| 6,12 → 6,12 |
|---|
| echo "<b>Could not include SQL library</b><br>\n"; |
| exit(); |
| } |
| if ($config[sql_use_operators] == 'true'){ |
| if ($config['sql_use_operators'] == 'true'){ |
| $use_ops=1; |
| $text1 = 'AND op ='; |
| $text2 = ',op'; |
| } |
| $link = @da_sql_pconnect($config); |
| $link = da_sql_pconnect($config); |
| if ($link){ |
| foreach($show_attrs as $key => $desc){ |
| if ($attrmap["$key"] == 'none') |
| 26,7 → 26,7 |
|---|
| $name = $attrmap["$key"] . $i; |
| while(isset($$name)){ |
| $val=$$name; |
| $val = da_sql_escape_string($val); |
| $val = da_sql_escape_string($link, $val); |
| $op_name = $name . '_op'; |
| $i++; |
| $j++; |
| 33,18 → 33,18 |
|---|
| $name = $attrmap["$key"] . $i; |
| $sql_attr=$attrmap["$key"]; |
| $query_key = ($user_type == 'group') ? 'groupname' : 'username'; |
| if ($attr_type["$key"] == 'checkItem'){ |
| $table = ($user_type == 'group') ? $config[sql_groupcheck_table] : $config[sql_check_table]; |
| if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){ |
| $table = ($user_type == 'group') ? $config['sql_groupcheck_table'] : $config['sql_check_table']; |
| $type = 1; |
| } |
| else if ($attr_type["$key"] == 'replyItem'){ |
| $table = ($user_type == 'group') ? $config[sql_groupreply_table] : $config[sql_reply_table]; |
| else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){ |
| $table = ($user_type == 'group') ? $config['sql_groupreply_table'] : $config['sql_reply_table']; |
| $type = 2; |
| } |
| if ($use_ops){ |
| $op_val = $$op_name; |
| if ($op_val != ''){ |
| $op_val = da_sql_escape_string($op_val); |
| $op_val = da_sql_escape_string($link, $op_val); |
| if (check_operator($op_val,$type) == -1){ |
| echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n"; |
| continue; |
| 52,25 → 52,26 |
|---|
| $op_val2 = ",'$op_val'"; |
| } |
| } |
| $sql_attr = da_sql_escape_string($sql_attr); |
| $val = da_sql_escape_string($val); |
| $sql_attr = da_sql_escape_string($link, $sql_attr); |
| $val = da_sql_escape_string($link, $val); |
| // if we have operators, the operator has changed and the corresponding value exists then update |
| if ($use_ops && isset($item_vals["$key"][operator][$j]) && |
| $op_val != $item_vals["$key"][operator][$j] ){ |
| $res = @da_sql_query($link,$config, |
| if ($use_ops && isset($item_vals["$key"]['operator'][$j]) && |
| $op_val != $item_vals["$key"]['operator'][$j] ){ |
| $res = da_sql_query($link,$config, |
| "UPDATE $table SET op = '$op_val' WHERE $query_key = '$login' |
| AND attribute = '$sql_attr' AND value = '$val';"); |
| if (!$res || !@da_sql_affected_rows($link,$res,$config)) |
| if (!$res || !da_sql_affected_rows($link,$res,$config)) |
| echo "<b>Operator change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n"; |
| } |
| $chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0; |
| // if value is the same as that in the sql database do nothing |
| if ($val == $item_vals["$key"][$j]) |
| if (isset($item_vals["$key"]) && $val == $item_vals["$key"][$j]) |
| continue; |
| // if value is null or equals the default value and corresponding value exists then delete |
| else if ((check_defaults($val,$op_val,$default_vals["$key"]) || $val == '' || ($sql_attr == "Filter-Id" && $val == "None")) && isset($item_vals["$key"][$j])){ |
| $res = @da_sql_query($link,$config, |
| else if (($chkdef || $val == '' || ($sql_attr == "Filter-Id" && $val == "None")) && isset($item_vals["$key"][$j])){ |
| $res = da_sql_query($link,$config, |
| "DELETE FROM $table WHERE $query_key = '$login' AND attribute = '$sql_attr';"); |
| if (!$res || !@da_sql_affected_rows($link,$res,$config)) |
| if (!$res || !da_sql_affected_rows($link,$res,$config)) |
| echo "<b>Delete failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n"; |
| } |
| // if value is null or equals the default value then don't add it |
| 80,16 → 81,16 |
|---|
| else{ |
| if (isset($item_vals["$key"][$j])){ |
| $old_val = $item_vals["$key"][$j]; |
| $old_val = da_sql_escape_string($old_val); |
| $res = @da_sql_query($link,$config, |
| $old_val = da_sql_escape_string($link, $old_val); |
| $res = da_sql_query($link,$config, |
| "UPDATE $table SET value = '$val' WHERE $query_key = '$login' AND |
| attribute = '$sql_attr' AND value = '$old_val';"); |
| } |
| else |
| $res = @da_sql_query($link,$config, |
| $res = da_sql_query($link,$config, |
| "INSERT INTO $table ($query_key,attribute,value $text2) |
| VALUES ('$login','$sql_attr','$val' $op_val2);"); |
| if (!$res || !@da_sql_affected_rows($link,$res,$config)) |
| if (!$res || !da_sql_affected_rows($link,$res,$config)) |
| echo "<b>Change failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n"; |
| } |
| } |