<?php $note_text = htmlspecialchars($_GET["note_text"]); $tag = htmlspecialchars($_GET["tag"]); $id = htmlspecialchars($_GET["id"]); function edit_note($note_text, $tag, $id) { include 'dbconnect.php'; $query = "UPDATE Notiz SET note_text='" . $note_text . "', tag='" . $tag . "' WHERE id =" . $id; $result = mysqli_query($connection, $query); if ($result) { echo 'ok'; } else { echo 'nicht ok'; } } edit_note($note_text, $tag, $id);
} //Validate Form token $token = POST('token'); $tk_key = 'tk_' . $action; if (Token::verify($tk_key, $token) == FALSE) { $error = Token::create_error_message(); Util::response_bad_request($error); } $db = new ossim_db(); $conn = $db->connect(); try { $response = array(); switch ($action) { case 'add_note': $response = add_note($conn, $type); break; case 'edit_note': $response = edit_note($conn); break; case 'delete_note': $response = delete_note($conn); break; default: Av_exception::throw_error(Av_exception::USER_ERROR, _('Invalid Action.')); } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } $db->close(); echo json_encode($response);
<?php if (isset($_POST['ID'])) { edit_note($_POST['ID']); } $id = $_GET['path']; if ((string) (int) $id != $id) { _die("Invalid ID"); } $result = db("SELECT * FROM public.\"notes\" WHERE \"ID\" = " . pg_escape_string($_GET['path'])); if (pg_num_rows($result) == 0) { _die("Does not exists.", "404"); } $old = array(); while ($row = pg_fetch_assoc($result)) { $old = $row; } function edit_note($id) { if ((string) (int) $id != $id) { _die("Invalid ID"); } include "lib/tags.php"; $post_data =& $_POST; foreach (array('ID', 'title', 'contents', 'tags', 'time', 'slug') as $key) { $post_data[$key] = pg_escape_string(@$post_data[$key]); } $post_data['tags'] = clean_tags($post_data['tags']); if (trim($post_data['slug']) == '') { $post_data['slug'] = make_slug($post_data['title']); }