function SaveReport($reportname, $report, $rtitle, $rstatus, $strXML, $saveas)
{
$reportname = GoodFieldName($reportname);
$report = GoodFieldName($report);
if (!@$_SESSION["UserID"]) {
$_SESSION["UserID"] = " ";
}
// #9875 It's expected that webreports, webreport_style tables belong to the same db connection
$connection = getWebreportConnection();
$strSQL = "SELECT " . $connection->addFieldWrappers("rpt_id") . " FROM " . $connection->addTableWrappers("webreports") . " WHERE " . $connection->addFieldWrappers("rpt_name") . "=" . $connection->prepareString($reportname) . " and " . $connection->addFieldWrappers("rpt_type") . "='report'";
$data = $connection->query($strSQL)->fetchAssoc();
if ($data && (!$saveas || $reportname == $report)) {
$strSQL = "UPDATE " . $connection->addTableWrappers("webreports") . " SET " . $connection->addFieldWrappers("rpt_name") . "=" . $connection->prepareString($report) . ", " . $connection->addFieldWrappers("rpt_title") . "=" . $connection->prepareString($rtitle) . ", " . $connection->addFieldWrappers("rpt_content") . "=" . PrepareString4DB($strXML, $connection) . ", " . $connection->addFieldWrappers("rpt_status") . "=" . $connection->prepareString($rstatus) . ", " . $connection->addFieldWrappers("rpt_mdate") . "='" . now() . "' WHERE " . $connection->addFieldWrappers("rpt_name") . "=" . $connection->prepareString($reportname) . " and " . $connection->addFieldWrappers("rpt_type") . "='report'";
$connection->exec($strSQL);
} else {
$strSQL = "INSERT INTO " . $connection->addTableWrappers("webreports") . " ( " . $connection->addFieldWrappers("rpt_name") . ", " . $connection->addFieldWrappers("rpt_title") . ", " . $connection->addFieldWrappers("rpt_cdate") . ", " . $connection->addFieldWrappers("rpt_mdate") . ", " . $connection->addFieldWrappers("rpt_content") . ", " . $connection->addFieldWrappers("rpt_owner") . ", " . $connection->addFieldWrappers("rpt_status") . ", " . $connection->addFieldWrappers("rpt_type") . " )";
$strSQL .= " VALUES(" . $connection->prepareString($report) . ", " . $connection->prepareString($rtitle) . ", '" . now() . "', '" . now() . "', " . PrepareString4DB($strXML, $connection) . ", " . $connection->prepareString(@$_SESSION["UserID"]) . ", " . $connection->prepareString($rstatus) . ", 'report')";
$connection->exec($strSQL);
}
$strSQL = "UPDATE " . $connection->addTableWrappers("webreport_style") . " set " . $connection->addFieldWrappers("repname") . "=" . $connection->prepareString($report) . " where " . $connection->addFieldWrappers("repname") . "='" . $_SESSION['webreports_oldname'] . "'";
$connection->exec($strSQL);
}
function SaveReport($reportname, $report, $rtitle, $rstatus, $strXML, $saveas) {
global $conn;
$reportname=GoodFieldName($reportname);
$report=GoodFieldName($report);
if(!@$_SESSION["UserID"])
$_SESSION["UserID"]=" ";
$strSQL = "SELECT ".AddFieldWrappers("rpt_id")." FROM ".AddTableWrappers("webreports")." WHERE ".AddFieldWrappers("rpt_name")."=".db_prepare_string($reportname)." and ".AddFieldWrappers("rpt_type")."='report'";
$rsReport = db_query($strSQL,$conn);
$data=db_fetch_array($rsReport);
if ( $data && (!$saveas || $reportname==$report)) {
$strSQL = "UPDATE ".AddTableWrappers("webreports")." SET ".AddFieldWrappers("rpt_name")."=".db_prepare_string($report).", ".AddFieldWrappers("rpt_title")."=".db_prepare_string($rtitle).", ".AddFieldWrappers("rpt_content")."=".PrepareString4DB($strXML).", ".AddFieldWrappers("rpt_status")."=".db_prepare_string($rstatus).", ".AddFieldWrappers("rpt_mdate")."='".now()."' WHERE ".AddFieldWrappers("rpt_name")."=".db_prepare_string($reportname)." and ".AddFieldWrappers("rpt_type")."='report'";
$rsReport = db_exec($strSQL,$conn);
} else {
$strSQL = "INSERT INTO ".AddTableWrappers("webreports")." ( ".AddFieldWrappers("rpt_name").", ".AddFieldWrappers("rpt_title").", ".AddFieldWrappers("rpt_cdate").", ".AddFieldWrappers("rpt_mdate").", ".AddFieldWrappers("rpt_content").", ".AddFieldWrappers("rpt_owner").", ".AddFieldWrappers("rpt_status").", ".AddFieldWrappers("rpt_type")." )";
$strSQL .= " VALUES(".db_prepare_string($report).", ".db_prepare_string($rtitle).", '".now()."', '".now()."', ".PrepareString4DB($strXML).", ".db_prepare_string(@$_SESSION["UserID"]).", ".db_prepare_string($rstatus).", 'report')";
$rsReport = db_exec($strSQL,$conn);
}
$strSQL = "UPDATE ".AddTableWrappers("webreport_style")." set ".AddFieldWrappers("repname")."=".db_prepare_string($report)." where ".AddFieldWrappers("repname")."='".$_SESSION['webreports_oldname']."'";
$rsReport = db_exec($strSQL,$conn);
}