<?php
$note_text = htmlspecialchars($_GET["note_text"]);
$tag = htmlspecialchars($_GET["tag"]);
$id = htmlspecialchars($_GET["id"]);
function edit_note($note_text, $tag, $id)
{
include 'dbconnect.php';
$query = "UPDATE Notiz SET note_text='" . $note_text . "', tag='" . $tag . "' WHERE id =" . $id;
$result = mysqli_query($connection, $query);
if ($result) {
echo 'ok';
} else {
echo 'nicht ok';
}
}
edit_note($note_text, $tag, $id);
}
//Validate Form token
$token = POST('token');
$tk_key = 'tk_' . $action;
if (Token::verify($tk_key, $token) == FALSE) {
$error = Token::create_error_message();
Util::response_bad_request($error);
}
$db = new ossim_db();
$conn = $db->connect();
try {
$response = array();
switch ($action) {
case 'add_note':
$response = add_note($conn, $type);
break;
case 'edit_note':
$response = edit_note($conn);
break;
case 'delete_note':
$response = delete_note($conn);
break;
default:
Av_exception::throw_error(Av_exception::USER_ERROR, _('Invalid Action.'));
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
$db->close();
echo json_encode($response);
<?php
if (isset($_POST['ID'])) {
edit_note($_POST['ID']);
}
$id = $_GET['path'];
if ((string) (int) $id != $id) {
_die("Invalid ID");
}
$result = db("SELECT * FROM public.\"notes\" WHERE \"ID\" = " . pg_escape_string($_GET['path']));
if (pg_num_rows($result) == 0) {
_die("Does not exists.", "404");
}
$old = array();
while ($row = pg_fetch_assoc($result)) {
$old = $row;
}
function edit_note($id)
{
if ((string) (int) $id != $id) {
_die("Invalid ID");
}
include "lib/tags.php";
$post_data =& $_POST;
foreach (array('ID', 'title', 'contents', 'tags', 'time', 'slug') as $key) {
$post_data[$key] = pg_escape_string(@$post_data[$key]);
}
$post_data['tags'] = clean_tags($post_data['tags']);
if (trim($post_data['slug']) == '') {
$post_data['slug'] = make_slug($post_data['title']);
}
