summaryrefslogtreecommitdiff
path: root/nonpublic/schichtplan_add.php
diff options
context:
space:
mode:
Diffstat (limited to 'nonpublic/schichtplan_add.php')
-rwxr-xr-xnonpublic/schichtplan_add.php26
1 files changed, 14 insertions, 12 deletions
diff --git a/nonpublic/schichtplan_add.php b/nonpublic/schichtplan_add.php
index 33b25d2c..21a0b508 100755
--- a/nonpublic/schichtplan_add.php
+++ b/nonpublic/schichtplan_add.php
@@ -6,11 +6,11 @@ include ("./inc/funktion_user.php");
include ("./inc/funktion_schichtplan.php");
include ("./inc/funktionen.php");
-if (isset($newtext) && isset($SID) && isset($TID)) {
+if (isset($_POST["newtext"]) && isset($_POST["SID"]) && isset($_POST["TID"])) {
SetHeaderGo2Back();
// datum der einzutragenden schicht heraussuhen...
- $ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='$SID'";
+ $ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='". $_POST["SID"]. ".'";
$ShiftErg = mysql_query ($ShiftSQL, $con);
$beginSchicht = mysql_result($ShiftErg, 0, "DateS");
$endSchicht = mysql_result($ShiftErg, 0, "DateE");
@@ -34,7 +34,7 @@ if (isset($newtext) && isset($SID) && isset($TID)) {
{
//ermitteln der noch gesuchten
$SQL3 = "SELECT * FROM `ShiftEntry`".
- " WHERE ((`SID` = '$SID') and (`TID` = '$TID') and (`UID` = '0'));";
+ " WHERE ((`SID` = '". $_POST["SID"]. "') and (`TID` = '". $_POST["TID"]. "') and (`UID` = '0'));";
$Erg3 = mysql_query($SQL3, $con);
if( mysql_num_rows($Erg3) <= 0 )
@@ -44,8 +44,10 @@ if (isset($newtext) && isset($SID) && isset($TID)) {
//write shift
$SQL = "UPDATE `ShiftEntry` SET ".
"`UID` = '". $_SESSION['UID']. "', ".
- "`Comment` = '$newtext' ".
- "WHERE ((`SID` = '$SID') and (`TID` = '$TID') and (`UID` = '0')) LIMIT 1;";
+ "`Comment` = '". $_POST["newtext"]. "' ".
+ "WHERE ( (`SID` = '". $_POST["SID"]. "') and ".
+ "(`TID` = '". $_POST["TID"]. "') and ".
+ "(`UID` = '0')) LIMIT 1;";
$Erg = mysql_query($SQL, $con);
if ($Erg != 1)
@@ -56,13 +58,13 @@ if (isset($newtext) && isset($SID) && isset($TID)) {
}//TO Many USERS
}//Allready in Shift
}
-elseif (isset($SID) && isset($TID)) {
+elseif (isset($_GET["SID"]) && isset($_GET["TID"])) {
echo Get_Text("pub_schichtplan_add_Text1"). "<br><br>\n\n".
- "<form action=\"./schichtplan_add.php\" method=\"post\">".
- "<table border=\"0\">";
+ "<form action=\"./schichtplan_add.php\" method=\"post\">\n".
+ "<table border=\"0\">\n";
$SQL = "SELECT * FROM `Shifts` WHERE ";
- $SQL .="(SID = '".$SID."')";
+ $SQL .="(SID = '". $_GET["SID"]. "')";
$Erg = mysql_query($SQL, $con);
echo "<tr><td>". Get_Text("pub_schichtplan_add_Date"). ":</td> <td>".
@@ -72,7 +74,7 @@ elseif (isset($SID) && isset($TID)) {
$RoomID[ mysql_result($Erg, 0, "RID") ]. "</td></tr>\n";
echo "<tr><td>". Get_Text("pub_schichtplan_add_Job"). ":</td> <td>".
- $EngelTypeID[$TID]. "</td></tr>\n";
+ $EngelTypeID[$_GET["TID"]]. "</td></tr>\n";
echo "<tr><td>". Get_Text("pub_schichtplan_add_Len"). ":</td> <td>".
mysql_result($Erg, 0, "Len"). "h</td></tr>\n";
@@ -86,8 +88,8 @@ elseif (isset($SID) && isset($TID)) {
echo "<tr><td>&nbsp;</td>\n".
"<td><input type=\"submit\" value=\"". Get_Text("pub_schichtplan_add_submit"). "\"> </td></tr>\n".
"</table>\n".
- "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n".
- "<input type=\"hidden\" name=\"TID\" value=\"$TID\">\n".
+ "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n".
+ "<input type=\"hidden\" name=\"TID\" value=\"". $_GET["TID"]. "\">\n".
"</form>";
}