newname = '$teamName';"); }else{ error_("Unable to update record"); echo(""); } break; case 'delete': $success = false; $teamId = mysql_real_escape_string($_POST['teamId']); $teamName = mysql_real_escape_string($_POST['teamname']); // a quick check to make sure the team being updated does indeed belong // to this school $query = 'SELECT COUNT(*) AS tally FROM so_teams WHERE schools_id=' . $_SESSION['schoolid'] . ' AND id=' . $teamId; $testResults = mysql_fetch_array(mysql_query($query)); if($testResults['tally'] == 1){ // ok, the team belongs to the school that this session belongs to. We can // can go ahead and save the changes. $query = 'DELETE FROM so_teams '; $query .= 'WHERE schools_id=' . $_SESSION['schoolid'] . ' '; $query .= 'AND id=' . $teamId; if(mysql_query($query)){ $success = true; } } if($success){ happy_("Team successfully deleted"); echo(""); }else{ error_("Unable to delete record"); echo(""); } break; default: draw_page(); } }else{ header('Location: schoolaccess.php'); } function draw_page(){ $title = i18n("Manage Teams"); send_header($title, array("School Access" => "schoolaccess.php")); ?> '; $teamList = mysql_query("SELECT * FROM so_teams WHERE schools_id = " . $_SESSION['schoolid']); while($team = mysql_fetch_array($teamList)){ echo '