* params: elem_name,pid_sel
* returns: HTML select box
* test: snippets/retPlayerSelect.php?elem_name=vpid&pid_sel=2
*/
foreach ($_GET as $secvalue) {
if (eregi("<[^>]*script*\"?[^>]*>", $secvalue) or eregi("\\([^>]*.*\"?[^>]*\\)", $secvalue)) {
die("X");
}
}
require_once "../code/config.php";
require_once "../includes/sql_layer.php";
require_once "../api_rs.php";
require_once "../api_format.php";
require_once "../lsdbcontroller.php";
# incoming PARAM check
if (isset($_GET['elem_name'])) {
$elem_name = strip_tags($_GET['elem_name']);
} else {
$elem_name = '';
}
if (isset($_GET['pid_sel'])) {
$pid_sel = strip_tags($_GET['pid_sel']);
} else {
$pid_sel = 0;
}
# create DB connection
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
# call controller
header('Content-Type: application/html; charset=ISO-8859-1');
echo Select_Player($elem_name, $pid_sel);
<?php
$OUT = "";
$OUT = "<table cellspacing=2>";
$OUT = $OUT . "<tr><td class=\"bluebox\">Player</td><td id=\"select_player\" name=\"select_player\">" . Select_Player('spid', 0) . "</td></tr>";
$OUT = $OUT . "<tr><td class=\"bluebox\">Statistik Gruppe</td><td id=\"select_statcode\" name=\"select_statcode\">" . Select_StatGroup('scode', 3, 'getdates(this)') . "</td></tr>";
$OUT = $OUT . "<tr><td class=\"bluebox\">Stichtag</td><td id=\"select_statdate\" name=\"select_statdate\">" . Select_StatDate(0, '', 'sdate') . "</td></tr>";
$OUT = $OUT . "<tr><td class=\"bluebox\">Value</td><td id=\"input_statval\" name=\"input_statval\">" . _input(1, 'sval', '', 8, 8) . "</td></tr>";
$OUT = $OUT . "<tr><td class=\"bluebox\">Anzahl Legs</td><td id=\"input_statlegs\" name=\"input_statlegs\">" . _input(1, 'slegs', '', 4, 4) . "</td></tr>";
$OUT = $OUT . "<tr><td class=\"bluebox\">Anzahl Sets</td><td id=\"input_statsets\" name=\"input_statsets\">" . _input(1, 'ssets', '', 4, 4) . "</td></tr>";
$OUT = $OUT . "</table>";
return $OUT;
