arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

- Update the multicheck layout

Browse Source 
- Remove the mysql query on EditSave and NewSave
- Unify the EditSave and NewSave code.  Now that this is done, I will move the
  SQL generation task to the group class, so all the editor has to do is
  instantiate a person class, set some values, and call the save() function.
This commit is contained in:
dave 2006-10-11 16:35:36 +00:00
parent 373b876b1b
commit 0f26d12fe7
1 changed files with 71 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

221
tableeditor.class.php
View File

@ -413,65 +413,86 @@ class TableEditor
$this->setActivePage($_GET['page']);
}
if($_POST['TableEditorAction']=="addsave")
if( ($_POST['TableEditorAction']=="editsave" && $_POST['editsave'])
|| ($_POST['TableEditorAction']=="addsave") )
{
$query="INSERT INTO `{$this->table}` (";
//create list of fields to insert
foreach($this->editfields AS $f=>$n)
$query.="`$f`,";
if(count($this->hiddenfields))
{
foreach($this->hiddenfields AS $f=>$n)
{
if($_POST['TableEditorAction']=="addsave") {
$query="INSERT INTO `{$this->table}` (";
//create list of fields to insert
foreach($this->editfields AS $f=>$n)
$query.="`$f`,";
if(count($this->hiddenfields)) {
foreach($this->hiddenfields AS $f=>$n) {
$query.="`$f`,";
}
}
}
//rip off the last comma
$query=substr($query,0,-1);
$query.=") VALUES (";
//create list of field values
//rip off the last comma
$query=substr($query,0,-1);
$query.=") VALUES (";
$insert_mode = 1;
} else {
$query="UPDATE `{$this->table}` SET ";
$insert_mode = 0;
}
print_r($_POST);
foreach($this->editfields AS $f=>$n)
{
//figure out what kind of input this should be
if($insert_mode) {
$field = '';
} else {
$field = "`$f`=";
}
$inputtype = '';
if(isset($_POST['tableeditor_fieldtype'])) {
if(array_key_exists($f, $_POST['tableeditor_fieldtype'])) {
$inputtype = $_POST['tableeditor_fieldtype'][$f];
}
}
/* //figure out what kind of input this should be
$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$r=mysql_fetch_object($q);
*/
if($r->Type=="date")
if($inputtype == 'date') //r->Type=="date")
{
if($_POST[$f."_year"] && $_POST[$f."_month"] && $_POST[$f."_day"])
{
$query.="'".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-".
$query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_month"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_day"]))."',";
}
else
$query.="null,";
$query.="${field}null,";
}
else if($r->Type=="time")
else if($inputtype == 'time') //r->Type=="time")
{
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="")
{
$query.="'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
$query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00',";
}
else
$query.="$f=null,";
$query.="${field}null,";
}
else if(substr($f,0,4)=="sel_")
{
//chose the text field first, if its been filled in, otherwise, go with the select box
if($_POST[$f."_text"])
$query.="'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',";
$query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',";
else if($_POST[$f."_select"])
$query.="'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',";
$query.="${field}'".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',";
else
{
//maybe the options were over-wridden, if so, just check the field name
$query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',";
$query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
}
else if(strtolower($f)=="website" && $_POST[$f])
{
@ -479,9 +500,10 @@ class TableEditor
//but allow them to enter http:// or https:// themselves.
//if no protocol is given, assume http://
if(substr(strtolower($_POST[$f]),0,4)=="http")
$query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',";
$query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
else
$query.="'http://".mysql_escape_string(stripslashes($_POST[$f]))."',";
$query.="${field}'http://".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
else if(substr($f,0,8)=="filename" && $this->uploadPath)
{
@ -491,118 +513,7 @@ class TableEditor
if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
echo error(i18n("A file with that filename already exists, it will be overwritten"));
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
$query.="'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',";
}
else
{
//okay its a file but there was nothing uploaded, so, set it to null?
$query.="null,";
}
}
else
{
if($this->fieldValidation[$f])
{
$query.="'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',";
echo "validating ".$this->fieldValidation[$f];
}
else
$query.="'".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
}
if(count($this->hiddenfields))
{
foreach($this->hiddenfields AS $f=>$n)
{
if(strtolower($n)=="now()")
$query.="$n,";
else
$query.="'$n',";
}
}
//rip off the last comma
$query=substr($query,0,-1);
