function savePoll($option) { global $database, $my; // save the poll parent information $row = new mosPoll($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = $row->id == 0; if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); // save the poll options $options = mosGetParam($_POST, 'polloption', array()); foreach ($options as $i => $text) { // 'slash' the options if (!get_magic_quotes_gpc()) { $text = addslashes($text); } if ($isNew) { $database->setQuery("INSERT INTO #__poll_data (pollid,text) VALUES ({$row->id},'{$text}')"); $database->query(); } else { $database->setQuery("UPDATE #__poll_data SET text='{$text}' WHERE id='{$i}' AND pollid='{$row->id}'"); $database->query(); } } // update the menu visibility $selections = mosGetParam($_POST, 'selections', array()); $database->setQuery("DELETE from #__poll_menu where pollid='{$row->id}'"); $database->query(); for ($i = 0, $n = count($selections); $i < $n; $i++) { $database->setQuery("INSERT INTO #__poll_menu SET pollid='{$row->id}', menuid='{$selections[$i]}'"); $database->query(); } mosRedirect('index2.php?option=' . $option); }
function savePoll($option) { global $database, $my; josSpoofCheck(); // save the poll parent information $row = new mosPoll($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = $row->id == 0; if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); // save the poll options $options = mosGetParam($_POST, 'polloption', array()); foreach ($options as $i => $text) { if (!get_magic_quotes_gpc()) { // The poll module has always been this way, so we'll just stick with that and add // additional backslashes if needed. They will be stripped upon display $text = addslashes($text); } if ($isNew) { $query = "INSERT INTO #__poll_data" . "\n ( pollid, text )" . "\n VALUES ( " . (int) $row->id . ", " . $database->Quote($text) . " )"; $database->setQuery($query); $database->query(); } else { $query = "UPDATE #__poll_data" . "\n SET text = " . $database->Quote($text) . "\n WHERE id = " . (int) $i . "\n AND pollid = " . (int) $row->id; $database->setQuery($query); $database->query(); } } // update the menu visibility $selections = mosGetParam($_POST, 'selections', array()); $query = "DELETE FROM #__poll_menu" . "\n WHERE pollid = " . (int) $row->id; $database->setQuery($query); $database->query(); for ($i = 0, $n = count($selections); $i < $n; $i++) { $query = "INSERT INTO #__poll_menu" . "\n SET pollid = " . (int) $row->id . ", menuid = " . (int) $selections[$i]; $database->setQuery($query); $database->query(); } mosRedirect('index2.php?option=' . $option); }