/** * Creates a new page */ private function _insertPage($data) { error_reporting(E_ALL); $sql = "INSERT INTO " . TABLE_PREFIX . "page (title, slug, created_on, published_on, parent_id, layout_id, status_id, created_by_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"; $pdo = Record::getConnection(); $stm = $pdo->prepare($sql); $stm->execute($data); return Record::lastInsertId(); }
public function edit_option() { $this->clean_post($_POST); $tables = array(); $tables = isset($_POST['post_in_tables']) ? explode(',', str_replace(' ', '', $_POST['post_in_tables'])) : null; if (!AuthUser::hasPermission('shopping_cart_edit') || empty($tables)) { Flash::set('error', __('You are not allowed to perform this operation.')); redirect(get_url('plugin/shopping_cart/')); } $item_pk = isset($_POST['post_in_item']) ? $_POST['post_in_item'] : null; if (isset($_POST['post_in_item'])) { // update Record::query(" UPDATE " . $tables[0] . " SET\n a_id = '" . $_POST['attribute'] . "', \n name = '" . $_POST['name'] . "', \n description = '" . $_POST['description'] . "',\n add_price = '" . $_POST['add_price'] . "',\n priority = '" . $_POST['priority'] . "'\n WHERE id = '{$item_pk}'\n "); /* Record::query("delete from ".$tables[1]." where prod = '$item_pk' "); Record::query("delete from ".$tables[2]." where prod = '$item_pk' "); foreach($_POST['category'] as $v) { Record::query("insert into ".$tables[1]." (prod, cat) values ('$item_pk', '$v')"); } foreach($_POST['attributes'] as $v) { Record::query("insert into ".$tables[2]." (prod, attr) values ('$item_pk', '$v')"); } */ } else { // insert $DBlastid = Record::query(" INSERT INTO " . $tables[0] . "\n (name, a_id, description, add_price, priority)\n VALUES\n ('" . $_POST['name'] . "', '" . $_POST['attribute'][0] . "', '" . $_POST['description'] . "', '" . $_POST['add_price'] . "', '" . $_POST['priority'] . "')\n "); $item_pk = Record::lastInsertId($DBlastid); } Flash::set('success', __('Data has been saved successful.')); redirect(get_url("plugin/shopping_cart")); }
/** * Executed through the Observer system each time a page is found. * * @global <type> $__CMS_CONN__ * @param Page $page The object instance for the page that was found. * @return <type> Nothing. */ function comment_save(&$page) { // Check if we need to save a comment if (!isset($_POST['comment'])) { return; } $data = $_POST['comment']; if (is_null($data)) { return; } $captcha = Plugin::getSetting('use_captcha', 'comment'); if ($captcha && $captcha == '1') { if (isset($data['secure'])) { if ($data['secure'] == "" or empty($data['secure']) or $data['secure'] != $_SESSION['security_number']) { return; } } else { return; } } if ($page->comment_status != Comment::OPEN) { return; } if (!isset($data['author_name']) or trim($data['author_name']) == '') { return; } if (!isset($data['author_email']) or trim($data['author_email']) == '') { return; } if (!preg_match('/[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+(?:\\.[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+)*\\@[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+(?:\\.[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+)+/i', $data['author_email'])) { return; } if (!isset($data['body']) or trim($data['body']) == '') { return; } use_helper('Kses'); $allowed_tags = array('a' => array('href' => array(), 'title' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array()); $auto_approve_comment = Plugin::getSetting('auto_approve_comment', 'comment'); // Check for and correct problems with website link if (isset($data['author_link']) && $data['author_link'] !== '') { if (strpos($data['author_link'], 'http://') !== 0 && strpos($data['author_link'], 'https://') !== 0) { $data['author_link'] = 'http://' . $data['author_link']; } } global $__CMS_CONN__; $sql = 'INSERT INTO ' . TABLE_PREFIX . 'comment (page_id, author_name, author_email, author_link, ip, body, is_approved, created_on) VALUES (' . '\'' . $page->id . '\', ' . $__CMS_CONN__->quote(strip_tags($data['author_name'])) . ', ' . $__CMS_CONN__->quote(strip_tags($data['author_email'])) . ', ' . $__CMS_CONN__->quote(strip_tags($data['author_link'])) . ', ' . $__CMS_CONN__->quote($data['author_ip']) . ', ' . $__CMS_CONN__->quote(kses($data['body'], $allowed_tags)) . ', ' . $__CMS_CONN__->quote($auto_approve_comment) . ', ' . $__CMS_CONN__->quote(date('Y-m-d H:i:s')) . ')'; $__CMS_CONN__->exec($sql); // @todo FIXME - If code above used Comment object for saving data there would be // no need to reload it from database. Using lastInsertId() is unrealiable anyway. $comment_id = Record::lastInsertId(); $comment = Comment::findById($comment_id); Observer::notify('comment_after_add', $comment); if (Plugin::isEnabled('statistics_api')) { $event = array('event_type' => 'comment_added', 'description' => __('A comment was added.'), 'ipaddress' => $comment->ip, 'username' => $comment->author_name); Observer::notify('stats_comment_after_add', $event); } }
/** * Videos */ public function video_create() { $record = Record::insert('ecommerce_product_video', $_POST['product_video']); echo Record::lastInsertId(); }