function db_enter($table, $fields, $index = "id")
{
global $editing, $language, $user;
$fields = explode(" ", $fields);
foreach ($fields as $field) {
if ($field == "password") {
//binary password
if ($editing) {
$query1[] = $field . " = PWDENCRYPT('" . $_POST[$field] . "')";
} else {
$query1[] = $field;
$query2[] = $field . " = PWDENCRYPT('" . $_POST[$field] . "')";
}
} elseif (substr($field, 0, 1) == "#") {
//numeric
$field = substr($field, 1);
if (empty($_POST[$field])) {
$_POST[$field] = "NULL";
}
if ($editing) {
$query1[] = $field . " = " . $_POST[$field];
} else {
$query1[] = $field;
$query2[] = $_POST[$field];
}
} elseif (substr($field, 0, 1) == "*") {
//date
$field = substr($field, 1);
if (isset($_POST["no" . $field])) {
if ($editing) {
$query1[] = $field . " = NULL";
} else {
$query1[] = $field;
$query2[] = "NULL";
}
} else {
if ($editing) {
$query1[] = $field . " = " . format_post_date($field);
} else {
$query1[] = $field;
$query2[] = format_post_date($field);
}
}
} elseif (substr($field, 0, 1) == "@") {
//file
$field = substr($field, 1);
if (isset($_POST[$field])) {
//file posting is optional, from a php point of view
if ($editing) {
$query1[] = $field . " = " . format_binary($_POST[$field]);
} else {
$query1[] = $field;
$query2[] = format_binary($_POST[$field]);
}
}
} elseif (substr($field, 0, 1) == "|") {
//html
$field = substr($field, 1);
if (isset($_POST[$field])) {
if ($editing) {
$query1[] = $field . " = " . format_html($_POST[$field]);
} else {
$query1[] = $field;
$query2[] = "'" . format_html($_POST[$field]) . "'";
}
}
} else {
//text
$_POST[$field] = trim($_POST[$field]);
$_POST[$field] = empty($_POST[$field]) ? "NULL" : "'" . $_POST[$field] . "'";
if ($editing) {
$query1[] = $table . '.' . $field . " = " . $_POST[$field];
} else {
$query1[] = $table . '.' . $field;
$query2[] = $_POST[$field];
}
}
}
if ($editing) {
$query1[] = "updatedOn = GETDATE()";
if (isset($_POST["updatedBy"])) {
$query1[] = "updatedBy = " . $_POST["updatedBy"];
} else {
$query1[] = "updatedBy = " . $user["id"];
}
db_query("UPDATE " . $table . " SET " . implode(", ", $query1) . " WHERE " . $index . " = " . $_GET["id"]);
return $_GET["id"];
} else {
$query1[] = "createdOn";
$query2[] = "GETDATE()";
$query1[] = "createdBy";
$query2[] = isset($_POST["createdBy"]) ? $_POST["createdBy"] : $user["id"];
$query1[] = "isActive";
$query2[] = 1;
$r = db_query("INSERT INTO " . $table . " ( " . implode(", ", $query1) . " ) VALUES ( " . implode(", ", $query2) . ")");
return $r;
}
}
<?php
include "../../include.php";
if (url_action("delete")) {
db_query("UPDATE press_releases SET \n\t\t\t\tdeleted_date = GETDATE(),\n\t\t\t\tdeleted_user = {$_SESSION["user_id"]},\n\t\t\t\tis_active = 0\n\t\t\tWHERE id = " . $_GET["id"]);
url_drop();
} elseif ($posting) {
$theuser_id = $page['is_admin'] ? $_POST["created_user"] : $_SESSION["user_id"];
db_query("INSERT INTO press_releases (\n\t\theadline,\n\t\tdetail,\n\t\tlocation,\n\t\treleaseDate,\n\t\ttext,\n\t\tcorporationID,\n\t\tcreated_date,\n\t\tcreated_user,\n\t\tis_active\n\t) VALUES (\n\t\t'" . $_POST["headline"] . "',\n\t\t'" . $_POST["detail"] . "',\n\t\t'" . $_POST["location"] . "',\n\t\t" . format_post_date("releaseDate") . ",\n\t\t'" . format_html($_POST["text"]) . "',\n\t\t" . $_POST["corporationID"] . ",\n\t\tGETDATE(),\n\t\t" . $theuser_id . ",\n\t\t1\n\t)");
url_change();
