- Move some GETs to POSTs

- Sort out the header sizes, I think.
2009-09-11 06:12:17 +00:00 · 2009-09-11 06:12:17 +00:00 · 986b762f4e
commit 986b762f4e
parent 8f29090c38
1 changed files with 48 additions and 50 deletions
--- a/admin/award_awards.php
+++ b/admin/award_awards.php
@ -52,20 +52,20 @@ case 'award_create':

 case 'awardinfo_save':
 	/* Scrub the data while we save it */
-	$id=intval($_GET['id']);
+	$id=intval($_POST['id']);

 	$q = "UPDATE award_awards SET 
-		name='".mysql_escape_string(stripslashes($_GET['name']))."',
-		`order`='".intval($_GET['order'])."', 
-		sponsors_id='".intval($_GET['sponsors_id'])."',
-		award_types_id='".intval($_GET['award_types_id'])."',
-		presenter='".mysql_escape_string(stripslashes($_GET['presenter']))."', 
-		excludefromac='".(($_GET['excludefromac'] == 1) ? 1 : 0)."',
-		cwsfaward='".(($_GET['cwsfaward'] == 1) ? 1 : 0)."', 
-		self_nominate='".(($_GET['self_nominate'] == 'yes') ? 'yes' : 'no')."', 
-		schedule_judges='".(($_GET['schedule_judges'] == 'yes') ? 'yes' : 'no')."', 
-		criteria='".mysql_escape_string(stripslashes($_GET['criteria']))."', 
-		description='".mysql_escape_string(stripslashes($_GET['description']))."' 
+		name='".mysql_escape_string(stripslashes($_POST['name']))."',
+		`order`='".intval($_POST['order'])."', 
+		sponsors_id='".intval($_POST['sponsors_id'])."',
+		award_types_id='".intval($_POST['award_types_id'])."',
+		presenter='".mysql_escape_string(stripslashes($_POST['presenter']))."', 
+		excludefromac='".(($_POST['excludefromac'] == 1) ? 1 : 0)."',
+		cwsfaward='".(($_POST['cwsfaward'] == 1) ? 1 : 0)."', 
+		self_nominate='".(($_POST['self_nominate'] == 'yes') ? 'yes' : 'no')."', 
+		schedule_judges='".(($_POST['schedule_judges'] == 'yes') ? 'yes' : 'no')."', 
+		criteria='".mysql_escape_string(stripslashes($_POST['criteria']))."', 
+		description='".mysql_escape_string(stripslashes($_POST['description']))."' 
 		WHERE id='$id'";
 	echo happy(i18n('Award Info Saved'));
 	mysql_query($q);
@ -89,10 +89,10 @@ case 'award_create':
 	exit;

 case 'eligibility_save':
- 	$id = intval($_GET['id']);
+ 	$id = intval($_POST['id']);

 	//now add the new ones
-	if(!is_array($_GET['categories']) || !is_array($_GET['divisions'])) {
+	if(!is_array($_POST['categories']) || !is_array($_POST['divisions'])) {
 		echo error(i18n("Invalid data"));
 		exit;
 	}
@ -100,7 +100,7 @@ case 'award_create':
 	//wipe out any old award-category links
 	mysql_query("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$id'");

-	foreach($_GET['categories'] AS $key=>$cat) {
+	foreach($_POST['categories'] AS $key=>$cat) {
 		mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) 
 				VALUES ('$id','$cat','{$config['FAIRYEAR']}')");
 	}
@ -109,7 +109,7 @@ case 'award_create':
 	mysql_query("DELETE FROM award_awards_projectdivisions WHERE award_awards_id='$id'");

 	//now add the new ones
-	foreach($_GET['divisions'] AS $key=>$div) {
+	foreach($_POST['divisions'] AS $key=>$div) {
 		mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) 
 				VALUES ('$id','$div','{$config['FAIRYEAR']}')");
 	}
@ -169,19 +169,18 @@ case 'award_create':
 	exit;

 case 'prize_save':
-	print_R($_GET);
-	$id = intval($_GET['id']);
+	$id = intval($_POST['id']);
 	$q="UPDATE award_prizes SET 
-				prize='".mysql_escape_string(stripslashes($_GET['prize']))."', 
-				cash='".intval($_GET['cash'])."',
-				scholarship='".intval($_GET['scholarship'])."',
-				value='".intval($_GET['value'])."',
-				number='".intval($_GET['number'])."',
-				excludefromac='".(($_GET['excludefromac']==1)? 1 : 0)."',
-				trophystudentkeeper='".(($_GET['trophystudentkeeper']==1) ? 1 : 0)."',
-				trophystudentreturn='".(($_GET['trophystudentreturn']==1) ? 1 : 0)."',
-				trophyschoolkeeper='".(($_GET['trophyschoolkeeper']==1) ? 1 : 0)."',
-				trophyschoolreturn='".(($_GET['trophyschoolreturn']==1) ? 1 : 0)."'
+				prize='".mysql_escape_string(stripslashes($_POST['prize']))."', 
+				cash='".intval($_POST['cash'])."',
+				scholarship='".intval($_POST['scholarship'])."',
+				value='".intval($_POST['value'])."',
+				number='".intval($_POST['number'])."',
+				excludefromac='".(($_POST['excludefromac']==1)? 1 : 0)."',
+				trophystudentkeeper='".(($_POST['trophystudentkeeper']==1) ? 1 : 0)."',
+				trophystudentreturn='".(($_POST['trophystudentreturn']==1) ? 1 : 0)."',
+				trophyschoolkeeper='".(($_POST['trophyschoolkeeper']==1) ? 1 : 0)."',
+				trophyschoolreturn='".(($_POST['trophyschoolreturn']==1) ? 1 : 0)."'
 				WHERE id='$id'";
 	mysql_query($q);
 //	echo $q;
@ -233,7 +232,7 @@ function update_awardinfo()

