Пример #1
0
if (!($until = strtotime($_POST['until']))) {
    fatal_error("het veld 'Zichtbaar vanaf' bevat geen geldige datum");
}
if (isset($_POST['bericht_id'])) {
    if ($_POST['submit'] == 'Opslaan') {
        // we wijzigen een bestaand bericht
        mdb2_exec("UPDATE berichten SET bericht_title = '%q', bericht_body = '%q', bericht_visiblefrom = '%q', bericht_visibleuntil = '%q', bericht_update = {$_SERVER['REQUEST_TIME']} WHERE bericht_id = %i", bbtohtml(htmlenc($_POST['title'])), bbtohtml(htmlenc($_POST['body'])), $from, $until, $_POST['bericht_id']);
        mdb2_exec("DELETE FROM entities2berichten WHERE bericht_id = %i", $_POST['bericht_id']);
        if (isset($_POST['entity_ids'])) {
            foreach ($_POST['entity_ids'] as $entity_id) {
                mdb2_exec("INSERT INTO entities2berichten ( entity_id, bericht_id ) VALUES ( %i, %i )", $entity_id, $_POST['bericht_id']);
            }
        }
    } else {
        if ($_POST['submit'] == 'Wissen') {
            mdb2_exec("DELETE FROM berichten WHERE bericht_id = %i", $_POST['bericht_id']);
            mdb2_exec("DELETE FROM entities2berichten WHERE bericht_id = %i", $_POST['bericht_id']);
        } else {
            fatal_error('onmogelijke submit!');
        }
    }
} else {
    mdb2_exec("INSERT INTO berichten ( bericht_title, bericht_body, bericht_visiblefrom, bericht_visibleuntil, bericht_update ) VALUES ( '%q', '%q', '%q', '%q', {$_SERVER['REQUEST_TIME']} )", bbtohtml(htmlenc($_POST['title'])), bbtohtml(htmlenc($_POST['body'])), $from, $until);
    $bericht_id = mdb2_last_insert_id();
    if (isset($_POST['entity_ids'])) {
        foreach ($_POST['entity_ids'] as $entity_id) {
            mdb2_exec("INSERT INTO entities2berichten ( entity_id, bericht_id ) VALUES ( %i, {$bericht_id} )", $entity_id);
        }
    }
}
header('Location: upload.php?secret=' . $_POST['secret']);
Пример #2
0
     $ally['ally_image'] = mysql_escape_string(htmlspecialchars(strip_tags($_POST['image'])));
     $ally['ally_request_notallow'] = intval($_POST['request_notallow']);
     if ($ally['ally_request_notallow'] != 0 && $ally['ally_request_notallow'] != 1) {
         message("Wähle bei \"Bewerbungen\" eine Option aus dem Formular!", "Fehler");
         exit;
     }
     doquery("UPDATE {{table}} SET\n                        `ally_owner_range`='{$ally['ally_owner_range']}',\n                        `ally_image`='{$ally['ally_image']}',\n                        `ally_web`='{$ally['ally_web']}',\n                        `ally_request_notallow`='{$ally['ally_request_notallow']}'\n                        WHERE `id`='{$ally['id']}'", "alliance");
 } elseif ($_POST['t']) {
     if ($t == 3) {
         $ally['ally_request'] = mysql_escape_string(strip_tags($_POST['text']));
         doquery("UPDATE {{table}} SET\n                                `ally_request`='{$ally['ally_request']}'\n                                WHERE `id`='{$ally['id']}'", "alliance");
     } elseif ($t == 2) {
         $ally['ally_text'] = mysql_escape_string(strip_tags($_POST['text']));
         doquery("UPDATE {{table}} SET\n                                `ally_text`='{$ally['ally_text']}'\n                                WHERE `id`='{$ally['id']}'", "alliance");
     } else {
         $ally['ally_description'] = bbtohtml($_POST['text']);
         $ally['ally_description'] = filter_var($_POST['text'], FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
         doquery("UPDATE {{table}} SET\n                                `ally_description`='" . $ally['ally_description'] . "'\n                                WHERE `id`='{$ally['id']}'", "alliance");
     }
 }
 $lang['dpath'] = $dpath;
 /*
   Depende del $t, muestra el formulario para cada tipo de texto.
 */
 if ($t == 3) {
     $lang['request_type'] = $lang['Show_of_request_text'];
 } elseif ($t == 2) {
     $lang['request_type'] = $lang['Internal_text'];
 } else {
     $lang['request_type'] = $lang['Public_text_of_alliance'];
 }