function db_update($table, $data, $sql_where, $vars, $optional = array()) { if (empty($optional["no_defaults"])) { $data["lastmodified"] = NOW; $data["lastmodifiedby"] = isset($_SESSION["username"]) ? $_SESSION["username"] : ""; if (isset($optional["quote"]) and !$optional["quote"]) { $data["lastmodifiedby"] = sys_correct_quote($data["lastmodifiedby"]); } } if (!empty($optional["handler"])) { $handler = "lib_" . $optional["handler"]; $data = sys_remove_handler($data); $vars = sys_remove_handler($vars); return call_user_func(array($handler, "update"), $vars["folder"], $data, $sql_where, $vars, $vars["mfolder"]); } $where = ""; if (count($sql_where) > 0) { $where = " where " . implode(" and ", $sql_where); } $set = ""; foreach ($data as $key => $value) { if ($set != "") { $set .= ","; } if (!isset($optional["quote"]) or $optional["quote"]) { $value = sys_correct_quote($value, !empty($optional["no_defaults"])); } if (isset($optional[$key . "_append"]) or $key == "history") { $value = sql_concat("concat(" . $value . ";" . $key . ")"); } $set .= $key . "=" . $value; } if (is_array($vars) and count($vars) > 0) { foreach (array_keys($vars) as $key) { $vars[$key] = sys_correct_quote($vars[$key]); $where = str_replace("@" . $key . "@", $vars[$key], $where); } } if (!empty($optional["sqlvarsnoquote"]) and count($optional["sqlvarsnoquote"]) > 0) { foreach ($optional["sqlvarsnoquote"] as $key => $val) { $where = str_replace("@" . $key . "@", $val, $where); } } $sql = "update " . sql_fieldname($table) . " set " . $set . $where; sys::$db_queries[] = $sql; if (sql_query($sql) === false) { $msg = sql_error(); if (DEBUG) { debug_sql("ERROR " . $sql, $msg); } sys_log_message_log("db-fail", $sql . " " . $msg, sys_backtrace()); return "error (" . $msg . ")"; } return ""; }
static function file_download($folder, $view, $id, $field, $subitem, $write) { self::_require_access($folder, "read", $view); $sgsml = new sgsml($folder, $view, (array) $id, $write); $data = $sgsml->get_rows(array("id", "folder", sql_fieldname($field))); if (empty($data[0][$field])) { exit("{t}Item(s) not found or access denied.{/t}"); } $files = explode("|", trim($data[0][$field], "|")); if (!is_numeric($subitem) and $subitem != "") { foreach ($files as $key => $file) { if (modify::basename($file) == $subitem) { $subitem = $key; break; } } } if (!is_numeric($subitem)) { $subitem = 0; } if (empty($files[$subitem])) { exit("{t}file not found in database.{/t}"); } $file = sys_remove_handler($files[$subitem]); if (!file_exists($file)) { exit("{t}file not found.{/t}"); } return $file; }