function change_order_data() { $result = array(); global $auth; $order_id = intval($_REQUEST['order_id']); if (!$order_id) { return array('mess' => 'no order id', 'result' => false); } require_once CLASSPATH . 'ps_country.php'; $db = new ps_DB(); $db->query('SELECT COUNT(*) AS cnt FROM address_log WHERE order_id = "' . $order_id . '"'); $db->next_record(); if (!$db->f('cnt')) { // записали авторские данные $sql = 'SELECT first_name, phone_1, address_1, country, state, zip, user_email FROM jos_vm_order_user_info WHERE order_id = "' . $order_id . '"'; $db->query($sql); $db->next_record(); $country = new ps_country(); $dbc = $country->get_country_by_code($db->f('country')); $country_name = $dbc->f('country_name'); $dbc = $country->get_state_by_code($db->f('state'), $db->f('country')); $state_name = $dbc->f('state_name'); $sql = 'INSERT INTO address_log (order_id, first_name, phone_1, address_1, country, state, zip, user_email, user_id, date) VALUES ( "' . $order_id . '", "' . mysql_escape_string($db->f('first_name')) . '", "' . mysql_escape_string($db->f('phone_1')) . '", "' . mysql_escape_string($db->f('address_1')) . '", "' . mysql_escape_string($country_name) . '", "' . mysql_escape_string($state_name) . '", "' . mysql_escape_string($db->f('zip')) . '", "' . mysql_escape_string($db->f('user_email')) . '", "0", NOW())'; $db->query($sql); } // апдейтнули $sql = 'UPDATE jos_vm_order_user_info SET first_name = "' . mysql_escape_string($_REQUEST['first_name']) . '", phone_1 = "' . mysql_escape_string($_REQUEST['phone_1']) . '", address_1 = "' . mysql_escape_string($_REQUEST['address_1']) . '", country = "' . mysql_escape_string($_REQUEST['country']) . '", state = "' . mysql_escape_string($_REQUEST['state']) . '", zip = "' . mysql_escape_string($_REQUEST['zip']) . '", user_email = "' . mysql_escape_string($_REQUEST['user_email']) . '" WHERE order_id = "' . mysql_escape_string($_REQUEST['order_id']) . '"'; $db = new ps_DB(); $db->query($sql); // записали ещё раз $sql = 'SELECT first_name, phone_1, address_1, country, state, zip, user_email FROM jos_vm_order_user_info WHERE order_id = "' . $order_id . '"'; $db->query($sql); $db->next_record(); $country = new ps_country(); $dbc = $country->get_country_by_code($db->f('country')); $country_name = $dbc->f('country_name'); $dbc = $country->get_state_by_code($db->f('state'), $db->f('country')); $state_name = $dbc->f('state_name'); $sql = 'INSERT INTO address_log (order_id, first_name, phone_1, address_1, country, state, zip, user_email, user_id, date) VALUES ( "' . $order_id . '", "' . mysql_escape_string($db->f('first_name')) . '", "' . mysql_escape_string($db->f('phone_1')) . '", "' . mysql_escape_string($db->f('address_1')) . '", "' . mysql_escape_string($country_name) . '", "' . mysql_escape_string($state_name) . '", "' . mysql_escape_string($db->f('zip')) . '", "' . mysql_escape_string($db->f('user_email')) . '", "' . mysql_escape_string($auth['user_id']) . '", NOW())'; $db->query($sql); $result['mess'] = 'OK'; $result['result'] = true; return $result; }
<td width="65%" align="left"><?php switch ($field->name) { case 'country': $country = new ps_country(); $dbc = $country->get_country_by_code($dbt->f($field->name)); $country_id = $dbt->f($field->name); //if ($dbc !== false) // echo $dbc->f('country_name'); $ps_html = new ps_html(); $onchange = "onchange=\"changeStateList();\""; $ps_html->list_country("country", $country_id, "id=\"country_field\" {$onchange}"); break; case 'state': $country = new ps_country(); $state = $dbt->f($field->name); $dbc = $country->get_state_by_code($state, $country_id); //if ($dbc !== false) // echo $dbc->f('state_name'); echo $ps_html->dynamic_state_lists("country", "state", $country_id, $state); break; default: $fieldvalue = $dbt->f($field->name); if (0) { echo " "; } else { echo '<input type="text" name="' . $field->name . '" value="' . htmlspecialchars($fieldvalue) . '" class="order_user_filed">'; } break; } ?> </td>