arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

- Update the multicheck layout

Browse Source 
- Remove the mysql query on EditSave and NewSave
- Unify the EditSave and NewSave code.  Now that this is done, I will move the
  SQL generation task to the group class, so all the editor has to do is
  instantiate a person class, set some values, and call the save() function.
This commit is contained in:
dave 2006-10-11 16:35:36 +00:00
parent 373b876b1b
commit 0f26d12fe7
1 changed files with 71 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

221
tableeditor.class.php
View File

@ -413,65 +413,86 @@ class TableEditor
$this->setActivePage($_GET['page']); $this->setActivePage($_GET['page']);
} }
if($_POST['TableEditorAction']=="addsave") if( ($_POST['TableEditorAction']=="editsave" && $_POST['editsave'])
|| ($_POST['TableEditorAction']=="addsave") )
{ {
$query="INSERT INTO `{$this->table}` (";
//create list of fields to insert if($_POST['TableEditorAction']=="addsave") {
foreach($this->editfields AS $f=>$n) $query="INSERT INTO `{$this->table}` (";
$query.="`$f`,"; //create list of fields to insert
if(count($this->hiddenfields)) foreach($this->editfields AS $f=>$n)
{
foreach($this->hiddenfields AS $f=>$n)
{
$query.="`$f`,"; $query.="`$f`,";
if(count($this->hiddenfields)) {
foreach($this->hiddenfields AS $f=>$n) {
$query.="`$f`,";
}
} }
}
//rip off the last comma
$query=substr($query,0,-1);
$query.=") VALUES (";
//create list of field values //rip off the last comma
$query=substr($query,0,-1);
$query.=") VALUES (";
$insert_mode = 1;
} else {
$query="UPDATE `{$this->table}` SET ";
$insert_mode = 0;
}
print_r($_POST);
foreach($this->editfields AS $f=>$n) foreach($this->editfields AS $f=>$n)
{ {
//figure out what kind of input this should be if($insert_mode) {
$field = '';
} else {
$field = "`$f`=";
}
$inputtype = '';
if(isset($_POST['tableeditor_fieldtype'])) {
if(array_key_exists($f, $_POST['tableeditor_fieldtype'])) {
$inputtype = $_POST['tableeditor_fieldtype'][$f];
}
}
/* //figure out what kind of input this should be
$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'"); $q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$r=mysql_fetch_object($q); $r=mysql_fetch_object($q);
*/
if($r->Type=="date") if($inputtype == 'date') //r->Type=="date")
{ {
if($_POST[$f."_year"] && $_POST[$f."_month"] && $_POST[$f."_day"]) if($_POST[$f."_year"] && $_POST[$f."_month"] && $_POST[$f."_day"])
{ {
$query.="'".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-". $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_month"]))."-". mysql_escape_string(stripslashes($_POST[$f."_month"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_day"]))."',"; mysql_escape_string(stripslashes($_POST[$f."_day"]))."',";
} }
else else
$query.="null,"; $query.="${field}null,";
} }
else if($r->Type=="time") else if($inputtype == 'time') //r->Type=="time")
{ {
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="") if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="")
{ {
$query.="'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":". $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00',"; mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00',";
} }
else else
$query.="$f=null,"; $query.="${field}null,";
} }
else if(substr($f,0,4)=="sel_") else if(substr($f,0,4)=="sel_")
{ {
//chose the text field first, if its been filled in, otherwise, go with the select box //chose the text field first, if its been filled in, otherwise, go with the select box
if($_POST[$f."_text"]) if($_POST[$f."_text"])
$query.="'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',"; $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',";
else if($_POST[$f."_select"]) else if($_POST[$f."_select"])
$query.="'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',"; $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',";
else else
{ {
//maybe the options were over-wridden, if so, just check the field name //maybe the options were over-wridden, if so, just check the field name
$query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',"; $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
} }
} }
else if(strtolower($f)=="website" && $_POST[$f]) else if(strtolower($f)=="website" && $_POST[$f])
{ {
@ -479,9 +500,10 @@ class TableEditor
//but allow them to enter http:// or https:// themselves. //but allow them to enter http:// or https:// themselves.
//if no protocol is given, assume http:// //if no protocol is given, assume http://
if(substr(strtolower($_POST[$f]),0,4)=="http") if(substr(strtolower($_POST[$f]),0,4)=="http")
$query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',"; $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
else else
$query.="'http://".mysql_escape_string(stripslashes($_POST[$f]))."',"; $query.="${field}'http://".mysql_escape_string(stripslashes($_POST[$f]))."',";
} }
else if(substr($f,0,8)=="filename" && $this->uploadPath) else if(substr($f,0,8)=="filename" && $this->uploadPath)
{ {
@ -491,118 +513,7 @@ class TableEditor
if(file_exists($this->uploadPath."/".$_FILES[$f]['name'])) if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
echo error(i18n("A file with that filename already exists, it will be overwritten")); echo error(i18n("A file with that filename already exists, it will be overwritten"));
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']); move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
$query.="'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',"; $query.="${field}'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',";
}
else
{
//okay its a file but there was nothing uploaded, so, set it to null?
