$sql = ''; foreach ($change as $value) { $sql .= empty($sql) ? "UPDATE {$table_prefix}issue SET {$value}" : ", {$value}"; } if (!empty($sql)) { $sql .= " WHERE id = {$issue_id}"; if (!($result = mysql_query($sql))) { print_error(); } } if ($owner != 'DEFAULT') { if ($owner != $bussd["user_id"]) { bust_an_email($owner, $issue_id, 'given'); } if ($current["owner_id"] != $bussd["user_id"]) { bust_an_email($current["owner_id"], $issue_id, 'taken'); } } header("Location: issue.php?id={$issue_id}"); } if (empty($_GET["id"]) || !is_numeric($_GET["id"])) { die("you must specify a valid id."); } else { $id = $_GET["id"]; } header('Content-Type: text/html; charset=utf-8'); $sql = "SELECT {$table_prefix}owner.id owner_id , " . " {$table_prefix}milestone.id milestone_id , " . " {$table_prefix}status.id status_id , " . " {$table_prefix}severity.id severity_id , " . " {$table_prefix}type.id type_id , " . " {$table_prefix}issue.subject subject " . "FROM {$table_prefix}issue " . "LEFT JOIN {$table_prefix}user {$table_prefix}owner " . " ON {$table_prefix}owner.id = {$table_prefix}issue.owner_id " . "LEFT JOIN {$table_prefix}milestone " . " ON {$table_prefix}milestone.id = {$table_prefix}issue.milestone_id " . "LEFT JOIN {$table_prefix}status " . " ON {$table_prefix}status.id = {$table_prefix}issue.status_id " . "LEFT JOIN {$table_prefix}severity " . " ON {$table_prefix}severity.id = {$table_prefix}issue.severity_id " . "LEFT JOIN {$table_prefix}type " . " ON {$table_prefix}type.id = {$table_prefix}issue.type_id " . "WHERE {$table_prefix}issue.id = {$id} "; if (!($result = mysql_query($sql))) { print_error(); } if (mysql_num_rows($result) !== 1) {
$type = is_numeric($_POST["type"]) ? $_POST["type"] : 'DEFAULT'; $message = !empty($_POST["message"]) ? "'" . clean($_POST["message"]) . "'" : 'DEFAULT'; $sql = "INSERT INTO {$table_prefix}issue " . "SET owner_id = {$owner} , " . " milestone_id = {$milestone} , " . " status_id = {$status} , " . " severity_id = {$severity} , " . " type_id = {$type} , " . " subject = {$subject} "; if (!($result = mysql_query($sql))) { print_error(); } $issue_id = mysql_insert_id(); if (empty($issue_id)) { die("something terrible happened. sorry."); } $sql = "INSERT INTO {$table_prefix}issue_revision " . "SET issue_id = {$issue_id} , " . " author_id = {$bussd["user_id"]}, " . " date = UNIX_TIMESTAMP() , " . " owner_id = {$owner} , " . " milestone_id = {$milestone} , " . " status_id = {$status} , " . " severity_id = {$severity} , " . " type_id = {$type} , " . " subject = {$subject} , " . " message = {$message} "; if (!($result = mysql_query($sql))) { print_error(); } if (is_numeric($owner) && $owner != $bussd["user_id"]) { bust_an_email($owner, $issue_id, 'created'); } header("Location: issue.php?id={$issue_id}"); } header('Content-Type: text/html; charset=utf-8'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>create—issue—<?php echo $project_name; ?> </title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="style.php" /> </head>