diff options
-rwxr-xr-x | admin/EngelType.php | 58 | ||||
-rwxr-xr-x | admin/room.php | 33 |
2 files changed, 48 insertions, 43 deletions
diff --git a/admin/EngelType.php b/admin/EngelType.php index 5e3aef49..964d861b 100755 --- a/admin/EngelType.php +++ b/admin/EngelType.php @@ -7,16 +7,17 @@ include ("./inc/funktion_user.php"); function runSQL( $SQL) { include( "./inc/db.php"); - echo $SQL; // hier muesste das SQL ausgefuehrt werden... $Erg = mysql_query($SQL, $con); if ($Erg == 1) { - echo "Änderung wurde gesichert...<br>"; - return 1; + echo "Änderung wurde gesichert...<br>"; + echo "[$SQL]<br>"; + return 1; } else { - echo "Fehler beim speichern... bitte noch ein mal probieren :)"; - echo "<br><br>".mysql_error( $con ). "<br>"; - return 0; + echo "Fehler beim speichern... bitte noch ein mal probieren :)"; + echo "<br><br>".mysql_error( $con ). "<br>"; + echo "[$SQL]<br>"; + return 0; } } @@ -24,7 +25,7 @@ function runSQL( $SQL) $Sql = "SELECT * FROM `EngelType`"; $Erg = mysql_query($Sql, $con); -if( !IsSet($action) ) +if( !IsSet($_GET["action"]) ) { echo "Hallo ".$_SESSION['Nick']. ",<br>\nhier hast du die Möglichkeit, neue Engeltypen für die Schichtpläne einzutragen ". @@ -57,11 +58,11 @@ if( !IsSet($action) ) else { -switch ($action) { +switch ($_GET["action"]) { case 'new': echo "Neuen EngelType einrichten: <br>"; - echo "<form action=\"./EngelType.php\" method=\"POST\">\n"; + echo "<form action=\"./EngelType.php\" method=\"GET\">\n"; echo "<table>\n"; for( $Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++ ) @@ -76,9 +77,11 @@ case 'new': break; case 'newsave': - $vars = $HTTP_POST_VARS; + $vars = $HTTP_GET_VARS; $count = count($vars) - 1; $vars = array_splice($vars, 0, $count); + $Keys=""; + $Values=""; foreach($vars as $key => $value){ $Keys .= ", `$key`"; $Values .= ", '$value'"; @@ -88,7 +91,7 @@ case 'newsave': { SetHeaderGo2Back(); - $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='". $_POST["Name"]. "'"; + $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='". $_GET["Name"]. "'"; $ERG = mysql_query($SQL2, $con); if( mysql_num_rows($ERG) == 1) @@ -99,7 +102,7 @@ case 'newsave': break; case 'change': - if (! IsSet($TID)) { + if (! IsSet($_GET["TID"])) { echo "Fehlerhafter Aufruf!"; } else { @@ -107,25 +110,25 @@ case 'change': echo "Hier kannst du eintragen, den EngelType ändern."; - echo "<form action=\"./EngelType.php\" method=\"POST\">\n"; + echo "<form action=\"./EngelType.php\" method=\"GET\">\n"; echo "<table>\n"; - $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='$TID'"; + $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='". $_GET["TID"]. "'"; $ERG = mysql_query($SQL2, $con); for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++) { - echo "<tr><td>".mysql_field_name($ERG, $Uj)."</td>". - "<td><input type=\"text\" size=\"40\" name=\"e".mysql_field_name($ERG, $Uj)."\" ". - "value=\"".mysql_result($ERG, 0, $Uj)."\"></td></tr>\n"; + echo "<tr><td>". mysql_field_name($ERG, $Uj). "</td>". + "<td><input type=\"text\" size=\"40\" name=\"e". mysql_field_name($ERG, $Uj). "\" ". + "value=\"". mysql_result($ERG, 0, $Uj). "\"></td></tr>\n"; } echo "</table>\n"; - echo "<input type=\"hidden\" name=\"eTID\" value=\"$TID\">\n"; + echo "<input type=\"hidden\" name=\"eTID\" value=\"". $_GET["TID"]. "\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n"; echo "<input type=\"submit\" value=\"sichern...\">\n"; echo "</form>"; - echo "<form action=\"./EngelType.php\" method=\"POST\">\n"; - echo "<input type=\"hidden\" name=\"TID\" value=\"$TID\">\n"; + echo "<form action=\"./EngelType.php\" method=\"GET\">\n"; + echo "<input type=\"hidden\" name=\"TID\" value=\"". $_GET["TID"]. "\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n"; echo "<input type=\"submit\" value=\"Löschen...\">"; echo "</form>"; @@ -133,32 +136,31 @@ case 'change': break; case 'changesave': - $vars = $HTTP_POST_VARS; + $vars = $HTTP_GET_VARS; $count = count($vars) - 2; $vars = array_splice($vars, 0, $count); + $keys=""; + $sql=""; foreach($vars as $key => $value){ $keys = substr($key,1); $sql .