diff --git a/tableeditor.class.php b/tableeditor.class.php
index 74f6a4c..36a3a06 100644
--- a/tableeditor.class.php
+++ b/tableeditor.class.php
@@ -413,65 +413,86 @@ class TableEditor
$this->setActivePage($_GET['page']);
}
- if($_POST['TableEditorAction']=="addsave")
+ if( ($_POST['TableEditorAction']=="editsave" && $_POST['editsave'])
+ || ($_POST['TableEditorAction']=="addsave") )
{
- $query="INSERT INTO `{$this->table}` (";
- //create list of fields to insert
- foreach($this->editfields AS $f=>$n)
- $query.="`$f`,";
- if(count($this->hiddenfields))
- {
- foreach($this->hiddenfields AS $f=>$n)
- {
+
+ if($_POST['TableEditorAction']=="addsave") {
+ $query="INSERT INTO `{$this->table}` (";
+ //create list of fields to insert
+ foreach($this->editfields AS $f=>$n)
$query.="`$f`,";
+ if(count($this->hiddenfields)) {
+ foreach($this->hiddenfields AS $f=>$n) {
+ $query.="`$f`,";
+ }
}
- }
- //rip off the last comma
- $query=substr($query,0,-1);
- $query.=") VALUES (";
- //create list of field values
+ //rip off the last comma
+ $query=substr($query,0,-1);
+ $query.=") VALUES (";
+ $insert_mode = 1;
+ } else {
+ $query="UPDATE `{$this->table}` SET ";
+ $insert_mode = 0;
+ }
+
+ print_r($_POST);
foreach($this->editfields AS $f=>$n)
{
- //figure out what kind of input this should be
+ if($insert_mode) {
+ $field = '';
+ } else {
+ $field = "`$f`=";
+ }
+
+ $inputtype = '';
+ if(isset($_POST['tableeditor_fieldtype'])) {
+ if(array_key_exists($f, $_POST['tableeditor_fieldtype'])) {
+ $inputtype = $_POST['tableeditor_fieldtype'][$f];
+ }
+ }
+
+/* //figure out what kind of input this should be
$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$r=mysql_fetch_object($q);
+*/
- if($r->Type=="date")
+ if($inputtype == 'date') //r->Type=="date")
{
if($_POST[$f."_year"] && $_POST[$f."_month"] && $_POST[$f."_day"])
{
- $query.="'".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-".
+ $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_month"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_day"]))."',";
}
else
- $query.="null,";
+ $query.="${field}null,";
+
}
- else if($r->Type=="time")
+ else if($inputtype == 'time') //r->Type=="time")
{
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="")
{
- $query.="'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
+ $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00',";
}
else
- $query.="$f=null,";
+ $query.="${field}null,";
}
else if(substr($f,0,4)=="sel_")
{
//chose the text field first, if its been filled in, otherwise, go with the select box
if($_POST[$f."_text"])
- $query.="'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',";
+ $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',";
else if($_POST[$f."_select"])
- $query.="'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',";
+ $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',";
else
{
//maybe the options were over-wridden, if so, just check the field name
- $query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',";
+ $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
-
}
else if(strtolower($f)=="website" && $_POST[$f])
{
@@ -479,9 +500,10 @@ class TableEditor
//but allow them to enter http:// or https:// themselves.
//if no protocol is given, assume http://
if(substr(strtolower($_POST[$f]),0,4)=="http")
- $query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',";
+ $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
else
- $query.="'http://".mysql_escape_string(stripslashes($_POST[$f]))."',";
+ $query.="${field}'http://".mysql_escape_string(stripslashes($_POST[$f]))."',";
+
}
else if(substr($f,0,8)=="filename" && $this->uploadPath)
{
@@ -491,118 +513,7 @@ class TableEditor
if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
echo error(i18n("A file with that filename already exists, it will be overwritten"));
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
- $query.="'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',";
- }
- else
- {
- //okay its a file but there was nothing uploaded, so, set it to null?
