From fc585473934605d12b2e970436bb81f6b28cd7e8 Mon Sep 17 00:00:00 2001 From: cookie Date: Sun, 6 Nov 2005 01:19:11 +0000 Subject: [PATCH] weiter mit den Naesten files git-svn-id: svn://svn.cccv.de/engel-system@15 29ba0400-6e00-0410-a75a-ca02368028f8 --- admin/EngelType.php | 58 +++++++++++++++++++++++---------------------- admin/room.php | 33 ++++++++++++++------------ 2 files changed, 48 insertions(+), 43 deletions(-) diff --git a/admin/EngelType.php b/admin/EngelType.php index 5e3aef49..964d861b 100755 --- a/admin/EngelType.php +++ b/admin/EngelType.php @@ -7,16 +7,17 @@ include ("./inc/funktion_user.php"); function runSQL( $SQL) { include( "./inc/db.php"); - echo $SQL; // hier muesste das SQL ausgefuehrt werden... $Erg = mysql_query($SQL, $con); if ($Erg == 1) { - echo "Änderung wurde gesichert...
"; - return 1; + echo "Änderung wurde gesichert...
"; + echo "[$SQL]
"; + return 1; } else { - echo "Fehler beim speichern... bitte noch ein mal probieren :)"; - echo "

".mysql_error( $con ). "
"; - return 0; + echo "Fehler beim speichern... bitte noch ein mal probieren :)"; + echo "

".mysql_error( $con ). "
"; + echo "[$SQL]
"; + return 0; } } @@ -24,7 +25,7 @@ function runSQL( $SQL) $Sql = "SELECT * FROM `EngelType`"; $Erg = mysql_query($Sql, $con); -if( !IsSet($action) ) +if( !IsSet($_GET["action"]) ) { echo "Hallo ".$_SESSION['Nick']. ",
\nhier hast du die Möglichkeit, neue Engeltypen für die Schichtpläne einzutragen ". @@ -57,11 +58,11 @@ if( !IsSet($action) ) else { -switch ($action) { +switch ($_GET["action"]) { case 'new': echo "Neuen EngelType einrichten:
"; - echo "
\n"; + echo "\n"; echo "\n"; for( $Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++ ) @@ -76,9 +77,11 @@ case 'new': break; case 'newsave': - $vars = $HTTP_POST_VARS; + $vars = $HTTP_GET_VARS; $count = count($vars) - 1; $vars = array_splice($vars, 0, $count); + $Keys=""; + $Values=""; foreach($vars as $key => $value){ $Keys .= ", `$key`"; $Values .= ", '$value'"; @@ -88,7 +91,7 @@ case 'newsave': { SetHeaderGo2Back(); - $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='". $_POST["Name"]. "'"; + $SQL2 = "SELECT * FROM `EngelType` WHERE `Name`='". $_GET["Name"]. "'"; $ERG = mysql_query($SQL2, $con); if( mysql_num_rows($ERG) == 1) @@ -99,7 +102,7 @@ case 'newsave': break; case 'change': - if (! IsSet($TID)) { + if (! IsSet($_GET["TID"])) { echo "Fehlerhafter Aufruf!"; } else { @@ -107,25 +110,25 @@ case 'change': echo "Hier kannst du eintragen, den EngelType ändern."; - echo "\n"; + echo "\n"; echo "
\n"; - $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='$TID'"; + $SQL2 = "SELECT * FROM `EngelType` WHERE `TID`='". $_GET["TID"]. "'"; $ERG = mysql_query($SQL2, $con); for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++) { - echo "". - "\n"; + echo "". + "\n"; } echo "
".mysql_field_name($ERG, $Uj)."
