foreach ($tables as $i) { $champs = ''; $update = "UPDATE lr.{$i} SET "; foreach ($aColumnsTot[$id_page] as $key => $val) { if ($val['modifiable'] == 't' and $val['table_champ'] == $i) { /*récupération des champs modifiables*/ $champs .= $val['champ_interface'] . ","; /*construction de l'update*/ if ($val['type'] == 'string') { $update .= $val['champ_interface'] . " = " . sql_format_quote($_POST[$val['champ_interface']], 'do') . ","; } if ($val['type'] == 'val') { $update .= $val['champ_interface'] . " = " . sql_format_num($_POST[$val['champ_interface']]) . ","; } if ($val['type'] == 'bool') { $update .= $val['champ_interface'] . " = " . sql_format_bool($_POST[$val['champ_interface']]) . ","; } if ($val['type'] == 'int') { $update .= $val['champ_interface'] . " = " . sql_format_num($_POST[$val['champ_interface']]) . ","; } } } /*SUIVI AVANT UPDATE*/ $select = "SELECT " . rtrim($champs, ',') . " FROM lr.{$i} AS t WHERE uid=" . $id . ";"; if (DEBUG) { echo "<br>" . $select; } $result = pg_query($db, $select) or die("Erreur pgSQL : " . pg_result_error($result)); $backup = pg_fetch_array($result, NULL, PGSQL_ASSOC); // Old values foreach ($backup as $field => $val_1) {
$code = ""; } $query = "UPDATE " . SQL_schema_app . ".utilisateur SET \n\tid_cbn=" . sql_format_num($_POST["id_cbn"]) . ",\n\tnom=" . sql_format($_POST["nom"]) . ",\n\tprenom=" . sql_format($_POST["prenom"]) . ",\n\t" . $code . "\n\ttel_bur=" . sql_format($_POST["tel_bur"]) . ",\n\ttel_port=" . sql_format($_POST["tel_port"]) . ",\n\ttel_int=" . sql_format($_POST["tel_int"]) . ",\n\temail=" . sql_format($_POST["email"]) . ",\n\tweb=" . sql_format($_POST["web"]) . ",\n\t" . $query_niveau . "\n\t" . $query_ref . "\n\tdescr=" . sql_format($_POST["descr"]) . " \n\tWHERE id_user='******';"; echo $query; $result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result)); add_log("log", 4, $id_user, getenv("REMOTE_ADDR"), "Admin. edit user", $id, "utilisateur"); } else { //------------------------------------------------------------------------------ ADD foreach ($rubrique as $key => $val) { if (empty($_POST["niveau_" . $key])) { $_POST["niveau_" . $key] = 0; } $val_niveau .= sql_format_num($_POST["niveau_" . $key]) . ","; $key_niveau .= "niveau_" . $key . ","; if (empty($_POST["ref_" . $key])) { $_POST["ref_" . $key] = 0; } $val_ref .= sql_format_bool($_POST["ref_" . $key]) . ","; $key_ref .= "ref_" . $key . ","; } $id = strtoupper(substr(stripAccents($_POST['prenom']), 0, 2) . substr(stripAccents($_POST['nom']), 0, 2)) . mt_rand(1, 9); $query = "INSERT INTO " . SQL_schema_app . ".utilisateur (id_user, id_cbn,nom,prenom,login,pw,tel_bur,tel_port,tel_int,email,web,\n\t{$key_niveau}\n\t{$key_ref}\n\tdescr)\n\tVALUES (\n\t\t'" . $id . "',\n\t\t" . sql_format_num($_POST["id_cbn"]) . ",\n\t\t" . sql_format($_POST["nom"]) . ",\n\t\t" . sql_format($_POST["prenom"]) . ",\n\t\t" . sql_format($_POST["login"]) . ",\n\t\t" . sql_format($_POST["pw"]) . ",\n\t\t" . sql_format($_POST["tel_bur"]) . ",\n\t\t" . sql_format($_POST["tel_port"]) . ",\n\t\t" . sql_format($_POST["tel_int"]) . ",\n\t\t" . sql_format($_POST["email"]) . ",\n\t\t" . sql_format($_POST["web"]) . ",\n\t\t{$val_niveau} {$val_ref}\n\t\t" . sql_format($_POST["descr"]) . ");"; echo $query; $result = pg_query($db, $query) or die("Erreur pgSQL : " . pg_result_error($result)); add_log("log", 4, $id_user, getenv("REMOTE_ADDR"), "Admin. ajout user", $id, "utilisateur"); } //------------------------------------------------------------------------------ FONCTIONS function stripAccents($string) { return strtr($string, 'àáâãäçèéêëìíîïñòóôõöùúûüýÿÀÁÂÃÄÇÈÉÊËÌÍÎÏÑÒÓÔÕÖÙÚÛÜÝ', 'aaaaaceeeeiiiinooooouuuuyyAAAAACEEEEIIIINOOOOOUUUUY'); }
