$updateSQL .= "brewCarbonationMethod=" . GetSQLValueString($_POST['brewCarbonationMethod'], "text") . ", "; $updateSQL .= "brewCarbonationVol=" . GetSQLValueString($_POST['brewCarbonationVol'], "text") . ", "; $updateSQL .= "brewCarbonationNotes=" . GetSQLValueString($_POST['brewCarbonationNotes'], "text") . ", "; $updateSQL .= "brewBoilHours=" . GetSQLValueString($_POST['brewBoilHours'], "text") . ", "; $updateSQL .= "brewBoilMins=" . GetSQLValueString($_POST['brewBoilMins'], "text") . ", "; } $updateSQL .= "brewName=" . GetSQLValueString(capitalize($brewName), "text") . ", "; $updateSQL .= "brewStyle=" . GetSQLValueString($row_style_name['brewStyle'], "text") . ", "; $updateSQL .= "brewCategory=" . GetSQLValueString($styleTrim, "text") . ", "; $updateSQL .= "brewCategorySort=" . GetSQLValueString($styleFix, "text") . ", "; $updateSQL .= "brewSubCategory=" . GetSQLValueString($style[1], "text") . ", "; $updateSQL .= "brewInfo=" . GetSQLValueString($brewInfo, "text") . ", "; $updateSQL .= "brewMead1=" . GetSQLValueString($brewMead1, "text") . ", "; $updateSQL .= "brewMead2=" . GetSQLValueString($brewMead2, "text") . ", "; $updateSQL .= "brewMead3=" . GetSQLValueString($brewMead3, "text") . ", "; $updateSQL .= "brewComments=" . GetSQLValueString(strip_newline($_POST['brewComments']), "text") . ", "; $updateSQL .= "brewBrewerID=" . GetSQLValueString($brewBrewerID, "text") . ", "; $updateSQL .= "brewBrewerFirstName=" . GetSQLValueString($brewBrewerFirstName, "text") . ", "; $updateSQL .= "brewBrewerLastName=" . GetSQLValueString($brewBrewerLastName, "text") . ", "; $updateSQL .= "brewJudgingLocation=" . GetSQLValueString($row_style_name['brewStyleJudgingLoc'], "text") . ", "; $updateSQL .= "brewCoBrewer=" . GetSQLValueString(ucwords($_POST['brewCoBrewer']), "text") . ", "; $updateSQL .= "brewUpdated=" . "NOW( ), "; $updateSQL .= "brewJudgingNumber=" . GetSQLValueString($_POST['brewJudgingNumber'], "text") . ", "; $updateSQL .= "brewConfirmed=" . GetSQLValueString($_POST['brewConfirmed'], "text"); $updateSQL .= " WHERE id ='" . $id . "'"; mysql_real_escape_string($updateSQL); mysql_select_db($database, $brewing); $result1 = mysql_query($updateSQL, $brewing) or die(mysql_error()); //echo $updateSQL."<br>"; // Build updade url if (check_special_ingredients($styleBreak, $_SESSION['prefsStyleSet']) && $_POST['brewInfo'] == "") {
mysql_real_escape_string($updateSQL); $result1 = mysql_query($updateSQL, $brewing) or die(mysql_error()); } $massUpdateGoTo = $base_url . "index.php?section=admin&go=mods&msg=9"; $pattern = array('\'', '"'); $massUpdateGoTo = str_replace($pattern, "", $massUpdateGoTo); header(sprintf("Location: %s", stripslashes($massUpdateGoTo))); } if ($action == "add") { $insertSQL = sprintf("\r\n\t\t\t\t\t\tINSERT INTO {$mods_db_table} \r\n\t\t\t\t\t\t(\r\n\t\t\t\t\t\tmod_name,\r\n\t\t\t\t\t\tmod_type, \r\n\t\t\t\t\t\tmod_extend_function, \r\n\t\t\t\t\t\tmod_extend_function_admin, \r\n\t\t\t\t\t\tmod_filename, \r\n\t\t\t\t\t\tmod_description, \r\n\t\t\t\t\t\tmod_permission, \r\n\t\t\t\t\t\tmod_rank, \r\n\t\t\t\t\t\tmod_display_rank,\r\n\t\t\t\t\t\tmod_enable\r\n\t\t\t\t\t\t) \r\n\t\t\t\t\t\tVALUES \r\n\t\t\t\t\t\t(\r\n\t\t\t\t\t\t%s, %s, %s, %s, %s,\r\n\t\t\t\t\t\t%s, %s, %s, %s, %s\r\n\t\t\t\t\t\t)", GetSQLValueString(strtr($_POST['mod_name'], $html_string), "text"), GetSQLValueString($_POST['mod_type'], "int"), GetSQLValueString($_POST['mod_extend_function'], "int"), GetSQLValueString($mod_extend_function_admin, "text"), GetSQLValueString($_POST['mod_filename'], "text"), GetSQLValueString(strip_newline($_POST['mod_description']), "text"), GetSQLValueString($_POST['mod_permission'], "int"), GetSQLValueString($_POST['mod_rank'], "int"), GetSQLValueString($_POST['mod_display_rank'], "int"), GetSQLValueString($_POST['mod_enable'], "int")); mysql_select_db($database, $brewing); mysql_real_escape_string($insertSQL); $result1 = mysql_query($insertSQL, $brewing) or die(mysql_error()); $pattern = array('\'', '"'); $insertGoTo = str_replace($pattern, "", $insertGoTo); header(sprintf("Location: %s", stripslashes($insertGoTo))); } if ($action == "edit") { $updateSQL = sprintf("\r\n\t\t\t\t\tUPDATE {$mods_db_table} SET \r\n\t\t\t\t\tmod_name=%s,\r\n\t\t\t\t\tmod_type=%s, \r\n\t\t\t\t\tmod_extend_function=%s, \r\n\t\t\t\t\tmod_extend_function_admin=%s, \r\n\t\t\t\t\tmod_filename=%s, \r\n\t\t\t\t\tmod_description=%s, \r\n\t\t\t\t\tmod_permission=%s, \r\n\t\t\t\t\tmod_rank=%s, \r\n\t\t\t\t\tmod_display_rank=%s,\r\n\t\t\t\t\tmod_enable=%s\r\n\t\t\t\t\tWHERE id=%s", GetSQLValueString(strtr($_POST['mod_name'], $html_string), "text"), GetSQLValueString($_POST['mod_type'], "int"), GetSQLValueString($_POST['mod_extend_function'], "int"), GetSQLValueString($mod_extend_function_admin, "text"), GetSQLValueString($_POST['mod_filename'], "text"), GetSQLValueString(strip_newline($_POST['mod_description']), "text"), GetSQLValueString($_POST['mod_permission'], "int"), GetSQLValueString($_POST['mod_rank'], "int"), GetSQLValueString($_POST['mod_display_rank'], "int"), GetSQLValueString($_POST['mod_enable'], "int"), GetSQLValueString($id, "int")); mysql_select_db($database, $brewing); mysql_real_escape_string($updateSQL); $result1 = mysql_query($updateSQL, $brewing) or die(mysql_error()); $pattern = array('\'', '"'); $updateGoTo = str_replace($pattern, "", $updateGoTo); header(sprintf("Location: %s", stripslashes($updateGoTo))); } } // end else NHC } else { echo "<p>Not available.</p>"; }
/* * Module: process_special_best_info.inc.php * Description: This module does all the heavy lifting for adding/editing info in the "special_best_info" table */ if (isset($_SESSION['loginUsername']) && $_SESSION['userLevel'] <= 1) { if (NHC) { // Place NHC SQL calls below } else { if ($action == "add") { $insertSQL = sprintf("INSERT INTO {$special_best_info_db_table} (sbi_name, sbi_description, sbi_places, sbi_rank, sbi_display_places) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString(strtr($_POST['sbi_name'], $html_string), "text"), GetSQLValueString(strip_newline($_POST['sbi_description']), "text"), GetSQLValueString($_POST['sbi_places'], "int"), GetSQLValueString($_POST['sbi_rank'], "int"), GetSQLValueString($_POST['sbi_display_places'], "int")); mysql_select_db($database, $brewing); mysql_real_escape_string($insertSQL); $result1 = mysql_query($insertSQL, $brewing) or die(mysql_error()); $pattern = array('\'', '"'); $insertGoTo = str_replace($pattern, "", $insertGoTo); header(sprintf("Location: %s", stripslashes($insertGoTo))); } if ($action == "edit") { $updateSQL = sprintf("UPDATE {$special_best_info_db_table} SET sbi_name=%s, sbi_description=%s, sbi_places=%s, sbi_rank=%s, sbi_display_places=%s WHERE id=%s", GetSQLValueString(strtr($_POST['sbi_name'], $html_string), "text"), GetSQLValueString(strip_newline($_POST['sbi_description']), "text"), GetSQLValueString($_POST['sbi_places'], "int"), GetSQLValueString($_POST['sbi_rank'], "int"), GetSQLValueString($_POST['sbi_display_places'], "int"), GetSQLValueString($id, "int")); mysql_select_db($database, $brewing); mysql_real_escape_string($updateSQL); $result1 = mysql_query($updateSQL, $brewing) or die(mysql_error()); $pattern = array('\'', '"'); $updateGoTo = str_replace($pattern, "", $updateGoTo); header(sprintf("Location: %s", stripslashes($updateGoTo))); } } // end else NHC } else { echo "<p>Not available.</p>"; }