arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Fix character encoding problems in student editor and project editor

Browse Source
This commit is contained in:
james 2010-03-03 20:13:46 +00:00
parent 6def9680bc
commit b99f730a71
2 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
admin/project_editor.php
View File

@ -113,13 +113,13 @@ function project_save()
$title=stripslashes($_POST['title']); $title=stripslashes($_POST['title']);
mysql_query("UPDATE projects SET ". mysql_query("UPDATE projects SET ".
"title='".mysql_escape_string($title)."', ". "title='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",$title))."', ".
"projectdivisions_id='".$_POST['projectdivisions_id']."', ". "projectdivisions_id='".$_POST['projectdivisions_id']."', ".
"language='".mysql_escape_string(stripslashes($_POST['language']))."', ". "language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ". "req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ". "req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
"req_special='".mysql_escape_string(stripslashes($_POST['req_special']))."', ". "req_special='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['req_special'])))."', ".
"summary='".mysql_escape_string(stripslashes($_POST['summary']))."', ". "summary='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['summary'])))."', ".
"summarycountok='$summarycountok',". "summarycountok='$summarycountok',".
"projectsort='".mysql_escape_string(stripslashes($_POST['projectsort']))."'". "projectsort='".mysql_escape_string(stripslashes($_POST['projectsort']))."'".
"WHERE id='".$_POST['id']."'"); "WHERE id='".$_POST['id']."'");

38
admin/student_editor.php
View File

@ -116,13 +116,13 @@ function students_save()
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x]; $dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
mysql_query("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (". mysql_query("INSERT INTO students (registrations_id,firstname,lastname,sex,email,address,city,province,postalcode,phone,dateofbirth,grade,schools_id,tshirt,medicalalert,foodreq,teachername,teacheremail,year) VALUES (".
"'".$registrations_id."', ". "'".$registrations_id."', ".
"'".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ". "'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['firstname'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ". "'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['lastname'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ". "'".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ". "'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['email'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['address'][$x]))."', ". "'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['address'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['city'][$x]))."', ". "'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['city'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['province'][$x]))."', ". "'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['province'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ". "'".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ". "'".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
"'$dob', ". "'$dob', ".
@ -131,8 +131,8 @@ function students_save()
"'".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."', ". "'".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ". "'".mysql_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['foodreq'][$x]))."', ". "'".mysql_escape_string(stripslashes($_POST['foodreq'][$x]))."', ".
"'".mysql_escape_string(stripslashes($_POST['teachername'][$x]))."', ". "'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['teachername'][$x])))."', ".
"'".mysql_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ". "'".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['teacheremail'][$x])))."', ".
"'".$config['FAIRYEAR']."')"); "'".$config['FAIRYEAR']."')");
happy_("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x])); happy_("%1 %2 successfully added",array($_POST['firstname'][$x],$_POST['lastname'][$x]));
@ -151,25 +151,25 @@ function students_save()
//UPDATE existing record //UPDATE existing record
$dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x]; $dob=$_POST['year'][$x]."-".$_POST['month'][$x]."-".$_POST['day'][$x];
mysql_query("UPDATE students SET ". mysql_query("UPDATE students SET ".
"firstname='".mysql_escape_string(stripslashes($_POST['firstname'][$x]))."', ". "firstname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['firstname'][$x])))."', ".
"lastname='".mysql_escape_string(stripslashes($_POST['lastname'][$x]))."', ". "lastname='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['lastname'][$x])))."', ".
"sex='".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ". "sex='".mysql_escape_string(stripslashes($_POST['sex'][$x]))."', ".
"email='".mysql_escape_string(stripslashes($_POST['email'][$x]))."', ". "email='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['email'][$x])))."', ".
"address='".mysql_escape_string(stripslashes($_POST['address'][$x]))."', ". "address='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['address'][$x])))."', ".
"city='".mysql_escape_string(stripslashes($_POST['city'][$x]))."', ". "city='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['city'][$x])))."', ".
"province='".mysql_escape_string(stripslashes($_POST['province'][$x]))."', ". "province='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['province'][$x])))."', ".
"postalcode='".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ". "postalcode='".mysql_escape_string(stripslashes($_POST['postalcode'][$x]))."', ".
"phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ". "phone='".mysql_escape_string(stripslashes($_POST['phone'][$x]))."', ".
"dateofbirth='$dob', ". "dateofbirth='$dob', ".
"grade='".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ". "grade='".mysql_escape_string(stripslashes($_POST['grade'][$x]))."', ".
$schoolquery. $schoolquery.
"medicalalert='".mysql_escape_string(stripslashes($_POST['medicalalert'][$x]))."', ". "medicalalert='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['medicalalert'][$x])))."', ".
"foodreq='".mysql_escape_string(stripslashes($_POST['foodreq'][$x]))."', ". "foodreq='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['foodreq'][$x])))."', ".
"teachername='".mysql_escape_string(stripslashes($_POST['teachername'][$x]))."', ". "teachername='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['teachername'][$x])))."', ".
"teacheremail='".mysql_escape_string(stripslashes($_POST['teacheremail'][$x]))."', ". "teacheremail='".mysql_escape_string(iconv("UTF-8","ISO-8859-1",stripslashes($_POST['teacheremail'][$x])))."', ".
"tshirt='".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."' ". "tshirt='".mysql_escape_string(stripslashes($_POST['tshirt'][$x]))."' ".
"WHERE id='".$_POST['id'][$x]."'"); "WHERE id='".$_POST['id'][$x]."'");
happy_("%1 %2 successfully updated",array($_POST['firstname'][$x],$_POST['lastname'][$x])); happy_("%1 %2 successfully updated",array(iconv("UTF-8","ISO-8859-1",$_POST['firstname'][$x]),iconv("UTF-8","ISO-8859-1",$_POST['lastname'][$x])));
} }
$x++; $x++;
} }