 function awardinfo_save()
 {
-	$("#awardinfo_info").load("<?$_SERVER['PHP_SELF']?>?action=awardinfo_save", $("#awardinfo").serialize());
+	$("#awardinfo_info").post("<?$_SERVER['PHP_SELF']?>?action=awardinfo_save", $("#awardinfo").serialize());
 	return 0;
 }

@ -311,13 +310,13 @@ function edit_prize(id)

 function eligibility_save()
 {
-	$("#eligibility_info").load("<?$_SERVER['PHP_SELF']?>?action=eligibility_save", $("#eligibility").serialize());
+	$("#eligibility_info").post("<?$_SERVER['PHP_SELF']?>?action=eligibility_save", $("#eligibility").serialize());
 	return 0;
 }

 function prize_save()
 {
-	$("#prizeinfo_info").load("<?$_SERVER['PHP_SELF']?>?action=prize_save", $("#prizeinfo").serialize());
+	$("#prizeinfo_info").post("<?$_SERVER['PHP_SELF']?>?action=prize_save", $("#prizeinfo").serialize());
 	update_prizeinfo();
 	return 0;
 }
@ -357,22 +356,21 @@ $(document).ready(function() {
 			draggable: false
 		});

-    $("#editor_tabs").tabs({
+	$("#editor_tabs").tabs({
 			show: function(event, ui) { 
-						switch(ui.panel.id) {
-						case 'editor_tab_awardinfo':
-							update_awardinfo();
-							break;			
-						case 'editor_tab_eligibility':
-							update_eligibility();
-							break;			
-						case 'editor_tab_prizes':
-							update_prizeinfo();
-							break;			
-						}
-					},
+				switch(ui.panel.id) {
+				case 'editor_tab_awardinfo':
+					update_awardinfo();
+					break;			
+				case 'editor_tab_eligibility':
+					update_eligibility();
+					break;			
+				case 'editor_tab_prizes':
+					update_prizeinfo();
+					break;			
+				}
+			},
 			selected: -1,
-
 		});

 }); 
@ -391,7 +389,7 @@ $(document).ready(function() {
 </ul>

 <div id="editor_tab_awardinfo">
-	<h2><?=i18n("Award Info")?></h2>
+	<h4><?=i18n("Award Info")?></h4>
 	<div id="awardinfo_info"></div>
 	<form id="awardinfo">
 	<input type="hidden" name="id" id="awardinfo_id" value="0" />
@ -432,7 +430,7 @@ $(document).ready(function() {
 			<td class="right"><textarea class="translatable" id="awardinfo_description" name="description" rows="3" cols="50">Loading...</textarea></td></tr>
 	</table>

-	<h2>Options</h2>
+	<h4>Options</h4>
 	<table class="tableedit">
 	<tr><td class="left">
 		<input type="checkbox" id="awardinfo_excludefromac" name="excludefromac" value="1"></td>
@ -452,7 +450,7 @@ $(document).ready(function() {

 <? /* Next Tab */ ?>
 <div id="editor_tab_eligibility">
-	<h3><?=i18n("Eligibility")?></h3>
+	<h4><?=i18n("Eligibility")?></h4>
 	<div id="eligibility_info"></div>
 	<form id="eligibility">
 	<input type="hidden" id="eligibility_id" name="id" value="" />
@ -490,7 +488,7 @@ $(document).ready(function() {

 <div id="editor_tab_prizes">
 	<div id="prizeinfo_info"></div> 
-	<h3><?=i18n("Prizes")?></h3>
+	<h4><?=i18n("Prizes")?></h4>
 	<br />
 	<table id="prizelist" class="tableview"> 
 	<tr class="nodrop nodrag">
@ -507,7 +505,7 @@ $(document).ready(function() {
 	<br >
 	<hr>

-	<br /><h3 id="prizeinfo_edit_header">Click on a prize to edit</h3><br />
+	<br /><h4 id="prizeinfo_edit_header">Click on a prize to edit</h4><br />
 	<form id="prizeinfo">
 	<input type="hidden" id="prizeinfo_id" name="id" value=""/>
 	<input type="hidden" id="prizeinfo_award_awards_id" name="award_awards_id" value=""/>