summaryrefslogtreecommitdiff
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rwxr-xr-xadmin/EngelType.php58
-rwxr-xr-xadmin/room.php33
2 files changed, 48 insertions, 43 deletions
diff --git a/admin/EngelType.php b/admin/EngelType.php
index 5e3aef49..964d861b 100755
--- a/admin/EngelType.php
+++ b/admin/EngelType.php
@@ -7,16 +7,17 @@ include ("./inc/funktion_user.php");
function runSQL( $SQL)
{
include( "./inc/db.php");
- echo $SQL;
// hier muesste das SQL ausgefuehrt werden...
$Erg = mysql_query($SQL, $con);
if ($Erg == 1) {
- echo "&Auml;nderung wurde gesichert...<br>";
- return 1;
+ echo "&Auml;nderung wurde gesichert...<br>";
+ echo "[$SQL]<br>";
+ return 1;
} else {
- echo "Fehler beim speichern... bitte noch ein mal probieren :)";
- echo "<br><br>".mysql_error( $con ). "<br>";
- return 0;
+ echo "Fehler beim speichern... bitte noch ein mal probieren :)";
+ echo "<br><br>".mysql_error( $con ). "<br>";
+ echo "[$SQL]<br>";
+ return 0;
}
}
@@ -24,7 +25,7 @@ function runSQL( $SQL)
$Sql = "SELECT * FROM `EngelType`";
$Erg = mysql_query($Sql, $con);
-if( !IsSet($action) )
+if( !IsSet($_GET["action"]) )
{
echo "Hallo ".$_SESSION['Nick'].
",<br>\nhier hast du die M&ouml;glichkeit, neue Engeltypen f&uuml;r die Schichtpl&auml;ne einzutragen ".
@@ -57,11 +58,11 @@ if( !IsSet($action) )
else
{
-switch ($action) {
+switch ($_GET["action"]) {
case 'new':
echo "Neuen EngelType einrichten: <br>";
- echo "<form action=\"./EngelType.php\" method=\"POST\">\n";
+ echo "<form action=\"./EngelType.php\" method=\"GET\">\n";
echo "<table>\n";
for( $Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++ )
@@ -76,9 +77,11 @@ case 'new':
break;
case 'newsave':
- $vars = $HTTP_POST_VARS;
+ $vars = $HTTP_GET_VARS;
$count = count($vars) - 1;
$vars = array_splice($vars, 0, $count);
+ $Keys="";
+ $Values="";
foreach($vars as $key => $value){
$Keys .= ", `$key`";
$Values .= ", '$value'";
@@ -88,7 +91,7 @@ case 'newsave':
{
SetHeaderGo2Back();
- $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='". $_POST["Name"]. "'";
+ $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='". $_GET["Name"]. "'";
$ERG = mysql_query($SQL2, $con);
if( mysql_num_rows($ERG) == 1)
@@ -99,7 +102,7 @@ case 'newsave':
break;
case 'change':
- if (! IsSet($TID)) {
+ if (! IsSet($_GET["TID"])) {
echo "Fehlerhafter Aufruf!";
} else {
@@ -107,25 +110,25 @@ case 'change':
echo "Hier kannst du eintragen, den EngelType &auml;ndern.";
- echo "<form action=\"./EngelType.php\" method=\"POST\">\n";
+ echo "<form action=\"./EngelType.php\" method=\"GET\">\n";
echo "<table>\n";
- $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='$TID'";
+ $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='". $_GET["TID"]. "'";
$ERG = mysql_query($SQL2, $con);
for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++)
{
- echo "<tr><td>".mysql_field_name($ERG, $Uj)."</td>".
- "<td><input type=\"text\" size=\"40\" name=\"e".mysql_field_name($ERG, $Uj)."\" ".
- "value=\"".mysql_result($ERG, 0, $Uj)."\"></td></tr>\n";
+ echo "<tr><td>". mysql_field_name($ERG, $Uj). "</td>".
+ "<td><input type=\"text\" size=\"40\" name=\"e". mysql_field_name($ERG, $Uj). "\" ".
