function saveItems()
{
$db = new DB();
$items = $_POST['items'];
foreach ($items as $item) {
$rif = $db->select("SELECT rif_id FROM rifs_items WHERE id = " . $db->quote($item['id']))[0];
if (verifyAdminOrRifInstructor($rif)) {
$db->query("UPDATE rifs_items\n\t\t\t SET name = " . $db->quote($item['name']) . " ,\n\t\t\t cost = " . $db->quote($item['cost']) . " ,\n\t\t\t quantity = " . $db->quote($item['quantity']) . " \n\t\t\t WHERE id = " . $db->quote($item['id']));
}
}
$db->query("UPDATE rifs \n\t SET room_rate = " . $db->quote($_POST['room_rate']) . ", \n\t room_hours = " . $db->quote($_POST['room_hours']) . ", \n\t text_facilities = " . $db->quote($_POST['text_facilities']) . ", \n\t fee_uw = " . $db->quote($_POST['fee_uw']) . ", \n\t expected = " . $db->quote($_POST['expected']) . ",\n\t loc_spec = " . $db->quote($_POST['loc_spec']) . ", \n\t loc_gen = " . $db->quote($_POST['loc_gen']) . ",\n\t fee_gen = " . $db->quote($_POST['fee_gen']) . " \n\t WHERE id = " . $db->quote($_GET['id']));
var_dump($_POST);
die;
}
<?php
require '../common.php';
session_start();
if (!verifyAdminOrRifInstructor($_GET['id'])) {
error('Access Denied', 'You are not cleared to edit or view this page');
}
$db = new DB();
if (isset($_POST['text'])) {
$db->query('INSERT INTO galleys (id, text) VALUES (' . $db->quote($_GET['id']) . ',' . $db->quote($_POST['text']) . ')
ON DUPLICATE KEY UPDATE text = ' . $db->quote($_POST['text']));
if ($_POST['continue']) {
header('Location: galleys.php');
die;
}
header('Location: galley.php?id=' . $_GET['id']);
die;
}
if (isset($_GET['allgalleys'])) {
head();
?>
<section class='content'><div class='container'><h2>All Galleys</h2>
<?php
$galleys = $db->select('SELECT galleys.text FROM galleys
JOIN rifs ON galleys.id = rifs.id
ORDER BY rifs.category');
foreach ($galleys as $galley) {
?>
<p style='white-space: pre-wrap'><?php
echo htmlspecialchars($galley['text']);
?>
