f9 (diff) | |
secure bugfix SQLcommand wurde nicht am programmstart geleert
ausgabe user frendly gestalltet
git-svn-id: svn://svn.cccv.de/engel-system@7 29ba0400-6e00-0410-a75a-ca02368028f8
| -rwxr-xr-x | admin/room.php | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/admin/room.php b/admin/room.php index b1faac70..a2cc7d13 100755 --- a/admin/room.php +++ b/admin/room.php @@ -21,7 +21,10 @@ if( !IsSet($action) ) for( $i = 1; $i < mysql_num_fields($Erg); $i++ ) { - echo "\t<td>". mysql_field_name($Erg, $i). "</td>"; + if( substr( mysql_field_name($Erg, $i), 0, 12) == "DEFAULT_EID_") + echo "\t<td> Anzahl ". $EngelTypeID[substr( mysql_field_name($Erg, $i), 12)]. "</td>"; + else + echo "\t<td>". mysql_field_name($Erg, $i)."</td>"; } echo "\t<td>Ändern</td>"; echo "</tr>"; @@ -52,11 +55,14 @@ case 'new': for( $Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++ ) { - echo "<td>".mysql_field_name($Erg, $Uj)."</td>". - "<td><input type=\"text\" size=\"40\" name=\"".mysql_field_name($Erg, $Uj)."\">"; //sonderfall fuer Default Engel if( substr( mysql_field_name($Erg, $Uj), 0, 12) == "DEFAULT_EID_") - echo " ". $EngelTypeID[substr( mysql_field_name($Erg, $Uj), 12)]; + $FeldName = "Anzahl ". $EngelTypeID[substr( mysql_field_name($Erg, $Uj), 12)]; + else + $FeldName = mysql_field_name($Erg, $Uj); + + echo "<td>$FeldName</td>". + "<td><input type=\"text\" size=\"40\" name=\"".mysql_field_name($Erg, $Uj)."\">"; echo "</td></tr>\n"; } echo "</table>\n"; @@ -105,12 +111,15 @@ case 'change': for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++) { - echo "<tr><td>".mysql_field_name($ERG, $Uj)."</td>". - "<td><input type=\"text\" size=\"40\" name=\"e".mysql_field_name($ERG, $Uj)."\" ". - "value=\"".mysql_result($ERG, 0, $Uj)."\">"; //sonderfall fuer Default Engel if( substr( mysql_field_name($ERG, $Uj), 0, 12) == "DEFAULT_EID_") - echo " ". $EngelTypeID[substr( mysql_field_name($ERG, $Uj), 12)]; + $FeldName = "Anzahl ". $EngelTypeID[substr( mysql_field_name($ERG, $Uj), 12)]; + else + $FeldName = mysql_field_name($ERG, $Uj); + + echo "<tr><td>$FeldName</td>". + "<td><input type=\"text\" size=\"40\" name=\"e".mysql_field_name($ERG, $Uj)."\" ". + "value=\"".mysql_result($ERG, 0, $Uj)."\">"; echo"</td></tr>\n"; } echo "</table>\n"; @@ -149,8 +158,8 @@ case 'delete': SetHeaderGo2Back(); break; -} -} +} //switch + // Update ??? @@ -166,5 +175,7 @@ if (IsSet($SQL)){ } } // Ende Update +} //IF IsSet($action) + include ("./inc/footer.php"); ?> |