Make conference saving work again

2010-12-07 19:26:39 +00:00 · 2010-12-07 19:26:39 +00:00 · 673b0b51f8
commit 673b0b51f8
parent e278505bc0
1 changed files with 23 additions and 21 deletions
--- a/super/conferences.php
+++ b/super/conferences.php
@ -133,8 +133,8 @@ if(array_key_exists('action', $_GET)){
 			break;
 		case 'edit':
 			// give them an editor in which to modify an existing conference
-			$cid = $_POST['id'];
-			if(is_numeric($cid)){
+			$cid = intval($_POST['id']);
+			if(!$cid){
 				$conf = mysql_fetch_assoc(mysql_query("SELECT * FROM conferences WHERE id = $cid"));
 				if(is_array($conf)){
 					echo "<table>";
@ -162,33 +162,35 @@ if(array_key_exists('action', $_GET)){
 			break;
 		case 'save':
 			// save the new conference data for the conference that's being edited
-			$confId = $_POST['id'];
-			if(!is_numeric($confId)){
+			$confId = intval($_POST['id']);
+			if(!$confId) {
 				error_("invalid conference id");
 			}
-			// verify that the specified conference already exists
-			$countRecord = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) as tally FROM conferences WHERE id = $confId"), 0);
-			$tally = $countRecord['tally'];
-			if($tally == 1){
-				// ok, it's a valid conference id.  Let's go ahead and update the data for it
-				$confType = mysql_real_escape_string($_POST['confType']);
-				$confName = mysql_real_escape_string($_POST['confName']);
-				$confStatus = mysql_real_escape_string($_POST['confStatus']);
-				mysql_query("UPDATE conferences SET type='$confType', name='$confName', status='$confStatus' WHERE id='$confId'");
-				$errMsg = mysql_error();
-				if($errMsg != null){
-					error_("SQL error: $errMsg");
+			else {
+				// verify that the specified conference already exists
+				$countRecord = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) as tally FROM conferences WHERE id = $confId"));
+				$tally = $countRecord['tally'];
+				if($tally == 1){
+					// ok, it's a valid conference id.  Let's go ahead and update the data for it
+					$confType = mysql_real_escape_string($_POST['confType']);
+					$confName = mysql_real_escape_string($_POST['confName']);
+					$confStatus = mysql_real_escape_string($_POST['confStatus']);
+					mysql_query("UPDATE conferences SET type='$confType', name='$confName', status='$confStatus' WHERE id='$confId'");
+					$errMsg = mysql_error();
+					if($errMsg != null){
+						error_("SQL error: $errMsg");
+					}else{
+						happy_("Conference updated successfully");
+					}
 				}else{
-					happy_("Conference updated successfully");
+					error_("nonexistant conference id");
 				}
-			}else{
-				error_("nonexistant conference id");
 			}
 			break;
 		case 'delete':
 			// delete the specified conference
-			$confId = $_POST['id'];
-			if(!is_numeric($confId)){
+			$confId = intval($_POST['id']);
+			if(!$confId){
 				error_("invalid conference id");
 			}else{
 				mysql_query("UPDATE conferences set status='deleted' WHERE id = $confId");