$val) { $where[] = idf_escape($key) . " = BINARY '" . mysql_real_escape_string($val) . "'"; //! enum and set } foreach ((array) $_GET["null"] as $key) { $where[] = idf_escape($key) . " IS NULL"; } if ($_POST) { if (isset($_POST["delete"])) { $query = "DELETE FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1"; $message = lang('Item has been deleted.'); } else { $set = array(); foreach ($_POST["fields"] as $key => $val) { $name = bracket_escape($key, "back"); $field = $fields[$name]; if (preg_match('~char|text|set~', $field["type"]) ? $_POST["null"][$key] : !strlen($val)) { $val = "NULL"; } elseif ($field["type"] == "enum") { $val = intval($val); } elseif ($field["type"] == "set") { $val = array_sum((array) $val); } else { $val = "'" . mysql_real_escape_string($val) . "'"; } $set[] = idf_escape($name) . " = $val"; } if ($where) { $query = "UPDATE " . idf_escape($_GET["edit"]) . " SET " . implode(", ", $set) . " WHERE " . implode(" AND ", $where) . " LIMIT 1"; $message = lang('Item has been updated.'); } else { $query = "INSERT INTO " . idf_escape($_GET["edit"]) . " SET " . implode(", ", $set); $message = lang('Item has been inserted.'); } } if (mysql_query($query)) { redirect($SELF . ($_POST["insert"] ? "edit=" : "select=") . urlencode($_GET["edit"]), $message); } $error = mysql_error(); } page_header(($_GET["where"] ? lang('Edit') : lang('Insert')) . ": " . htmlspecialchars($_GET["edit"])); if ($_POST) { echo "
" . lang('Error during saving') . ": " . htmlspecialchars($error) . "
\n"; $data = $_POST["fields"]; foreach ($_POST["null"] as $key => $val) { $data[$key] = null; } } elseif ($where) { $select = array(); foreach ($fields as $name => $field) { if (in_array("select", $field["privileges"]) && in_array(($where ? "update" : "insert"), $field["privileges"])) { $select[] = ($field["type"] == "enum" || $field["type"] == "set" ? "1*" . idf_escape($name) . " AS " : "") . idf_escape($name); } } $data = ($select ? mysql_fetch_assoc(mysql_query("SELECT " . implode(", ", $select) . " FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1")) : array()); } else { $data = array(); } ?>