". mysql_field_name($ERG, $Uj). "
\n"; - echo "\n"; + echo "\n"; echo "\n"; echo "\n"; echo "
"; - echo "
\n"; - echo "\n"; + echo "\n"; + echo "\n"; echo "\n"; echo ""; echo "
"; @@ -133,32 +136,31 @@ case 'change': break; case 'changesave': - $vars = $HTTP_POST_VARS; + $vars = $HTTP_GET_VARS; $count = count($vars) - 2; $vars = array_splice($vars, 0, $count); + $keys=""; + $sql=""; foreach($vars as $key => $value){ $keys = substr($key,1); $sql .= ", `".$keys."`='".$value."'"; - } - runSQL( "UPDATE `EngelType` SET ". substr($sql, 2). " WHERE `TID`='".$eTID."'"); + runSQL( "UPDATE `EngelType` SET ". substr($sql, 2). " WHERE `TID`='". $_GET["eTID"]. "'"); SetHeaderGo2Back(); break; case 'delete': - if (IsSet($TID)) + if (IsSet($_GET["TID"])) { - runSQL( "DELETE FROM `EngelType` WHERE `TID`='$TID'"); - runSQL( "ALTER TABLE `Room` DROP `DEFAULT_EID_$TID`;"); + runSQL( "DELETE FROM `EngelType` WHERE `TID`='". $_GET["TID"]. "'"); + runSQL( "ALTER TABLE `Room` DROP `DEFAULT_EID_". $_GET["TID"]. "`;"); } else { echo "Fehlerhafter Aufruf"; } SetHeaderGo2Back(); break; - } } - include ("./inc/footer.php"); ?> diff --git a/admin/room.php b/admin/room.php index a2cc7d13..3b8cb63c 100755 --- a/admin/room.php +++ b/admin/room.php @@ -8,7 +8,7 @@ include ("./inc/funktion_schichtplan.php"); $Sql = "SELECT * FROM `Room` ORDER BY Number, Name"; $Erg = mysql_query($Sql, $con); -if( !IsSet($action) ) +if( !IsSet($_GET["action"]) ) { echo "Hallo ".$_SESSION['Nick']. ",
\nhier hast du die Möglichkeit, neue Räume für die Schichtpläne einzutragen ". @@ -46,11 +46,11 @@ else UnSet($SQL); -switch ($action) { +switch ($_GET["action"]) { case 'new': echo "Neuen Raum einrichten:
"; - echo "
\n"; + echo "\n"; echo "\n"; for( $Uj = 1; $Uj < mysql_num_fields($Erg); $Uj++ ) @@ -72,10 +72,13 @@ case 'new': break; case 'newsave': - $vars = $HTTP_POST_VARS; + $vars = $HTTP_GET_VARS; $count = count($vars) - 1; $vars = array_splice($vars, 0, $count); - foreach($vars as $key => $value){ + $Keys = ""; + $Values = ""; + foreach($vars as $key => $value) + { $Keys .= ", `$key`"; $Values .= ", '$value'"; } @@ -95,7 +98,7 @@ case 'newsave': break; case 'change': - if (! IsSet($RID)) { + if (! IsSet($_GET["RID"])) { echo "Fehlerhafter Aufruf!"; } else { @@ -103,10 +106,10 @@ case 'change': echo "Hier kannst du eintragen, welche und wieviele Engel für den Raum zur Verfügung stehen müssen."; - echo "\n"; + echo "\n"; echo "
\n"; - $SQL2 = "SELECT * FROM `Room` WHERE `RID`='$RID'"; + $SQL2 = "SELECT * FROM `Room` WHERE `RID`='". $_GET["RID"]. "'"; $ERG = mysql_query($SQL2, $con); for ($Uj = 1; $Uj < mysql_num_fields($ERG); $Uj++) @@ -123,12 +126,12 @@ case 'change': echo"\n"; } echo "
\n"; - echo "\n"; + echo "\n"; echo "\n"; echo "\n"; echo "
"; - echo "
\n"; - echo "\n"; + echo "\n"; + echo "\n"; echo "\n"; echo ""; echo "
"; @@ -137,7 +140,7 @@ case 'change': case 'changesave': $sql=""; - $vars = $HTTP_POST_VARS; + $vars = $HTTP_GET_VARS; $count = count($vars) - 2; $vars = array_splice($vars, 0, $count); foreach($vars as $key => $value){ @@ -145,13 +148,13 @@ case 'changesave': $sql .= ", `".$keys."`='".$value."' "; } - $SQL = "UPDATE `Room` SET ". substr($sql, 2). " WHERE `RID`='".$eRID."'"; + $SQL = "UPDATE `Room` SET ". substr($sql, 2). " WHERE `RID`='". $_GET["eRID"]. "'"; SetHeaderGo2Back(); break; case 'delete': - if (IsSet($RID)) { - $SQL="DELETE FROM `Room` WHERE `RID`='$RID'"; + if (IsSet($_GET["RID"])) { + $SQL="DELETE FROM `Room` WHERE `RID`='". $_GET["RID"]. "'"; } else { echo "Fehlerhafter Aufruf"; }