- $query.="null,";
- }
- }
- else
- {
- if($this->fieldValidation[$f])
- {
- $query.="'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',";
- echo "validating ".$this->fieldValidation[$f];
- }
- else
- $query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',";
- }
- }
-
-
- if(count($this->hiddenfields))
- {
- foreach($this->hiddenfields AS $f=>$n)
- {
- if(strtolower($n)=="now()")
- $query.="$n,";
- else
- $query.="'$n',";
- }
- }
-
-
- //rip off the last comma
- $query=substr($query,0,-1);
- $query.=")";
- mysql_query($query);
- if(mysql_error())
- {
- echo error(i18n("Error adding new %1: %2",array($this->recordType,mysql_error())));
- echo "query=$query";
- }
- else
- {
- echo happy(i18n("Successfully added new %1",array($this->recordType)));
- }
- }
-
- if($_POST['TableEditorAction']=="editsave" && $_POST['editsave'])
- {
- $query="UPDATE `{$this->table}` SET ";
- //create list of field values
- foreach($this->editfields AS $f=>$n)
- {
- //figure out what kind of input this should be
- $q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
- $r=mysql_fetch_object($q);
-
- if($r->Type=="date")
- {
- if($_POST[$f."_year"] && $_POST[$f."_month"] && $_POST[$f."_day"])
- {
- $query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-".
- mysql_escape_string(stripslashes($_POST[$f."_month"]))."-".
- mysql_escape_string(stripslashes($_POST[$f."_day"]))."',";
- }
- else
- $query.="$f=null,";
-
- }
- else if($r->Type=="time")
- {
- if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="")
- {
- $query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
- mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00',";
- }
- else
- $query.="$f=null,";
- }
- else if(substr($f,0,4)=="sel_")
- {
- //chose the text field first, if its been filled in, otherwise, go with the select box
- if($_POST[$f."_text"])
- $query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',";
- else if($_POST[$f."_select"])
- $query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',";
- else
- {
- //maybe the options were over-wridden, if so, just check the field name
- $query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',";
- }
- }
- else if(strtolower($f)=="website" && $_POST[$f])
- {
- //intelligently handle website fields, making sure they have the protocol to use
- //but allow them to enter http:// or https:// themselves.
- //if no protocol is given, assume http://
- if(substr(strtolower($_POST[$f]),0,4)=="http")
- $query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',";
- else
- $query.="$f='http://".mysql_escape_string(stripslashes($_POST[$f]))."',";
- }
- else if(substr($f,0,8)=="filename" && $this->uploadPath)
- {
- //accept the upload
- if($_FILES[$f]['size']>0)
- {
- if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
- echo error(i18n("A file with that filename already exists, it will be overwritten"));
- move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
- $query.="$f='".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',";
+ $query.="${field}'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',";
}
else
{
@@ -610,18 +521,17 @@ class TableEditor
if(is_array($_POST['clear']))
{
if(in_array($f,$_POST['clear']))
- $query.="$f=NULL,";
+ $query.="${field}NULL,";
}
}
-
}
else
{
if($this->fieldValidation[$f])
- $query.="$f='".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',";
+ $query.="${field}'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',";
else
- $query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',";
+ $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
}
@@ -632,26 +542,35 @@ class TableEditor
{
//well well... sometimes we want to use a function here, such as NOW(), so if thats the case then we dont want the ' ' around the value, so, lets check for NOW() and handle it differently
if(strtolower($n)=="now()")
- $query.="`$f`=$n,";
+ $query.="${field}$n,";
else
- $query.="`$f`='$n',";
+ $query.="${field}'$n',";
}
}
//rip off the last comma
$query=substr($query,0,-1);
- $query.=" WHERE {$this->primaryKey}='{$_POST['editsave']}'";
+
+ if($insertmode) {
+ $query.=")";
+ $text_error = "adding new";
+ $text_happy = "added new";
+ } else {
+ $query.=" WHERE {$this->primaryKey}='{$_POST['editsave']}'";
+ $text_error = "saving";
+ $text_happy = "saved";
+ }
if($this->DEBUG) echo $query;
- mysql_query($query);
+// mysql_query($query);
if(mysql_error())
{
- echo error(i18n("Error saving %1: %2",array($this->recordType,mysql_error())));
+ echo error(i18n("Error $text_error %1: %2",array($this->recordType,mysql_error())));
}
else
{
- echo happy(i18n("Successfully saved %1",array($this->recordType)));
+ echo happy(i18n("Successfully $text_happy %1",array($this->recordType)));
}
}
@@ -792,7 +711,7 @@ class TableEditor
} else {
$ch = '';
}
- echo " {$this->fieldOptions[$f][$k]}
";
+ echo " {$this->fieldOptions[$f][$k]}
";
}
break;
@@ -809,6 +728,7 @@ class TableEditor
$this->year_selector($f."_year",$yy);
echo "";
echo "";
+ echo "";
break;
@@ -822,6 +742,7 @@ class TableEditor
$this->minute_selector($f."_minute",$mm);
echo "";
echo "";
+ echo "";
break;
case "file":
if($editdata[$f])