'; # $UpdateAttrs are the attributes we allow in output tags SDV($UpdateAttrs, array('name', 'value', 'id', 'class', 'rows', 'cols', 'size', 'maxlength', 'action', 'method', 'accesskey', 'checked', 'disabled', 'readonly', 'enctype', 'tabindex', 'onKeyDown')); # Set up formatting for text, submit, hidden, radio, etc. types foreach(array('text', 'submit', 'hidden', 'password', 'radio', 'checkbox', 'reset', 'file') as $t) SDV($UpdateTags[$t][':html'], ""); # (:update form:) SDVA($UpdateTags['form'], array( ':args' => array('action', 'method', 'table', 'fields', 'required', 'where', 'tabindex'), ':html' => "
'); # (:update textarea:) SDVA($UpdateTags['textarea'], array( ':html' => "")); # (:update select:) SDVA($UpdateTags['select'], array( ':args' => array('name', 'size', 'multiple', 'value', 'label', 'from', 'where', 'order', 'tabindex'), ':html' => "\n")); Markup('update', 'fulltext', '/\\(:update\\s+(\\w+)(.*?):\\)/ei', "UpdateMarkup(\$pagename, '$1', PSS('$2'))"); if (!function_exists('quote_smart')) { function quote_smart($value) { //such a useful function -- wish I remembered who wrote it if (get_magic_quotes_gpc()) {$value = stripslashes($value);} if (!is_numeric($value)) {$value = "'" . mysql_real_escape_string($value) . "'";} return $value; } } //define username depending on whether we're using UserAuth or AuthUser $UpdateUsername = (defined('USER_AUTH_VERSION') ? $_SESSION['username'] : $_SESSION['authid'][0]); SDVA($SQdata,$_REQUEST); function UpdateMarkup($pagename, $type, $args) { global $UpdateTags, $UpdateAttrs, $InputValues, $FmtV, $UpdateFields, $UpdateUserID, $UpdateUsername, $Author, $UpdateDependencies, $UpdateTabIndex, $SQdata; //this preprocessing is the same as in the InputMarkup function; only the names have been changed if (!@$UpdateTags[$type]) return "(:update $type $args:)"; $opt = array_merge($UpdateTags[$type], ParseArgs($args)); $args = @$opt[':args']; if (!$args) $args = array('name', 'value'); while (count(@$opt['']) > 0 && count($args) > 0) $opt[array_shift($args)] = array_shift($opt['']); if ($type == 'form') { //$out .= print_r($_POST,true); // Connect to Database $dblink = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die("Could not connect : " . mysql_error()); mysql_select_db(DB_NAME,$dblink) or die("Could not select database: ".mysql_error()); if (count($_POST)>0) { // Check for required fields $missing=0; foreach (explode(',',$opt['required']) as $req) { if (($req > '') and ($_POST[$req]=='')) $missing++; } if ($missing==0) { // process form $success = 0; $timestamp = date('Y-m-d H:i:s'); foreach (explode(',',$opt['where']) as $req) { if (!$_POST[$req]) $missing++; } if ($missing==0) { //we've got all the information we need unset ($where); unset ($dependencies); foreach (explode(',',$opt['where']) as $wherefield) { $where[] = $wherefield." = ".quote_smart($_POST[$wherefield]); //prepare to delete dependent entries, if necessary foreach (explode(',',$UpdateDependencies[$opt['table'].".$wherefield"]) as $dep) { list($deptable,$depfield) = explode('.',$dep); $dependencies[] = "DELETE FROM $deptable WHERE $depfield = ".quote_smart($_POST[$wherefield]); } } if ($_POST[$opt['delete']]) { //delete an existing entry $query = "DELETE FROM ".$opt['table']." WHERE ".implode(' AND ',$where); //$out.= "$query
"; if (mysql_query($query)) { foreach ($dependencies as $dep) mysql_query($dep); $success = 1; $out.= "$query
" . mysql_error()."
"; } } else { // update an existing entry $query = "UPDATE ".$opt['table']." SET "; foreach (explode(',',$opt['fields']) as $field) { if ((strpos(",".$opt['null'].",",",".$field.",") !== false) AND ($_POST[$field]=='')) { $query .= "`$field` = NULL, "; } else { $query .= "`$field` = ".quote_smart($_POST[$field]).", "; } } if ($opt['timestamp']>'') $query .= $opt['timestamp']." = '$timestamp'"; $query = rtrim($query, ', ')." WHERE ".implode(' AND ',$where); //$out.= "$query
"; if (mysql_query($query)) { $success = 1; $out.= "$query
" . mysql_error()."
"; } } } else { // insert new entry $queryA = "INSERT INTO ".$opt['table']." ("; $queryB = ") VALUES ("; foreach (explode(',',$opt['fields']) as $field) { //is the field listed as having a default? If not, include it. if ((strpos(",".$opt['default'].",",",".$field.",") === false) OR ($_POST[$field])) { $queryA .= "`$field`,"; //if this is the UserID field and no value is given, use the UserID $queryB .= quote_smart(((in_array($UpdateUserID,explode(',',$opt['where'])) and ($field==$UpdateUserID) and (!$_POST[$field])) ? $UpdateUsername : $_POST[$field])).","; } } if ($opt['timestamp']>'') { $queryA .= $opt['timestamp']; $queryB .= "'$timestamp'"; } $query = rtrim($queryA, ',').rtrim($queryB, ',').")"; if (mysql_query($query)) { $success=1; $out.= "$query
" . mysql_error()."
"; } } } else { //missing values $out .= "