";
}
}
} else { // insert new entry
$queryA = "INSERT INTO ".$opt['table']." (";
$queryB = ") VALUES (";
$params = array();
foreach (explode(',',$opt['fields']) as $field) {
//is the field listed as having a default? If not, include it.
if ((strpos(",".$opt['default'].",",",".$field.",") === false) OR ($_POST[$field])) {
$queryA .= "`$field`,";
//if this is the UserID field and no value is given, use the UserID
if (in_array($UpdateUserID,explode(',',$opt['where'])) and ($field==$UpdateUserID) and (!$_POST[$field])) {
$params[':UpdateUsername'] = $UpdateUsername;
$queryB .= ':UpdateUsername,';
} else {
$params[":$field"] = $_POST[$field];
$queryB .= ":$field,";
}
}
}
if ($opt['timestamp']>'') {
$queryA .= $opt['timestamp'];
$queryB .= "'$timestamp'";
}
$query = rtrim($queryA, ',').rtrim($queryB, ',').")";
try {
$dblink->prepare($query)->execute($params);
$success=1;
$out.= "
Successfully added this information to the database.
\n";
$UpdateFields = array();
$UpdateFields += $_POST;
}
} //endif $_POST
if (($success == 1) and (isset($opt['redirect']))) { //redirect to specified page
Redirect($opt['redirect']);
} else {
// Get existing info from database, if any
unset ($where);
$params = array();
foreach (explode(',',$opt['where']) as $wherefield) {
if ($wherefield == $UpdateUserID) {
// It's not "any kind of query," Sark. It's a *User* query.
$where[] = "$UpdateUserID = :UpdateUsername";
$params[":UpdateUsername"] = $UpdateUsername;
} else {
$where[] = "$wherefield = :wherevalue";
$params[':wherevalue'] = ($_REQUEST[$wherefield] ? $_REQUEST[$wherefield] : $wherevalue);
SDV($SQdata[$wherefield],($_REQUEST[$wherefield] ? $_REQUEST[$wherefield] : $wherevalue));
}
}
if ((isset($opt['table'])) and (isset($opt['fields'])) and (isset($where))) {
$query = "SELECT " . $opt['fields'] . " FROM " . $opt['table'] . " WHERE " . implode(" AND ",$where);
//$out.="$query";
if ($sth = $dblink->prepare($query)->execute($params)) {
$UpdateFields = $sth->fetch(PDO::FETCH_ASSOC);
SDVA($UpdateFields,$_POST);
if (defined($UpdateFields)) SDVA($SQdata,$UpdateFields);
}
}
}
$dblink = NULL;
//end of $type = 'form'
//a little bit of magic to create drop-down menus from a query!
} elseif (($type=='select') and (isset($opt['from']))) {
//if value and/or label are not provided, fill them in with what we do know
SDV($opt['value'],$opt['name']);
SDV($opt['label'],$opt['value']);
// Connect to Database
$dblink = new PDO('mysql:host='. DB_SERVER .';dbname='. DB_NAME, DB_USER, DB_PASS);
$selectq = "SELECT ". $opt['value'] .", ". $opt['label'] ." FROM ". $opt['from']
." WHERE ". ($opt['where'] ? html_entity_decode($opt['where']) : 1)
. ($opt['order'] ? " ORDER BY ".$opt['order'] : "");
$selectd = $dblink->query($selectq);
unset($FmtV['$UpdateSelectOptions']);
if (isset($opt['null'])) $FmtV['$UpdateSelectOptions'] = "\n";
foreach ($selectd as $option) {
$FmtV['$UpdateSelectOptions'] .= "\n";
}
//don't display database info in HTML source
unset($opt['value']);
$dblink = NULL;
} // endif $type
// if given a parameter with no value, set the value to the name of the parameter
// for example, "checked" should become "checked='checked'" to be valid HTML
foreach ((array)@$opt[''] as $a)
if (!isset($opt[$a])) $opt[$a] = $a;
//insert $SQdata info into field, if value given is a parameter name in `backquotes`
if (strrpos('`',$opt['value'])!==false) {
$opt['value'] = $SQdata[str_replace("`","",$opt['value'])];
}
if (($type=='text') or ($type=='hidden') or ($type=='password')) {
// insert database info into field
if (isset($UpdateFields[$opt['name']])) $opt['value'] = $UpdateFields[$opt['name']];
// insert $_GET info into field, if any
if (isset($_GET[$opt['name']])) $opt['value'] = $_GET[$opt['name']];
}
// another bit of magic to allow values in textareas
if ($type=='textarea')
$FmtV['$UpdateTextarea'] = $UpdateFields[$opt['name']]? $UpdateFields[$opt['name']]: "";
// auto-input user ID into text or hidden fields when no other value given
if ((($type=='text') or ($type=='hidden')) and ($opt['name']==$UpdateUserID))
SDV($opt['value'],$UpdateUsername);
//content masking with optional Javascript
unset($opt['onKeyDown']);
if ($opt['mask']>'')
$opt['onKeyDown']='javascript:return dFilter (event.keyCode, this, "'.$opt['mask'].'");';
//automatic tabindex
if ($opt['tabindex']>0) {
$UpdateTabIndex = $opt['tabindex']+1;
} elseif ($opt['tabindex']===0) {
$UpdateTabIndex = 0;
} elseif (($UpdateTabIndex > 0) and ($type!='form') and ($type != 'end') and ($type != 'hidden')) {
$opt['tabindex'] = $UpdateTabIndex++;
}
//not sure what this little loophole is for, but it's in forms.php, so I copied it
if (!isset($opt['value']) && isset($InputValues[@$opt['name']]))
$opt['value'] = $InputValues[$opt['name']];
//put quotes around values for HTML compliance
$attr = array();
foreach ($UpdateAttrs as $a) {
if (!isset($opt[$a])) continue;
$attr[] = "$a='".str_replace("'", ''', $opt[$a])."'";
}
//set radio and checkboxes to match database info
if ((($type=='radio') or ($type=='checkbox')) and ($opt['value'] == $UpdateFields[$opt['name']]))
$attr[] = "checked='checked'";
//exit code copied bodily from forms.php
$FmtV['$UpdateFormArgs'] = implode(' ', $attr);
$out .= FmtPageName($opt[':html'], $pagename);
return preg_replace_callback('/<(\\w+\\s)(.*)$/s',function ($m) { return "<{$m[1]}".Keep(($m[2]));}, $out);
}