= ", `".$keys."`='".$value."'"; - } - runSQL( "UPDATE `EngelType` SET ". substr($sql, 2). " WHERE `TID`='".$eTID."'"); + runSQL( "UPDATE `EngelType` SET ". substr($sql, 2). " WHERE `TID`='". $_GET["eTID"]. "'"); SetHeaderGo2Back(); break; case 'delete': - if (IsSet($TID)) + if (IsSet($_GET["TID"])) { - runSQL( "DELETE FROM `EngelType` WHERE `TID`='$TID'"); - runSQL( "ALTER TABLE `Room` DROP `DEFAULT_EID_$TID`;"); + runSQL( "DELETE FROM `EngelType` WHERE `TID`='". $_GET["TID"]. "'"); + runSQL( "ALTER TABLE `Room` DROP `DEFAULT_EID_". $_GET["TID"]. "`;"); } else { echo "Fehlerhafter Aufruf"; } SetHeaderGo2Back(); break; - } } - include ("./inc/footer.php"); ?> diff --git a/admin/room.php b/admin/room.php index a2cc7d13..3b8cb63c 100755 --- a/admin/room.php +++ b/admin/room.php @@ -8,7 +8,7 @@ include ("./inc/funktion_schichtplan.php"); $Sql = "SELECT * FROM `Room` ORDER BY Number, Name"; $Erg = mysql_query($Sql, $con); -if( !IsSet($action) ) +if( !IsSet($_GET["action"]) ) { echo "Hallo ".$_SESSION['Nick']. ",<br>\nhier hast du die Möglichkeit, neue Räume für die Schichtpläne einzutragen ". @@ -46,11 +46,11 @@ else UnSet($SQL); -switch ($action) { +switch ($_GET["action"]) { case 'new': echo "Neuen Raum einrichten: <br>"; - echo "<form action=\"./room.php\" method=\"POST\">\n"; + echo "<form action=\"./room.php\" method=\"GET\">\n"; echo "<table>\n"; for( $Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++ ) @@ -72,10 +72,13 @@ case 'new': break; case 'newsave': - $vars = $HTTP_POST_VARS; + $vars = $HTTP_GET_VARS; $count = count($vars) - 1; $vars = array_splice($vars, 0, $count); - foreach($vars as $key => $value){ + $Keys = ""; + $Values = ""; + foreach($vars as $key => $value) + { $Keys .= ", `$key`"; $Values .= ", '$value'"; } @@ -95,7 +98,7 @@ case 'newsave': break; case 'change': - if (! IsSet($RID)) { + if (! IsSet($_GET["RID"])) { echo "Fehlerhafter Aufruf!"; } else { @@ -103,10 +106,10 @@ case 'change': echo "Hier kannst du eintragen, welche und wieviele Engel für den Raum zur Verfügung stehen müssen."; - echo "<form action=\"./room.php\" method=\"POST\">\n"; + echo "<form action=\"./room.php\" method=\"GET\">\n"; echo "<table>\n"; - $SQL2 = "SELECT * FROM `Room` WHERE `RID`='$RID'"; + $SQL2 = "SELECT * FROM `Room` WHERE `RID`='". $_GET["RID"]. "'"; $ERG = mysql_query($SQL2, $con); for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++) @@ -123,12 +126,12 @@ case 'change': echo"</td></tr>\n"; } echo "</table>\n"; - echo "<input type=\"hidden\" name=\"eRID\" value=\"$RID\">\n"; + echo "<input type=\"hidden\" name=\"eRID\" value=\"". $_GET["RID"]. "\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n"; echo "<input type=\"submit\" value=\"sichern...\">\n"; echo "</form>"; - echo "<form action=\"./room.php\" method=\"POST\">\n"; - echo "<input type=\"hidden\" name=\"RID\" value=\"$RID\">\n"; + echo "<form action=\"./room.php\" method=\"GET\">\n"; + echo "<input type=\"hidden\" name=\"RID\" value=\"". $_GET["RID"]. "\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n"; echo "<input type=\"submit\" value=\"Löschen...\">"; echo "</form>"; @@ -137,7 +140,7 @@ case 'change': case 'changesave': $sql=""; - $vars = $HTTP_POST_VARS; + $vars = $HTTP_GET_VARS; $count = count($vars) - 2; $vars = array_splice($vars, 0, $count); foreach($vars as $key => $value){ @@ -145,13 +148,13 @@ case 'changesave': $sql .= ", `".$keys."`='".$value."' "; } - $SQL = "UPDATE `Room` SET ". substr($sql, 2). " WHERE `RID`='".$eRID."'"; + $SQL = "UPDATE `Room` SET ". substr($sql, 2). " WHERE `RID`='". $_GET["eRID"]. "'"; SetHeaderGo2Back(); break; case 'delete': - if (IsSet($RID)) { - $SQL="DELETE FROM `Room` WHERE `RID`='$RID'"; + if (IsSet($_GET["RID"])) { + $SQL="DELETE FROM `Room` WHERE `RID`='". $_GET["RID"]. "'"; } else { echo "Fehlerhafter Aufruf"; } |