}
echo drawTop();
if (url_id()) {
$r = db_grab("SELECT\n\t\t\theadline,\n\t\t\tdetail,\n\t\t\tlocation,\n\t\t\ttext,\n\t\t\treleaseDate\n\t\tFROM press_releases\n\t\tWHERE id = " . $_GET["id"]);
?>
<table class="left" cellspacing="1">
<?php
if ($page['is_admin']) {
echo drawHeaderRow("Press Release", 1, "edit", "edit/?id=" . $_GET["id"]);
} else {
echo drawHeaderRow("Press Release", 1);
}
?>
<tr>
<td style="padding:20px;" class="text">
<h1><?php
echo $r["headline"];
?>
</h1>
<b><?php
echo $r["detail"];
function get_newsletter($multipart_boundary = null)
{
require_once __DIR__ . '/../vendor/autoload.php';
$loader = new Twig_Loader_Filesystem(get_template_directory() . '/inc/newsletter');
$twig = new Twig_Environment($loader, array());
$twig->addExtension(new Twig_Extensions_Extension_Intl());
$twig->addExtension(new Twig_Extensions_Extension_Text());
$twig->getExtension('Twig_Extension_Core')->setTimezone('Europe/Paris');
if (have_rows('tb_newsletter_sections', 'option')) {
$categories = [];
$subcategories = [];
$posts = [];
while (have_rows('tb_newsletter_sections', 'option')) {
the_row();
foreach (get_sub_field('tb_newsletter_sections_items') as $post) {
$category = get_post_top_category($post->ID);
if ($category) {
$subcategory = get_sub_field('tb_newsletter_sections_title');
$categories[$category->term_id] = ['slug' => $category->slug, 'name' => $category->name, 'url' => get_category_link($category)];
$subcategories[$category->term_id][$subcategory->term_id] = $subcategory->name;
$posts[$category->term_id][$subcategory->term_id][] = ['post' => $post, 'author' => get_the_author_meta('display_name', $post->post_author), 'link' => get_post_permalink($post->ID), 'thumbnail' => wp_get_attachment_url(get_post_thumbnail_id($post->ID)), 'date_post' => format_post_date($post->post_date), 'event' => get_event_date($post->ID), 'place' => get_event_place($post->ID)];
}
}
}
}
$params = ['intro' => get_field('tb_newsletter_introduction', 'option'), 'categories' => $categories, 'subcategories' => $subcategories, 'posts' => $posts, 'outro' => get_field('tb_newsletter_footer', 'option')];
if ($multipart_boundary) {
$params['boundary'] = $multipart_boundary;
return $twig->render('newsletter-multipart.html', $params);
} else {
return $twig->render('newsletter-html.html', $params);
}
}
<?php
include "include.php";
if ($posting) {
$checkoutStart = format_post_date("checkoutStart");
$checkoutEnd = isset($_POST["noEndDate"]) ? "NULL" : format_post_date("checkoutEnd");
$id = db_query("INSERT INTO it_laptops_checkouts ( \r\n\t\t\tcheckoutUser, \r\n\t\t\tcheckoutStart, \r\n\t\t\tcheckoutEnd, \r\n\t\t\tcheckoutNotes,\r\n\t\t\tcheckoutLaptopID\r\n\t\t) VALUES (\r\n\t\t\t{$_POST["checkoutUser"]},\r\n\t\t\t{$checkoutStart},\r\n\t\t\t{$checkoutEnd},\r\n\t\t\t'{$_POST["checkoutNotes"]}',\r\n\t\t\t{$_GET["id"]})");
db_query("UPDATE it_laptops SET checkoutID = {$id}, laptopStatusID = 1 WHERE laptopID = " . $_GET["id"]);
url_change("laptops.php");
}
echo drawTop();
?>
<table class="left" cellspacing="1">
<?php
echo drawHeaderRow("Check Laptop Out", 2);
?>
<form method="post" action="<?php
echo $request["path_query"];
?>
">
<tr>
<td class="left">Laptop</td>
<td><b><a href="laptop.php?id=<?php
echo $_GET["id"];
?>
"><?php
echo db_grab("SELECT laptopName FROM it_laptops WHERE laptopID = " . $_GET["id"]);
?>
</a></b></td>
</tr>