|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/abtechsci/mmc15/HDWRegistrationAndLogin/admin/ |
Upload File : |
<?PHP
define ('ADMIN_TABLE',$_GET["table"]);
define ('TABLE_KEY','hdw_id');
include "../db/txt-db-api.php";
$db = new Database(HDW_FLAT_DBNAME);
function rquote ($str)
{
if (get_magic_quotes_gpc () == 1 && (strpos($str, "'") === false || !(strpos($str, "\'") === false)))
return $str;
else
return addslashes($str);
}
function rquote_field ($str)
{
$str = str_replace("\"", """, $str);
if (get_magic_quotes_gpc () == 1)
return stripslashes ($str);
else
return $str;
}
function getPageName($params = false)
{
return 'index.php?table='.$_GET["table"];
}
if (isset($_POST["accion"]) && $_POST["accion"]=='deleteitem')
{
$query = "delete from ".ADMIN_TABLE." where ".TABLE_KEY." = ".$_POST["valor1"];
$db->executeQuery($query);
}
$onechecked = false;
$top = -1;
$fields = array();
$var_SearchQuery = '';
$result = $db->executeQuery("SELECT * FROM ".ADMIN_TABLE);
$fields = $result->colNames;
for ($i=0;$i<count($fields);$i++)
{
$var_SearchQuery .= " OR ".$fields[$i]. " like '%^%' ";
$top++;
$fields_table[$top]["field"] = $fields[$i];
$fields_table[$top]["name"] = $fields[$i];
$fields_table[$top]["ischecked"] = $_POST["hdwchecked_".$fields[$i]] || $_COOKIE["hdwchecked_".$fields[$i]];
$onechecked = $onechecked || $fields_table[$top]["ischecked"];
}
if ($_POST["updateitem"])
{
$str = '';
foreach ($fields_table as $item)
if ($item["field"] != TABLE_KEY)
$str .= ",".$item["field"]."='".rquote($_POST[$item["field"]])."'";
$str = substr($str,1);
$db->executeQuery("UPDATE ".ADMIN_TABLE. " SET ".$str." WHERE ".TABLE_KEY."=".$_POST["updateitem"]);
echo '<script type="text/javascript">document.location="index.php?table='.$_GET["table"].'";</script>';
exit;
}
$result = $db->executeQuery("SELECT * FROM ".ADMIN_TABLE." WHERE ".TABLE_KEY."=".$_GET["id"]);
$result->next();
$values = $result->getCurrentValuesAsHash();
?>
<form style="margin:0px;padding:0px;" action="<?php echo getPageName(true); ?>&id=<?php echo $_GET["id"]; ?>&action=edit" method="post">
<input type="hidden" name="updateitem" value="<?php echo $_GET["id"]; ?>">
<?php foreach ($fields_table as $item) if ($item["field"] != TABLE_KEY){ ?>
<?php
?>
<strong><?php echo $item["field"]; ?>:</strong> <br />
<textarea cols=100 rows=3 name="<?php echo rquote_field($item["field"]); ?>"><?php echo str_replace("</textarea>",htmlentities("</textarea>"),rquote_field($values[$item["field"]])); ?></textarea><br />
<?php } ?>
<br />
<input type="submit" name="subbtn" value="Save & Back to list"> <input type="button" onclick="document.location='index.php?table=<?php echo ADMIN_TABLE; ?>'" name="subbtn" value="Back to List">
</form>