Example #1
0
	'nome'=>array('type'=>'string', 'length'=>255),
	'codweb'=>array('type'=>'string', 'length'=>25),
	'tipo_proced'=>array('type'=>'string', 'length'=>25),
	'responsable'=>array('type'=>'string', 'length'=>50),
	'corresponsable1'=>array('type'=>'string', 'length'=>50),
	'corresponsable2'=>array('type'=>'string', 'length'=>50),
	'corresponsable3'=>array('type'=>'string', 'length'=>50),
	'cons1select'=>array('type'=>'int', 'length'=>2),
	'cons2select'=>array('type'=>'int', 'length'=>2),
	'observacions'=>array('type'=>'string', 'length'=>5000),
	'promotor'=>array('type'=>'string', 'length'=>255),
	'org_promotor'=>array('type'=>'string', 'length'=>255),
	'org_sustantivo'=>array('type'=>'string', 'length'=>255),
	'gid'=>array('type'=>'int', 'length'=>4)
);

validateSqlInj();

/**** end SQL Injection validation ****/
function updateLocal()
{
    include '../conf/config.php';
    // connection to database goes here
    $dbconn = pg_connect("host={$host} port={$port} dbname={$db_name} user={$username} password={$password}") or die('Could not connect: ' . pg_last_error());
    pg_set_client_encoding($dbconn, "utf-8");
    $actualiza = "UPDATE locais SET \n\t\t\t\t\t\tnomecomercial='" . $_POST["nome"] . "', \n\t\t\t\t\t\tactividade_id='" . $_POST["actividade_id"] . "',\n\n\t\t\t\t\t\trexime='" . $_POST["rexime"] . "',\n\t\t\t\t\t\tapertura='" . $_POST["apertura"] . "',\n\t\t\t\t\t\tm2='" . $_POST["superficie"] . "',\n\t\t\t\t\t\tnomexerente='" . $_POST["xerente"] . "',\n\n\t\t\t\t\t\tzone_id='" . $_POST["zone_id"] . "',\n\t\t\t\t\t\t\n\t\t\t\t\t\tvia_id='" . $_POST["viaId"] . "',\n\t\t\t\t\t\trua='" . $_POST["rua"] . "',\n\t\t\t\t\t\tnum='" . $_POST["num"] . "',\n\t\t\t\t\t\tcp='" . $_POST["cp"] . "',\n\t\t\t\t\t\tlat='" . $_POST["lat"] . "',\n\t\t\t\t\t\tlon='" . $_POST["lon"] . "',\n\n\t\t\t\t\t\tweb='" . $_POST["web"] . "',\n\t\t\t\t\t\trs_facebook='" . $_POST["rs_facebook"] . "',\n\t\t\t\t\t\trs_twitter='" . $_POST["rs_twitter"] . "',\n\t\t\t\t\t\trs_pinterest='" . $_POST["rs_pinterest"] . "',\n\t\t\t\t\t\trs_youtube='" . $_POST["rs_youtube"] . "',\n\t\t\t\t\t\trs_instagram='" . $_POST["rs_instagram"] . "',\n\n\t\t\t\t\t\temail='" . $_POST["email"] . "',\n\t\t\t\t\t\ttelefono='" . $_POST["tlf"] . "',\n\t\t\t\t\t\tmobil='" . $_POST["mobil"] . "',\n\t\t\t\t\t\tfax='" . $_POST["fax"] . "'\n\t\t\t\t\t\t\n\n\t\t\t\t\tWHERE id = " . $_POST["idlocal"] . ";  ";
    pg_query($actualiza) or die('Could not insert: ' . pg_last_error());
    pg_close($dbconn);
}
updateLocal();
Example #2
0
        if (!move_uploaded_file($_FILES['logo']['tmp_name'], $target)) {
            $logo = null;
        }
    } else {
        $logo = $local->logo;
    }
    //Cargando Photo
    if (!empty($_FILES["photo"]["name"])) {
        $photo_ext = pathinfo($_FILES["photo"]["name"], PATHINFO_EXTENSION);
        $photo = $local->photo;
        if ($photo == null) {
            $cantidad_photos = getGlobal("cantidad_photos");
            $cantidad_photos = intval($cantidad_photos[0]->valor);
            $photo = "photo_" . ($cantidad_photos + 1) . "." . $photo_ext;
            $target = "../../photos/" . $photo;
            updateGlobal("cantidad_photos", $cantidad_photos + 1);
        } else {
            $target = "../../photos/" . $photo;
            @unlink($target);
        }
        if (!move_uploaded_file($_FILES['photo']['tmp_name'], $target)) {
            $photo = null;
        }
    } else {
        $photo = $local->photo;
    }
    $usuario = $_SESSION["userid"];
    updateLocal($id, $nombre, $telefono, $email, $logo, $photo, $horario, $descripcion);
    $html = file_get_contents("update-shop_exito.html");
}
echo $html;