diff options
author | Daniel Friesel <derf@finalrewind.org> | 2011-06-02 23:41:50 +0200 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2011-06-02 23:41:50 +0200 |
commit | cb1736d180ce91cb8b66acfe6cf7cede3a04d097 (patch) | |
tree | c14d968c14d362b99d5450ebca938c9895bfb191 /includes/pages | |
parent | 3afd05636e46aedb53e1c1d954d23d6563b5e104 (diff) |
include/pages/admin_angel_types: Cleanup; add strip_request_item function
Diffstat (limited to 'includes/pages')
-rw-r--r-- | includes/pages/admin_angel_types.php | 162 |
1 files changed, 26 insertions, 136 deletions
diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php index ba2e5325..c5283899 100644 --- a/includes/pages/admin_angel_types.php +++ b/includes/pages/admin_angel_types.php @@ -1,22 +1,36 @@ <?php + function admin_angel_types() { $html = ""; if (!isset ($_REQUEST['action'])) { + $table = ""; $angel_types = sql_select("SELECT * FROM `AngelTypes` ORDER BY `Name`"); + foreach ($angel_types as $angel_type) - $table .= '<tr><td>' . $angel_type['Name'] . '</td><td>' . $angel_type['Man'] . '</td><td><a href="' . page_link_to("admin_angel_types") . '&action=edit&id=' . $angel_type['TID'] . '">Edit</a></td></tr>'; + $table .= sprintf( + '<tr><td>%s</td><td>%s</td><td>' + . '<a href="%s&action=edit&id=%s">Edit</a></td></tr>', + $angel_type['Name'], $angel_type['Man'], + page_link_to("admin_angel_types"), + $angel_type['TID'] + ); $html .= template_render('../templates/admin_angel_types.html', array ( 'link' => page_link_to("admin_angel_types"), 'table' => $table )); + } else { + switch ($_REQUEST['action']) { + case 'create' : - $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name'])); - $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['man'])); + $name = strip_request_item("name"); + $man = strip_request_item("man"); + sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'"); + header("Location: " . page_link_to("admin_angel_types")); break; @@ -30,11 +44,12 @@ function admin_angel_types() { if (count($angel_type) > 0) { list ($angel_type) = $angel_type; - $html .= template_render('../templates/admin_angel_types_edit_form.html', array ( - 'link' => page_link_to("admin_angel_types"), - 'id' => $id, - 'name' => $angel_type['Name'], - 'man' => $angel_type['Man'] + $html .= template_render( + '../templates/admin_angel_types_edit_form.html', array ( + 'link' => page_link_to("admin_angel_types"), + 'id' => $id, + 'name' => $angel_type['Name'], + 'man' => $angel_type['Man'] )); } else return error("No Angel Type found."); @@ -50,8 +65,9 @@ function admin_angel_types() { if (count($angel_type) > 0) { list ($angel_type) = $angel_type; - $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name'])); - $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['man'])); + $name = strip_request_item("name"); + $man = strip_request_item("man"); + sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_angel_types")); } else @@ -76,131 +92,5 @@ function admin_angel_types() { } return $html; - $Sql = "SELECT * FROM `EngelType` ORDER BY `NAME`"; - $Erg = mysql_query($Sql, $con); - - if (!IsSet ($_GET["action"])) { - echo "Hallo " . $_SESSION['Nick'] . - ",<br />\nhier hast du die Möglichkeit, neue Engeltypen für die Schichtpläne einzutragen " . - "oder vorhandene abzuändern:<br /><br />\n"; - - echo "<a href=\"./EngelType.php?action=new\">- Neuen EngelType eintragen</a><br />\n"; - - echo "<table width=\"100%\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; - echo "<tr class=\"contenttopic\">\n"; - - for ($i = 1; $i < mysql_num_fields($Erg); $i++) { - echo "\t<td>" . mysql_field_name($Erg, $i) . "</td>"; - } - echo "\t<td>Ändern</td>"; - echo "</tr>"; - - for ($t = 0; $t < mysql_num_rows($Erg); $t++) { - echo "\t<tr class=\"content\">\n"; - for ($j = 1; $j < mysql_num_fields($Erg); $j++) { - echo "\t\t<td>" . mysql_result($Erg, $t, $j) . "</td>\n"; - } - echo "\t\t<td><a href=\"./EngelType.php?action=change&TID=" . mysql_result($Erg, $t, "TID") . "\">###</a></td>\n"; - echo "\t</tr>\n"; - } // ende Auflistung Raeume - echo "</table>"; - } else { - - switch ($_GET["action"]) { - - case 'new' : - echo "Neuen EngelType einrichten: <br />"; - echo "<form action=\"./EngelType.php\" method=\"GET\">\n"; - echo "<table>\n"; - - for ($Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++) { - echo "<td>" . mysql_field_name($Erg, $Uj) . "</td>" . - "<td><input type=\"text\" size=\"40\" name=\"" . mysql_field_name($Erg, $Uj) . "\"></td></tr>\n"; - } - echo "</table>\n"; - echo "<input type=\"hidden\" name=\"action\" value=\"newsave\">\n"; - echo "<input type=\"submit\" value=\"sichern...\">\n"; - echo "</form>"; - break; - - case 'newsave' : - $vars = $_GET; - $count = count($vars) - 1; - $vars = array_splice($vars, 0, $count); - $Keys = ""; - $Values = ""; - foreach ($vars as $key => $value) { - $Keys .= ", `$key`"; - $Values .= ", '$value'"; - } - - if (runSQL_log("INSERT INTO `EngelType` (" . substr($Keys, 2) . ") VALUES (" . substr($Values, 2) . ")", "save new EngelType")) { - SetHeaderGo2Back(); - - $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='" . $_GET["Name"] . "'"; - $ERG = mysql_query($SQL2, $con); - - if (mysql_num_rows($ERG) == 1) - runSQL_log("ALTER TABLE `Room` ADD `DEFAULT_EID_" . mysql_result($ERG, 0, 0) . - "` INT DEFAULT '0' NOT NULL;", "add new EngelType in Romm Table"); - } - break; - - case 'change' : - if (!IsSet ($_GET["TID"])) - echo "Fehlerhafter Aufruf!"; - else { - echo "Raum abändern:\n"; - echo "Hier kannst du eintragen, den EngelType ändern."; - echo "<form action=\"./EngelType.php\" method=\"GET\">\n"; - echo "<table>\n"; - - $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='" . $_GET["TID"] . "'"; - $ERG = mysql_query($SQL2, $con); - - for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++) - echo "<tr><td>" . mysql_field_name($ERG, $Uj) . "</td>" . - "<td><input type=\"text\" size=\"40\" name=\"e" . mysql_field_name($ERG, $Uj) . "\" " . - "value=\"" . mysql_result($ERG, 0, $Uj) . "\"></td></tr>\n"; - - echo "</table>\n"; - echo "<input type=\"hidden\" name=\"eTID\" value=\"" . $_GET["TID"] . "\">\n"; - echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n"; - echo "<input type=\"submit\" value=\"sichern...\">\n"; - echo "</form>"; - echo "<form action=\"./EngelType.php\" method=\"GET\">\n"; - echo "<input type=\"hidden\" name=\"TID\" value=\"" . $_GET["TID"] . "\">\n"; - echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n"; - echo "<input type=\"submit\" value=\"Löschen...\">"; - echo "</form>"; - } - break; - - case 'changesave' : - $vars = $_GET; - $count = count($vars) - 2; - $vars = array_splice($vars, 0, $count); - $keys = ""; - $sql = ""; - foreach ($vars as $key => $value) { - $keys = substr($key, 1); - $sql .= ", `" . $keys . "`='" . $value . "'"; - } - runSQL_log("UPDATE `EngelType` SET " . substr($sql, 2) . " WHERE `TID`='" . $_GET["eTID"] . "'", "Save Change EngelType"); - SetHeaderGo2Back(); - break; - - case 'delete' : - if (IsSet ($_GET["TID"])) { - if (runSQL_log("DELETE FROM `EngelType` WHERE `TID`='" . $_GET["TID"] . "'", "delete EngelType")) - runSQL_log("ALTER TABLE `Room` DROP `DEFAULT_EID_" . $_GET["TID"] . "`;", "delete EngelType in Room Table"); - } else - echo "Fehlerhafter Aufruf"; - SetHeaderGo2Back(); - break; - } - } - - include ("includes/footer.php"); } ?> |