+ "value=\"". mysql_result($ERG, 0, $Uj). "\"></td></tr>\n";
}
echo "</table>\n";
- echo "<input type=\"hidden\" name=\"eTID\" value=\"$TID\">\n";
+ echo "<input type=\"hidden\" name=\"eTID\" value=\"". $_GET["TID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>";
- echo "<form action=\"./EngelType.php\" method=\"POST\">\n";
- echo "<input type=\"hidden\" name=\"TID\" value=\"$TID\">\n";
+ echo "<form action=\"./EngelType.php\" method=\"GET\">\n";
+ echo "<input type=\"hidden\" name=\"TID\" value=\"". $_GET["TID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n";
echo "<input type=\"submit\" value=\"L&ouml;schen...\">";
echo "</form>";
@@ -133,32 +136,31 @@ case 'change':
break;
case 'changesave':
- $vars = $HTTP_POST_VARS;
+ $vars = $HTTP_GET_VARS;
$count = count($vars) - 2;
$vars = array_splice($vars, 0, $count);
+ $keys="";
+ $sql="";
foreach($vars as $key => $value){
$keys = substr($key,1);
$sql .= ", `".$keys."`='".$value."'";
-
}
- runSQL( "UPDATE `EngelType` SET ". substr($sql, 2). " WHERE `TID`='".$eTID."'");
+ runSQL( "UPDATE `EngelType` SET ". substr($sql, 2). " WHERE `TID`='". $_GET["eTID"]. "'");
SetHeaderGo2Back();
break;
case 'delete':
- if (IsSet($TID))
+ if (IsSet($_GET["TID"]))
{
- runSQL( "DELETE FROM `EngelType` WHERE `TID`='$TID'");
- runSQL( "ALTER TABLE `Room` DROP `DEFAULT_EID_$TID`;");
+ runSQL( "DELETE FROM `EngelType` WHERE `TID`='". $_GET["TID"]. "'");
+ runSQL( "ALTER TABLE `Room` DROP `DEFAULT_EID_". $_GET["TID"]. "`;");
} else {
echo "Fehlerhafter Aufruf";
}
SetHeaderGo2Back();
break;
-
}
}
-
include ("./inc/footer.php");
?>
diff --git a/admin/room.php b/admin/room.php
index a2cc7d13..3b8cb63c 100755
--- a/admin/room.php
+++ b/admin/room.php
@@ -8,7 +8,7 @@ include ("./inc/funktion_schichtplan.php");
$Sql = "SELECT * FROM `Room` ORDER BY Number, Name";
$Erg = mysql_query($Sql, $con);
-if( !IsSet($action) )
+if( !IsSet($_GET["action"]) )
{
echo "Hallo ".$_SESSION['Nick'].
",<br>\nhier hast du die M&ouml;glichkeit, neue R&auml;ume f&uuml;r die Schichtpl&auml;ne einzutragen ".
@@ -46,11 +46,11 @@ else
UnSet($SQL);
-switch ($action) {
+switch ($_GET["action"]) {
case 'new':
echo "Neuen Raum einrichten: <br>";
- echo "<form action=\"./room.php\" method=\"POST\">\n";
+ echo "<form action=\"./room.php\" method=\"GET\">\n";
echo "<table>\n";
for( $Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++ )
@@ -72,10 +72,13 @@ case 'new':
break;
case 'newsave':
- $vars = $HTTP_POST_VARS;
+ $vars = $HTTP_GET_VARS;
$count = count($vars) - 1;
$vars = array_splice($vars, 0, $count);
- foreach($vars as $key => $value){
+ $Keys = "";
+ $Values = "";
+ foreach($vars as $key => $value)
+ {
$Keys .= ", `$key`";
$Values .= ", '$value'";
}
@@ -95,7 +98,7 @@ case 'newsave':
break;
case 'change':
- if (! IsSet($RID)) {
+ if (! IsSet($_GET["RID"])) {
echo "Fehlerhafter Aufruf!";
} else {
@@ -103,10 +106,10 @@ case 'change':
echo "Hier kannst du eintragen, welche und wieviele Engel f&uuml;r den Raum zur Verfügung stehen m&uuml;ssen.";
- echo "<form action=\"./room.php\" method=\"POST\">\n";
+ echo "<form action=\"./room.php\" method=\"GET\">\n";
echo "<table>\n";
- $SQL2 = "SELECT * FROM `Room` WHERE `RID`='$RID'";
+ $SQL2 = "SELECT * FROM `Room` WHERE `RID`='". $_GET["RID"]. "'";
$ERG = mysql_query($SQL2, $con);
for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++)
@@ -123,12 +126,12 @@ case 'change':
echo"</td></tr>\n";
}
echo "</table>\n";
- echo "<input type=\"hidden\" name=\"eRID\" value=\"$RID\">\n";
+ echo "<input type=\"hidden\" name=\"eRID\" value=\"". $_GET["RID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"changesave\">\n";
echo "<input type=\"submit\" value=\"sichern...\">\n";
echo "</form>";
- echo "<form action=\"./room.php\" method=\"POST\">\n";
- echo "<input type=\"hidden\" name=\"RID\" value=\"$RID\">\n";
+ echo "<form action=\"./room.php\" method=\"GET\">\n";
+ echo "<input type=\"hidden\" name=\"RID\" value=\"". $_GET["RID"]. "\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delete\">\n";
echo "<input type=\"submit\" value=\"L&ouml;schen...\">";
echo "</form>";
@@ -137,7 +140,7 @@ case 'change':
case 'changesave':
$sql="";
- $vars = $HTTP_POST_VARS;
+ $vars = $HTTP_GET_VARS;
$count = count($vars) - 2;
$vars = array_splice($vars, 0, $count);
foreach($vars as $key => $value){
@@ -145,13 +148,13 @@ case 'changesave':
$sql .= ", `".$keys."`='".$value."' ";
}
- $SQL = "UPDATE `Room` SET ". substr($sql, 2). " WHERE `RID`='".$eRID."'";
+ $SQL = "UPDATE `Room` SET ". substr($sql, 2). " WHERE `RID`='". $_GET["eRID"]. "'";
SetHeaderGo2Back();
break;
case 'delete':
- if (IsSet($RID)) {
- $SQL="DELETE FROM `Room` WHERE `RID`='$RID'";
+ if (IsSet($_GET["RID"])) {
+ $SQL="DELETE FROM `Room` WHERE `RID`='". $_GET["RID"]. "'";
} else {
echo "Fehlerhafter Aufruf";
}