$query.=")";
mysql_query($query);
if(mysql_error())
{
echo error(i18n("Error adding new %1: %2",array($this->recordType,mysql_error())));
echo "query=$query";
}
else
{
echo happy(i18n("Successfully added new %1",array($this->recordType)));
}
}
if($_POST['TableEditorAction']=="editsave" && $_POST['editsave'])
{
$query="UPDATE `{$this->table}` SET ";
//create list of field values
foreach($this->editfields AS $f=>$n)
{
//figure out what kind of input this should be
$q=mysql_query("SHOW COLUMNS FROM `{$this->table}` LIKE '$f'");
$r=mysql_fetch_object($q);
if($r->Type=="date")
{
if($_POST[$f."_year"] && $_POST[$f."_month"] && $_POST[$f."_day"])
{
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_year"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_month"]))."-".
mysql_escape_string(stripslashes($_POST[$f."_day"]))."',";
}
else
$query.="$f=null,";
}
else if($r->Type=="time")
{
if($_POST[$f."_hour"]!="" && $_POST[$f."_minute"]!="")
{
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_hour"])).":".
mysql_escape_string(stripslashes($_POST[$f."_minute"])).":00',";
}
else
$query.="$f=null,";
}
else if(substr($f,0,4)=="sel_")
{
//chose the text field first, if its been filled in, otherwise, go with the select box
if($_POST[$f."_text"])
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_text"]))."',";
else if($_POST[$f."_select"])
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f."_select"]))."',";
else
{
//maybe the options were over-wridden, if so, just check the field name
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
}
else if(strtolower($f)=="website" && $_POST[$f])
{
//intelligently handle website fields, making sure they have the protocol to use
//but allow them to enter http:// or https:// themselves.
//if no protocol is given, assume http://
if(substr(strtolower($_POST[$f]),0,4)=="http")
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',";
else
$query.="$f='http://".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
else if(substr($f,0,8)=="filename" && $this->uploadPath)
{
//accept the upload
if($_FILES[$f]['size']>0)
{
if(file_exists($this->uploadPath."/".$_FILES[$f]['name']))
echo error(i18n("A file with that filename already exists, it will be overwritten"));
move_uploaded_file($_FILES[$f]['tmp_name'],$this->uploadPath."/".$_FILES[$f]['name']);
$query.="$f='".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',";
$query.="${field}'".mysql_escape_string(stripslashes($_FILES[$f]['name']))."',";
}
else
{
@ -610,18 +521,17 @@ class TableEditor
if(is_array($_POST['clear']))
{
if(in_array($f,$_POST['clear']))
$query.="$f=NULL,";
$query.="${field}NULL,";
}
}
}
else
{
if($this->fieldValidation[$f])
$query.="$f='".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',";
$query.="${field}'".mysql_escape_string(stripslashes(ereg_replace($this->fieldValidation[$f],"",$_POST[$f])))."',";
else
$query.="$f='".mysql_escape_string(stripslashes($_POST[$f]))."',";
$query.="${field}'".mysql_escape_string(stripslashes($_POST[$f]))."',";
}
}
@ -632,26 +542,35 @@ class TableEditor
{
//well well... sometimes we want to use a function here, such as NOW(), so if thats the case then we dont want the ' ' around the value, so, lets check for NOW() and handle it differently
if(strtolower($n)=="now()")
$query.="`$f`=$n,";
$query.="${field}$n,";
else
$query.="`$f`='$n',";
$query.="${field}'$n',";
}
}
//rip off the last comma
$query=substr($query,0,-1);
$query.=" WHERE {$this->primaryKey}='{$_POST['editsave']}'";
if($insertmode) {
$query.=")";
$text_error = "adding new";
$text_happy = "added new";
} else {
$query.=" WHERE {$this->primaryKey}='{$_POST['editsave']}'";
$text_error = "saving";
$text_happy = "saved";
}
if($this->DEBUG) echo $query;
mysql_query($query);
// mysql_query($query);
if(mysql_error())
{
echo error(i18n("Error saving %1: %2",array($this->recordType,mysql_error())));
echo error(i18n("Error $text_error %1: %2",array($this->recordType,mysql_error())));
}
else
{
echo happy(i18n("Successfully saved %1",array($this->recordType)));
echo happy(i18n("Successfully $text_happy %1",array($this->recordType)));
}
}
@ -792,7 +711,7 @@ class TableEditor
} else {
$ch = '';
}
echo "<input type=\"checkbox\" name=\"{$f}_text\" value=\"\" $ch> {$this->fieldOptions[$f][$k]}<br>";
echo "<input type=\"checkbox\" name=\"{$f}[$k]\" value=\"1\" $ch> {$this->fieldOptions[$f][$k]}<br>";
}
break;
@ -809,6 +728,7 @@ class TableEditor
$this->year_selector($f."_year",$yy);
echo "</td></tr>";
echo "</table>";
echo "<input type=\"hidden\" name=\"tableeditor_fieldtype[$f]\" value=\"date\">";
break;
@ -822,6 +742,7 @@ class TableEditor
$this->minute_selector($f."_minute",$mm);
echo "</td></tr>";
echo "</table>";
echo "<input type=\"hidden\" name=\"tableeditor_fieldtype[$f]\" value=\"time\">";
break;
case "file":
if($editdata[$f])