diff options
Diffstat (limited to 'nonpublic/schichtplan_add.php')
| -rwxr-xr-x | nonpublic/schichtplan_add.php | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/nonpublic/schichtplan_add.php b/nonpublic/schichtplan_add.php index 33b25d2c..21a0b508 100755 --- a/nonpublic/schichtplan_add.php +++ b/nonpublic/schichtplan_add.php @@ -6,11 +6,11 @@ include ("./inc/funktion_user.php"); include ("./inc/funktion_schichtplan.php"); include ("./inc/funktionen.php"); -if (isset($newtext) && isset($SID) && isset($TID)) { +if (isset($_POST["newtext"]) && isset($_POST["SID"]) && isset($_POST["TID"])) { SetHeaderGo2Back(); // datum der einzutragenden schicht heraussuhen... - $ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='$SID'"; + $ShiftSQL = "SELECT `DateS`, `DateE` FROM `Shifts` WHERE `SID`='". $_POST["SID"]. ".'"; $ShiftErg = mysql_query ($ShiftSQL, $con); $beginSchicht = mysql_result($ShiftErg, 0, "DateS"); $endSchicht = mysql_result($ShiftErg, 0, "DateE"); @@ -34,7 +34,7 @@ if (isset($newtext) && isset($SID) && isset($TID)) { { //ermitteln der noch gesuchten $SQL3 = "SELECT * FROM `ShiftEntry`". - " WHERE ((`SID` = '$SID') and (`TID` = '$TID') and (`UID` = '0'));"; + " WHERE ((`SID` = '". $_POST["SID"]. "') and (`TID` = '". $_POST["TID"]. "') and (`UID` = '0'));"; $Erg3 = mysql_query($SQL3, $con); if( mysql_num_rows($Erg3) <= 0 ) @@ -44,8 +44,10 @@ if (isset($newtext) && isset($SID) && isset($TID)) { //write shift $SQL = "UPDATE `ShiftEntry` SET ". "`UID` = '". $_SESSION['UID']. "', ". - "`Comment` = '$newtext' ". - "WHERE ((`SID` = '$SID') and (`TID` = '$TID') and (`UID` = '0')) LIMIT 1;"; + "`Comment` = '". $_POST["newtext"]. "' ". + "WHERE ( (`SID` = '". $_POST["SID"]. "') and ". + "(`TID` = '". $_POST["TID"]. "') and ". + "(`UID` = '0')) LIMIT 1;"; $Erg = mysql_query($SQL, $con); if ($Erg != 1) @@ -56,13 +58,13 @@ if (isset($newtext) && isset($SID) && isset($TID)) { }//TO Many USERS }//Allready in Shift } -elseif (isset($SID) && isset($TID)) { +elseif (isset($_GET["SID"]) && isset($_GET["TID"])) { echo Get_Text("pub_schichtplan_add_Text1"). "<br><br>\n\n". - "<form action=\"./schichtplan_add.php\" method=\"post\">". - "<table border=\"0\">"; + "<form action=\"./schichtplan_add.php\" method=\"post\">\n". + "<table border=\"0\">\n"; $SQL = "SELECT * FROM `Shifts` WHERE "; - $SQL .="(SID = '".$SID."')"; + $SQL .="(SID = '". $_GET["SID"]. "')"; $Erg = mysql_query($SQL, $con); echo "<tr><td>". Get_Text("pub_schichtplan_add_Date"). ":</td> <td>". @@ -72,7 +74,7 @@ elseif (isset($SID) && isset($TID)) { $RoomID[ mysql_result($Erg, 0, "RID") ]. "</td></tr>\n"; echo "<tr><td>". Get_Text("pub_schichtplan_add_Job"). ":</td> <td>". - $EngelTypeID[$TID]. "</td></tr>\n"; + $EngelTypeID[$_GET["TID"]]. "</td></tr>\n"; echo "<tr><td>". Get_Text("pub_schichtplan_add_Len"). ":</td> <td>". mysql_result($Erg, 0, "Len"). "h</td></tr>\n"; @@ -86,8 +88,8 @@ elseif (isset($SID) && isset($TID)) { echo "<tr><td> </td>\n". "<td><input type=\"submit\" value=\"". Get_Text("pub_schichtplan_add_submit"). "\"> </td></tr>\n". "</table>\n". - "<input type=\"hidden\" name=\"SID\" value=\"$SID\">\n". - "<input type=\"hidden\" name=\"TID\" value=\"$TID\">\n". + "<input type=\"hidden\" name=\"SID\" value=\"". $_GET["SID"]. "\">\n". + "<input type=\"hidden\" name=\"TID\" value=\"". $_GET["TID"]. "\">\n". "</form>"; } |