|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/abtechsci/mmc15/HDWRegistrationAndLogin/admin/ |
Upload File : |
<?php
$link = mysql_connect(HDW_HOST, HDW_USERNAME, HDW_PASSWORD) or die("Could not connect to dabase. Please check DatabaseName, username and password and if the database server is up.");
mysql_select_db(HDW_DATABASE) or die("Could not select database. Please check the DatabaseName and be sure to link the database to the specified username.");
define ('ADMIN_TABLE',$_GET["table"]);
define ('TABLE_KEY','hdw_id');
function rquote ($str)
{
if (get_magic_quotes_gpc () == 1 && (strpos($str, "'") === false || !(strpos($str, "\'") === false)))
return $str;
else
return addslashes($str);
}
function rquote_field ($str)
{
$str = str_replace("\"", """, $str);
if (get_magic_quotes_gpc () == 1)
return stripslashes ($str);
else
return $str;
}
function getPageName($params = false)
{
return 'index.php?table='.$_GET["table"];
}
if (isset($_POST["accion"]) && $_POST["accion"]=='deleteitem')
{
$query = "delete from ".ADMIN_TABLE." where ".TABLE_KEY." = ".$_POST["valor1"];
mysql_query($query) or die("Query failed. Please check database connection (DatabaseName,username and password). Remember to link the user to the database.");
}
$onechecked = false;
$top = -1;
$fields = array();
$var_SearchQuery = '';
$rs = mysql_query('show fields from '.ADMIN_TABLE);
while ($tmp = mysql_fetch_array($rs))
{
$fields[] = $tmp["Field"];
$var_SearchQuery .= " OR `".$tmp["Field"]. "` like '%^%' ";
$top++;
$fields_table[$top]["field"] = $tmp["Field"];
$fields_table[$top]["name"] = $tmp["Field"];
$fields_table[$top]["ischecked"] = $_POST["hdwchecked_".$tmp["Field"]] || $_COOKIE["hdwchecked_".$tmp["Field"]];
$onechecked = $onechecked || $fields_table[$top]["ischecked"];
}
if ($_POST["updateitem"])
{
$str = '';
foreach ($fields_table as $item)
if ($item["field"] != TABLE_KEY)
$str .= ",`".$item["field"]."`='".rquote($_POST[$item["field"]])."'";
$str = substr($str,1);
mysql_query("UPDATE ".ADMIN_TABLE. " SET ".$str." WHERE ".TABLE_KEY."=".$_POST["updateitem"]);
echo '<script type="text/javascript">document.location="index.php?table='.$_GET["table"].'";</script>';
exit;
}
$rs = mysql_query("SELECT * FROM ".ADMIN_TABLE." WHERE ".TABLE_KEY."=".$_GET["id"]);
$values = mysql_fetch_array($rs);
?>
<form style="margin:0px;padding:0px;" action="<?php echo getPageName(true); ?>&id=<?php echo $_GET["id"]; ?>&action=edit" method="post">
<input type="hidden" name="updateitem" value="<?php echo $_GET["id"]; ?>">
<?php foreach ($fields_table as $item) if ($item["field"] != TABLE_KEY){ ?>
<?php
?>
<strong><?php echo $item["field"]; ?>:</strong> <br />
<textarea cols=100 rows=3 name="<?php echo rquote_field($item["field"]); ?>"><?php echo str_replace("</textarea>",htmlentities("</textarea>"),rquote_field($values[$item["field"]])); ?></textarea><br />
<?php } ?>
<br />
<input type="submit" name="subbtn" value="Save & Back to list"> <input type="button" onclick="document.location='index.php?table=<?php echo ADMIN_TABLE; ?>'" name="subbtn" value="Back to List">
</form>
<?php
mysql_close($link);
?>