function saveItems() { $db = new DB(); $items = $_POST['items']; foreach ($items as $item) { $rif = $db->select("SELECT rif_id FROM rifs_items WHERE id = " . $db->quote($item['id']))[0]; if (verifyAdminOrRifInstructor($rif)) { $db->query("UPDATE rifs_items\n\t\t\t SET name = " . $db->quote($item['name']) . " ,\n\t\t\t cost = " . $db->quote($item['cost']) . " ,\n\t\t\t quantity = " . $db->quote($item['quantity']) . " \n\t\t\t WHERE id = " . $db->quote($item['id'])); } } $db->query("UPDATE rifs \n\t SET room_rate = " . $db->quote($_POST['room_rate']) . ", \n\t room_hours = " . $db->quote($_POST['room_hours']) . ", \n\t text_facilities = " . $db->quote($_POST['text_facilities']) . ", \n\t fee_uw = " . $db->quote($_POST['fee_uw']) . ", \n\t expected = " . $db->quote($_POST['expected']) . ",\n\t loc_spec = " . $db->quote($_POST['loc_spec']) . ", \n\t loc_gen = " . $db->quote($_POST['loc_gen']) . ",\n\t fee_gen = " . $db->quote($_POST['fee_gen']) . " \n\t WHERE id = " . $db->quote($_GET['id'])); var_dump($_POST); die; }
<?php require '../common.php'; session_start(); if (!verifyAdminOrRifInstructor($_GET['id'])) { error('Access Denied', 'You are not cleared to edit or view this page'); } $db = new DB(); if (isset($_POST['text'])) { $db->query('INSERT INTO galleys (id, text) VALUES (' . $db->quote($_GET['id']) . ',' . $db->quote($_POST['text']) . ') ON DUPLICATE KEY UPDATE text = ' . $db->quote($_POST['text'])); if ($_POST['continue']) { header('Location: galleys.php'); die; } header('Location: galley.php?id=' . $_GET['id']); die; } if (isset($_GET['allgalleys'])) { head(); ?> <section class='content'><div class='container'><h2>All Galleys</h2> <?php $galleys = $db->select('SELECT galleys.text FROM galleys JOIN rifs ON galleys.id = rifs.id ORDER BY rifs.category'); foreach ($galleys as $galley) { ?> <p style='white-space: pre-wrap'><?php echo htmlspecialchars($galley['text']); ?>