/*--------------------------------------------------*/ /*ici ajouter la GESTION DES MODIFICATIONS ET SUIVI*/ /*-------------------------------------------------*/ } else { // ADD //------------------------------------------------------------------------------ Valeurs numériques if ($_POST['etape'] == "") { $_POST['etape'] = 2; } //------------------------------------------------------------------------------ /*Paramètre à ajouter*/ $in["cd_ref"] = sql_format_num($_POST["cd_ref"]); $in["famille"] = sql_format_quote($_POST["famille"], 'do'); $in["nom_sci"] = sql_format_quote($_POST["nom_sci"], 'do'); $in["cd_rang"] = sql_format($_POST["cd_rang"]); $in["nom_verna"] = sql_format_quote($_POST["nom_verna"], 'do'); $in["hybride"] = sql_format_bool($_POST["hybride"], 'do'); $rub[$id_page] = 'true'; $uid = add_taxon($in, $rub); add_suivi2($_POST["etape"], $id_user, $uid, "taxons", "nom", null, sql_format_num($_POST["nom_sci"]), 'applications', 'manuel', 'ajout'); add_suivi2($_POST["etape"], $id_user, $uid, "taxons", "uid", null, $uid, 'applications', 'manuel', 'ajout'); } /* if (!DEBUG) { echo ("<script language=\"javascript\" type=\"text/javascript\">"); echo ("window.location.replace ( \"index.php\")"); echo ("</script>"); } */ pg_close($db); return true;
//------------------------------------------------------------------------------ ADD. /*SUIVI DES MODIFICATIONS ET UPDATE*/ $liste_champs = ''; foreach ($aColumnsTot[$id_page] as $key => $val) { if ($val['modifiable'] == 't' and $val['table_champ'] == "ddd" and $val['nom_champ'] != "id_from") { /*récupération des champs modifiables*/ $liste_champs .= "\"" . $val['champ_interface'] . "\","; /*construction de l'update*/ if ($val['type'] == 'string') { $values .= sql_format_quote($_POST[$val['champ_interface']], 'do') . ","; } if ($val['type'] == 'val') { $values .= sql_format_quote($_POST[$val['champ_interface']], 'do') . ","; } if ($val['type'] == 'bool') { $values .= sql_format_bool($_POST[$val['champ_interface']]) . ","; } if ($val['type'] == 'int') { $values .= sql_format_num($_POST[$val['champ_interface']]) . ","; } } } $insert = "INSERT INTO fsd.ddd (" . rtrim($liste_champs, ',') . ") VALUES (" . rtrim($values, ',') . ") RETURNING uid"; /*INSERT*/ if (DEBUG) { echo "<br>" . $insert; } $result = pg_query($db, $insert) or die("Erreur pgSQL : " . pg_result_error($result)); $uid = pg_fetch_row($result); if (!empty($_POST['id_from'])) { $idfrominsert = null;
if ($val['modifiable'] == 't' and $val['table_champ'] == $i) { /*récupération des champs modifiables*/ $champs .= "\"" . $i . "\".\"" . $val['nom_champ'] . "\","; /*verification que l'appli reçoit bien $val['nom_champ']==='nomCompletSyntaxon' */ //echo "1:".$val['nom_champ']; //if ($val['nom_champ']!=='nomCompletSyntaxon') echo " is nomComplet is false<br>"; //if ($val['nom_champ']==='nomCompletSyntaxon') echo " is nomComplet is true<br>"; /*construction de l'update*/ if ($val['type'] == 'string' and $val['nom_champ'] !== 'nomCompletSyntaxon') { $update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_quote($_POST[$val['nom_champ']], 'do') . ","; } if ($val['type'] == 'val') { $update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_quote($_POST[$val['nom_champ']], 'do') . ","; } if ($val['type'] == 'bool') { $update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_bool($_POST[$val['nom_champ']]) . ","; } if ($val['type'] == 'int') { $update .= "\"" . $val['nom_champ'] . "\" = " . sql_format_num($_POST[$val['nom_champ']]) . ","; } } } //echo "<br> voici l'update avant trim <bre>".$update ; /*on ajoute le nom complet car parfois ne fonctionne pas en formulaire*/ //si on avait pas ajouté le nomComplet en bout de la variable update, il aurait fallu supprimer la virgule générée par la boucle (d'où le rtrim initial) //$update = rtrim($update,',')." WHERE \"codeEnregistrementSyntax\" = ".$id.";"; $update .= " \"nomCompletSyntaxon\" = '" . $_POST['nomSyntaxon'] . " " . $_POST['auteurSyntaxon'] . "' "; /*on ajoute la condition sur le code de l'enregistrement*/ $update .= "WHERE \"codeEnregistrementSyntax\"=" . $id . ";"; if (DEBUG) { echo "<br> update = " . $update;