$query.="null,";
}
}
else
{
if($this->fieldValidation[$f])
{
$query.="'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',";
echo "validating ".$this->fieldValidation[$f];
}
else
$query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
}
if(count($this->hiddenfields))
{
foreach($this->hiddenfields AS $f=>$n)
{
if(strtolower($n)=="now()")
$query.="$n,";
else
$query.="'$n',";
}
}
//rip off the last comma
$query=substr($query,0,-1);
$query.=")";
mysql_query($query);
if(mysql_error())
{
echo error(i18n("Error adding new %1: %2",array($this->recordType,mysql_error())));
echo "query=$query";
}
else
{
echo happy(i18n("Successfully added new %1",array($this->recordType)));
}
}
if($_POST['TableEditorAction']=="editsave" && $_POST['editsave'])
{
$query="UPDATE `{$this->table}` SET ";
//create list of field values
foreach($this->editfields AS $f=>$n)
{
//figure out what kind of input this should be
$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$r=mysql_fetch_object($q);
if($r->Type=="date")
{
if($_POST[$f."_year"] && $_POST[$f."_month"] && $_POST[$f."_day"])
{
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_month"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_day"]))."',";
}
else
$query.="$f=null,";
}
else if($r->Type=="time")
{
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="")
{
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00',";
}
else
$query.="$f=null,";
}
else if(substr($f,0,4)=="sel_")
{
//chose the text field first, if its been filled in, otherwise, go with the select box
if($_POST[$f."_text"])
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',";
else if($_POST[$f."_select"])
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',";
else
{
//maybe the options were over-wridden, if so, just check the field name
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
}
else if(strtolower($f)=="website" && $_POST[$f])
{
//intelligently handle website fields, making sure they have the protocol to use
//but allow them to enter http:// or https:// themselves.
//if no protocol is given, assume http://
if(substr(strtolower($_POST[$f]),0,4)=="http")
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',";
else
$query.="$f='http://".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
else if(substr($f,0,8)=="filename" && $this->uploadPath)
{
//accept the upload
if($_FILES[$f]['size']>0)
{
if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
echo error(i18n("A file with that filename already exists, it will be overwritten"));
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
$query.="$f='".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',";
} }
else else
{ {
@ -610,18 +521,17 @@ class TableEditor
if(is_array($_POST['clear'])) if(is_array($_POST['clear']))
{ {
if(in_array($f,$_POST['clear'])) if(in_array($f,$_POST['clear']))
$query.="$f=NULL,"; $query.="${field}NULL,";
} }
} }
} }
else else
{ {
if($this->fieldValidation[$f]) if($this->fieldValidation[$f])
$query.="$f='".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',"; $query.="${field}'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',";
else else
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',"; $query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
} }
} }
@ -632,26 +542,35 @@ class TableEditor
{ {
//well well... sometimes we want to use a function here, such as NOW(), so if thats the case then we dont want the ' ' around the value, so, lets check for NOW() and handle it differently //well well... sometimes we want to use a function here, such as NOW(), so if thats the case then we dont want the ' ' around the value, so, lets check for NOW() and handle it differently
if(strtolower($n)=="now()") if(strtolower($n)=="now()")
$query.="`$f`=$n,"; $query.="${field}$n,";
else else
$query.="`$f`='$n',"; $query.="${field}'$n',";
} }
} }
//rip off the last comma //rip off the last comma
$query=substr($query,0,-1); $query=substr($query,0,-1);
$query.=" WHERE {$this->primaryKey}='{$_POST['editsave']}'";
if($insertmode) {
$query.=")";
$text_error = "adding new";
$text_happy = "added new";
} else {
$query.=" WHERE {$this->primaryKey}='{$_POST['editsave']}'";
$text_error = "saving";
$text_happy = "saved";
}
if($this->DEBUG) echo $query; if($this->DEBUG) echo $query;
mysql_query($query); // mysql_query($query);
if(mysql_error()) if(mysql_error())
{ {
echo error(i18n("Error saving %1: %2",array($this->recordType,mysql_error()))); echo error(i18n("Error $text_error %1: %2",array($this->recordType,mysql_error())));
} }
else else
{ {
echo happy(i18n("Successfully saved %1",array($this->recordType))); echo happy(i18n("Successfully $text_happy %1",array($this->recordType)));
} }
} }
@ -792,7 +711,7 @@ class TableEditor
} else { } else {
$ch = ''; $ch = '';
} }
echo "<input type=\"checkbox\" name=\"{$f}_text\" value=\"\" $ch> {$this->fieldOptions[$f][$k]}<br>"; echo "<input type=\"checkbox\" name=\"{$f}[$k]\" value=\"1\" $ch> {$this->fieldOptions[$f][$k]}<br>";
} }
break; break;
@ -809,6 +728,7 @@ class TableEditor
$this->year_selector($f."_year",$yy); $this->year_selector($f."_year",$yy);
echo "</td></tr>"; echo "</td></tr>";
echo "</table>"; echo "</table>";
echo "<input type=\"hidden\" name=\"tableeditor_fieldtype[$f]\" value=\"date\">";
break; break;
@ -822,6 +742,7 @@ class TableEditor
$this->minute_selector($f."_minute",$mm); $this->minute_selector($f."_minute",$mm);
echo "</td></tr>"; echo "</td></tr>";
echo "</table>"; echo "</table>";
echo "<input type=\"hidden\" name=\"tableeditor_fieldtype[$f]\" value=\"time\">";
break; break;
case "file": case "file":
if($editdata[$f]) if($editdata[$f])