From cb1736d180ce91cb8b66acfe6cf7cede3a04d097 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Thu, 2 Jun 2011 23:41:50 +0200 Subject: include/pages/admin_angel_types: Cleanup; add strip_request_item function --- includes/pages/admin_angel_types.php | 162 ++++++----------------------------- includes/sys_page.php | 11 ++- 2 files changed, 36 insertions(+), 137 deletions(-) diff --git a/includes/pages/admin_angel_types.php b/includes/pages/admin_angel_types.php index ba2e5325..c5283899 100644 --- a/includes/pages/admin_angel_types.php +++ b/includes/pages/admin_angel_types.php @@ -1,22 +1,36 @@ ' . $angel_type['Name'] . '' . $angel_type['Man'] . 'Edit'; + $table .= sprintf( + '%s%s' + . 'Edit', + $angel_type['Name'], $angel_type['Man'], + page_link_to("admin_angel_types"), + $angel_type['TID'] + ); $html .= template_render('../templates/admin_angel_types.html', array ( 'link' => page_link_to("admin_angel_types"), 'table' => $table )); + } else { + switch ($_REQUEST['action']) { + case 'create' : - $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name'])); - $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['man'])); + $name = strip_request_item("name"); + $man = strip_request_item("man"); + sql_query("INSERT INTO `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "'"); + header("Location: " . page_link_to("admin_angel_types")); break; @@ -30,11 +44,12 @@ function admin_angel_types() { if (count($angel_type) > 0) { list ($angel_type) = $angel_type; - $html .= template_render('../templates/admin_angel_types_edit_form.html', array ( - 'link' => page_link_to("admin_angel_types"), - 'id' => $id, - 'name' => $angel_type['Name'], - 'man' => $angel_type['Man'] + $html .= template_render( + '../templates/admin_angel_types_edit_form.html', array ( + 'link' => page_link_to("admin_angel_types"), + 'id' => $id, + 'name' => $angel_type['Name'], + 'man' => $angel_type['Man'] )); } else return error("No Angel Type found."); @@ -50,8 +65,9 @@ function admin_angel_types() { if (count($angel_type) > 0) { list ($angel_type) = $angel_type; - $name = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['name'])); - $man = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}]{1,})/ui", '', strip_tags($_REQUEST['man'])); + $name = strip_request_item("name"); + $man = strip_request_item("man"); + sql_query("UPDATE `AngelTypes` SET `Name`='" . sql_escape($name) . "', `Man`='" . sql_escape($man) . "' WHERE `TID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("admin_angel_types")); } else @@ -76,131 +92,5 @@ function admin_angel_types() { } return $html; - $Sql = "SELECT * FROM `EngelType` ORDER BY `NAME`"; - $Erg = mysql_query($Sql, $con); - - if (!IsSet ($_GET["action"])) { - echo "Hallo " . $_SESSION['Nick'] . - ",
\nhier hast du die Möglichkeit, neue Engeltypen für die Schichtpläne einzutragen " . - "oder vorhandene abzuändern:

\n"; - - echo "- Neuen EngelType eintragen
\n"; - - echo "\n"; - echo "\n"; - - for ($i = 1; $i < mysql_num_fields($Erg); $i++) { - echo "\t"; - } - echo "\t"; - echo ""; - - for ($t = 0; $t < mysql_num_rows($Erg); $t++) { - echo "\t\n"; - for ($j = 1; $j < mysql_num_fields($Erg); $j++) { - echo "\t\t\n"; - } - echo "\t\t\n"; - echo "\t\n"; - } // ende Auflistung Raeume - echo "
" . mysql_field_name($Erg, $i) . "Ändern
" . mysql_result($Erg, $t, $j) . "###
"; - } else { - - switch ($_GET["action"]) { - - case 'new' : - echo "Neuen EngelType einrichten:
"; - echo "
\n"; - echo "\n"; - - for ($Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++) { - echo "" . - "\n"; - } - echo "
" . mysql_field_name($Erg, $Uj) . "
\n"; - echo "\n"; - echo "\n"; - echo "
"; - break; - - case 'newsave' : - $vars = $_GET; - $count = count($vars) - 1; - $vars = array_splice($vars, 0, $count); - $Keys = ""; - $Values = ""; - foreach ($vars as $key => $value) { - $Keys .= ", `$key`"; - $Values .= ", '$value'"; - } - - if (runSQL_log("INSERT INTO `EngelType` (" . substr($Keys, 2) . ") VALUES (" . substr($Values, 2) . ")", "save new EngelType")) { - SetHeaderGo2Back(); - - $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='" . $_GET["Name"] . "'"; - $ERG = mysql_query($SQL2, $con); - - if (mysql_num_rows($ERG) == 1) - runSQL_log("ALTER TABLE `Room` ADD `DEFAULT_EID_" . mysql_result($ERG, 0, 0) . - "` INT DEFAULT '0' NOT NULL;", "add new EngelType in Romm Table"); - } - break; - - case 'change' : - if (!IsSet ($_GET["TID"])) - echo "Fehlerhafter Aufruf!"; - else { - echo "Raum abändern:\n"; - echo "Hier kannst du eintragen, den EngelType ändern."; - echo "
\n"; - echo "\n"; - - $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='" . $_GET["TID"] . "'"; - $ERG = mysql_query($SQL2, $con); - - for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++) - echo "" . - "\n"; - - echo "
" . mysql_field_name($ERG, $Uj) . "
\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "
"; - echo "
\n"; - echo "\n"; - echo "\n"; - echo ""; - echo "
"; - } - break; - - case 'changesave' : - $vars = $_GET; - $count = count($vars) - 2; - $vars = array_splice($vars, 0, $count); - $keys = ""; - $sql = ""; - foreach ($vars as $key => $value) { - $keys = substr($key, 1); - $sql .= ", `" . $keys . "`='" . $value . "'"; - } - runSQL_log("UPDATE `EngelType` SET " . substr($sql, 2) . " WHERE `TID`='" . $_GET["eTID"] . "'", "Save Change EngelType"); - SetHeaderGo2Back(); - break; - - case 'delete' : - if (IsSet ($_GET["TID"])) { - if (runSQL_log("DELETE FROM `EngelType` WHERE `TID`='" . $_GET["TID"] . "'", "delete EngelType")) - runSQL_log("ALTER TABLE `Room` DROP `DEFAULT_EID_" . $_GET["TID"] . "`;", "delete EngelType in Room Table"); - } else - echo "Fehlerhafter Aufruf"; - SetHeaderGo2Back(); - break; - } - } - - include ("includes/footer.php"); } ?> diff --git a/includes/sys_page.php b/includes/sys_page.php index ab8b05e2..2af5f729 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -1,4 +1,13 @@ ' . $msg . '

'; } @@ -6,4 +15,4 @@ function error($msg) { function success($msg) { return '

' . $msg . '

'; } -?> \ No newline at end of file +?> -- cgit v1.2.3-70-g09d2