* params: elem_name,pid_sel * returns: HTML select box * test: snippets/retPlayerSelect.php?elem_name=vpid&pid_sel=2 */ foreach ($_GET as $secvalue) { if (eregi("<[^>]*script*\"?[^>]*>", $secvalue) or eregi("\\([^>]*.*\"?[^>]*\\)", $secvalue)) { die("X"); } } require_once "../code/config.php"; require_once "../includes/sql_layer.php"; require_once "../api_rs.php"; require_once "../api_format.php"; require_once "../lsdbcontroller.php"; # incoming PARAM check if (isset($_GET['elem_name'])) { $elem_name = strip_tags($_GET['elem_name']); } else { $elem_name = ''; } if (isset($_GET['pid_sel'])) { $pid_sel = strip_tags($_GET['pid_sel']); } else { $pid_sel = 0; } # create DB connection $dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname); # call controller header('Content-Type: application/html; charset=ISO-8859-1'); echo Select_Player($elem_name, $pid_sel);
<?php $OUT = ""; $OUT = "<table cellspacing=2>"; $OUT = $OUT . "<tr><td class=\"bluebox\">Player</td><td id=\"select_player\" name=\"select_player\">" . Select_Player('spid', 0) . "</td></tr>"; $OUT = $OUT . "<tr><td class=\"bluebox\">Statistik Gruppe</td><td id=\"select_statcode\" name=\"select_statcode\">" . Select_StatGroup('scode', 3, 'getdates(this)') . "</td></tr>"; $OUT = $OUT . "<tr><td class=\"bluebox\">Stichtag</td><td id=\"select_statdate\" name=\"select_statdate\">" . Select_StatDate(0, '', 'sdate') . "</td></tr>"; $OUT = $OUT . "<tr><td class=\"bluebox\">Value</td><td id=\"input_statval\" name=\"input_statval\">" . _input(1, 'sval', '', 8, 8) . "</td></tr>"; $OUT = $OUT . "<tr><td class=\"bluebox\">Anzahl Legs</td><td id=\"input_statlegs\" name=\"input_statlegs\">" . _input(1, 'slegs', '', 4, 4) . "</td></tr>"; $OUT = $OUT . "<tr><td class=\"bluebox\">Anzahl Sets</td><td id=\"input_statsets\" name=\"input_statsets\">" . _input(1, 'ssets', '', 4, 4) . "</td></tr>"; $OUT = $OUT . "</table>"; return $OUT;