function SaveReport($reportname, $report, $rtitle, $rstatus, $strXML, $saveas) { $reportname = GoodFieldName($reportname); $report = GoodFieldName($report); if (!@$_SESSION["UserID"]) { $_SESSION["UserID"] = " "; } // #9875 It's expected that webreports, webreport_style tables belong to the same db connection $connection = getWebreportConnection(); $strSQL = "SELECT " . $connection->addFieldWrappers("rpt_id") . " FROM " . $connection->addTableWrappers("webreports") . " WHERE " . $connection->addFieldWrappers("rpt_name") . "=" . $connection->prepareString($reportname) . " and " . $connection->addFieldWrappers("rpt_type") . "='report'"; $data = $connection->query($strSQL)->fetchAssoc(); if ($data && (!$saveas || $reportname == $report)) { $strSQL = "UPDATE " . $connection->addTableWrappers("webreports") . " SET " . $connection->addFieldWrappers("rpt_name") . "=" . $connection->prepareString($report) . ", " . $connection->addFieldWrappers("rpt_title") . "=" . $connection->prepareString($rtitle) . ", " . $connection->addFieldWrappers("rpt_content") . "=" . PrepareString4DB($strXML, $connection) . ", " . $connection->addFieldWrappers("rpt_status") . "=" . $connection->prepareString($rstatus) . ", " . $connection->addFieldWrappers("rpt_mdate") . "='" . now() . "' WHERE " . $connection->addFieldWrappers("rpt_name") . "=" . $connection->prepareString($reportname) . " and " . $connection->addFieldWrappers("rpt_type") . "='report'"; $connection->exec($strSQL); } else { $strSQL = "INSERT INTO " . $connection->addTableWrappers("webreports") . " ( " . $connection->addFieldWrappers("rpt_name") . ", " . $connection->addFieldWrappers("rpt_title") . ", " . $connection->addFieldWrappers("rpt_cdate") . ", " . $connection->addFieldWrappers("rpt_mdate") . ", " . $connection->addFieldWrappers("rpt_content") . ", " . $connection->addFieldWrappers("rpt_owner") . ", " . $connection->addFieldWrappers("rpt_status") . ", " . $connection->addFieldWrappers("rpt_type") . " )"; $strSQL .= " VALUES(" . $connection->prepareString($report) . ", " . $connection->prepareString($rtitle) . ", '" . now() . "', '" . now() . "', " . PrepareString4DB($strXML, $connection) . ", " . $connection->prepareString(@$_SESSION["UserID"]) . ", " . $connection->prepareString($rstatus) . ", 'report')"; $connection->exec($strSQL); } $strSQL = "UPDATE " . $connection->addTableWrappers("webreport_style") . " set " . $connection->addFieldWrappers("repname") . "=" . $connection->prepareString($report) . " where " . $connection->addFieldWrappers("repname") . "='" . $_SESSION['webreports_oldname'] . "'"; $connection->exec($strSQL); }
function SaveReport($reportname, $report, $rtitle, $rstatus, $strXML, $saveas) { global $conn; $reportname=GoodFieldName($reportname); $report=GoodFieldName($report); if(!@$_SESSION["UserID"]) $_SESSION["UserID"]=" "; $strSQL = "SELECT ".AddFieldWrappers("rpt_id")." FROM ".AddTableWrappers("webreports")." WHERE ".AddFieldWrappers("rpt_name")."=".db_prepare_string($reportname)." and ".AddFieldWrappers("rpt_type")."='report'"; $rsReport = db_query($strSQL,$conn); $data=db_fetch_array($rsReport); if ( $data && (!$saveas || $reportname==$report)) { $strSQL = "UPDATE ".AddTableWrappers("webreports")." SET ".AddFieldWrappers("rpt_name")."=".db_prepare_string($report).", ".AddFieldWrappers("rpt_title")."=".db_prepare_string($rtitle).", ".AddFieldWrappers("rpt_content")."=".PrepareString4DB($strXML).", ".AddFieldWrappers("rpt_status")."=".db_prepare_string($rstatus).", ".AddFieldWrappers("rpt_mdate")."='".now()."' WHERE ".AddFieldWrappers("rpt_name")."=".db_prepare_string($reportname)." and ".AddFieldWrappers("rpt_type")."='report'"; $rsReport = db_exec($strSQL,$conn); } else { $strSQL = "INSERT INTO ".AddTableWrappers("webreports")." ( ".AddFieldWrappers("rpt_name").", ".AddFieldWrappers("rpt_title").", ".AddFieldWrappers("rpt_cdate").", ".AddFieldWrappers("rpt_mdate").", ".AddFieldWrappers("rpt_content").", ".AddFieldWrappers("rpt_owner").", ".AddFieldWrappers("rpt_status").", ".AddFieldWrappers("rpt_type")." )"; $strSQL .= " VALUES(".db_prepare_string($report).", ".db_prepare_string($rtitle).", '".now()."', '".now()."', ".PrepareString4DB($strXML).", ".db_prepare_string(@$_SESSION["UserID"]).", ".db_prepare_string($rstatus).", 'report')"; $rsReport = db_exec($strSQL,$conn); } $strSQL = "UPDATE ".AddTableWrappers("webreport_style")." set ".AddFieldWrappers("repname")."=".db_prepare_string($report)." where ".AddFieldWrappers("repname")."='".$_SESSION['webreports_oldname']."'"; $rsReport = db_exec($strSQL,$conn); }