Beispiel #1
0
function db_update($table, $data, $sql_where, $vars, $optional = array())
{
    if (empty($optional["no_defaults"])) {
        $data["lastmodified"] = NOW;
        $data["lastmodifiedby"] = isset($_SESSION["username"]) ? $_SESSION["username"] : "";
        if (isset($optional["quote"]) and !$optional["quote"]) {
            $data["lastmodifiedby"] = sys_correct_quote($data["lastmodifiedby"]);
        }
    }
    if (!empty($optional["handler"])) {
        $handler = "lib_" . $optional["handler"];
        $data = sys_remove_handler($data);
        $vars = sys_remove_handler($vars);
        return call_user_func(array($handler, "update"), $vars["folder"], $data, $sql_where, $vars, $vars["mfolder"]);
    }
    $where = "";
    if (count($sql_where) > 0) {
        $where = " where " . implode(" and ", $sql_where);
    }
    $set = "";
    foreach ($data as $key => $value) {
        if ($set != "") {
            $set .= ",";
        }
        if (!isset($optional["quote"]) or $optional["quote"]) {
            $value = sys_correct_quote($value, !empty($optional["no_defaults"]));
        }
        if (isset($optional[$key . "_append"]) or $key == "history") {
            $value = sql_concat("concat(" . $value . ";" . $key . ")");
        }
        $set .= $key . "=" . $value;
    }
    if (is_array($vars) and count($vars) > 0) {
        foreach (array_keys($vars) as $key) {
            $vars[$key] = sys_correct_quote($vars[$key]);
            $where = str_replace("@" . $key . "@", $vars[$key], $where);
        }
    }
    if (!empty($optional["sqlvarsnoquote"]) and count($optional["sqlvarsnoquote"]) > 0) {
        foreach ($optional["sqlvarsnoquote"] as $key => $val) {
            $where = str_replace("@" . $key . "@", $val, $where);
        }
    }
    $sql = "update " . sql_fieldname($table) . " set " . $set . $where;
    sys::$db_queries[] = $sql;
    if (sql_query($sql) === false) {
        $msg = sql_error();
        if (DEBUG) {
            debug_sql("ERROR " . $sql, $msg);
        }
        sys_log_message_log("db-fail", $sql . " " . $msg, sys_backtrace());
        return "error (" . $msg . ")";
    }
    return "";
}
Beispiel #2
0
 static function file_download($folder, $view, $id, $field, $subitem, $write)
 {
     self::_require_access($folder, "read", $view);
     $sgsml = new sgsml($folder, $view, (array) $id, $write);
     $data = $sgsml->get_rows(array("id", "folder", sql_fieldname($field)));
     if (empty($data[0][$field])) {
         exit("{t}Item(s) not found or access denied.{/t}");
     }
     $files = explode("|", trim($data[0][$field], "|"));
     if (!is_numeric($subitem) and $subitem != "") {
         foreach ($files as $key => $file) {
             if (modify::basename($file) == $subitem) {
                 $subitem = $key;
                 break;
             }
         }
     }
     if (!is_numeric($subitem)) {
         $subitem = 0;
     }
     if (empty($files[$subitem])) {
         exit("{t}file not found in database.{/t}");
     }
     $file = sys_remove_handler($files[$subitem]);
     if (!file_exists($file)) {
         exit("{t}file not found.{/t}");
     }
     return $file;
 }