<?php
/***************************************************************************
- * Copyright (C) 2003-2010 Polytechnique.org *
+ * Copyright (C) 2003-2011 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
* $idfield : the field of the table which is the id, ex: id
* $editid : is the id editable or not (if not, it is considered as an int)
*/
- public function __construct($plname, $table, $idfield, $editid=false)
+ public function __construct($plname, $table, $idfield, $editid = false, $idfield2 = false)
{
$this->pl = $plname;
$this->table = $table;
$this->idfield = $idfield;
+ $this->idfield2 = $idfield2;
$this->sortfield = $idfield;
$this->idfield_editable = $editid;
$this->whereclause = '1';
}
// call when done
- public function apply(PlPage &$page, $action, $id = false)
+ public function apply(PlPage $page, $action, $id = false, $id2 = false)
{
$page->coreTpl('table-editor.tpl');
$list = true;
if (!isset($this->delete_action)) {
foreach ($this->jtables as $table => $j)
XDB::execute("DELETE FROM {$table} WHERE {$j['joinid']} = {?}{$j['joinextra']}", $id);
- XDB::execute("DELETE FROM {$this->table} WHERE {$this->idfield} = {?}",$id);
- $page->trigSuccess("L'entrée ".$id." a été supprimée.");
+ $where = XDB::format("{$this->idfield} = {?}", $id);
+ if ($this->idfield2) {
+ $where .= XDB::format(" AND {$this->idfield2} = {?}", $id2);
+ }
+ XDB::rawExecute("DELETE FROM {$this->table} WHERE " . $where);
+ $page->trigSuccess("L'entrée " . $id . (($id2) ? '-' . $id2 : '') . ' a été supprimée.');
} else if ($this->delete_action) {
XDB::execute($this->delete_action, $id);
if (isset($this->delete_message)) {
if ($action == 'update') {
S::assert_xsrf_token();
- $values = "";
$cancel = false;
+ $values = array();
+ $new = false;
foreach ($this->vars as $field => $descr) {
- if ($values) $values .= ',';
- if (($field == $this->idfield) && !$this->idfield_editable) {
- if ($id === false || $id === null) {
- $val = "'".addslashes(XDB::fetchOneCell("SELECT MAX( {$field} ) + 1 FROM {$this->table}"))."'";
+ $val = null;
+ $new = ($id === false || $id === null);
+ if ($field == $this->idfield && !$this->idfield_editable) {
+ if ($new) {
+ $val = XDB::fetchOneCell("SELECT MAX({$field}) + 1
+ FROM {$this->table}");
} else {
- $val = "'".addslashes($id)."'";
+ continue;
}
} elseif ($descr['Type'] == 'set') {
- $val = "";
- if (Post::has($field)) foreach (Post::v($field) as $option) {
- if ($val) $val .= ',';
- $val .= $option;
+ $val = new PlFlagset();
+ if (Post::has($field)) {
+ foreach (Post::v($field) as $option) {
+ $val->addFlag($option);
+ }
}
- $val = "'".addslashes($val)."'";
} elseif ($descr['Type'] == 'checkbox') {
- $val = Post::has($field)?"'".addslashes($descr['Value'])."'":"''";
+ $val = Post::has($field)? $descr['Value'] : "";
} elseif (Post::has($field)) {
$val = Post::v($field);
if ($descr['Type'] == 'timestamp') {
$val = preg_replace('/([0-9]{1,2})\/([0-9]{1,2})\/([0-9]{4}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/', '\3\2\1\4\5\6', $val);
- }
- elseif ($descr['Type'] == 'date') {
+ } else if ($descr['Type'] == 'date') {
$val = preg_replace('/([0-9]{1,2})\/([0-9]{1,2})\/([0-9]{4})/', '\3-\2-\1', $val);
- }
- elseif ($descr['Type'] == 'ip_address') {
+ } elseif ($descr['Type'] == 'ip_address') {
$val = ip2long($val);
}
- $val = "'".addslashes($val)."'";
} else {
$cancel = true;
$page->trigError("Il manque le champ ".$field);
}
- $values .= $val;
+ $values[$field] = XDB::escape($val);
}
if (!$cancel) {
- if ($this->idfield_editable && $id != Post::v($this->idfield))
- XDB::execute("UPDATE {$this->table} SET {$this->idfield} = {?} WHERE {$this->idfield} = {?} AND {$this->whereclause}", Post::v($this->idfield), $id);
- XDB::execute("REPLACE INTO {$this->table} VALUES ($values)");
+ if (!$new) {
+ $update = array();
+ foreach ($values as $field => $value) {
+ $update[] = $field . ' = ' . $value;
+ }
+ $update = implode(', ', $update);
+ XDB::rawExecute("UPDATE {$this->table}
+ SET {$update}
+ WHERE {$this->idfield} = " . XDB::escape($id) . "
+ AND {$this->whereclause}");
+ } else {
+ $fields = implode(', ', array_keys($values));
+ $values = implode(', ', $values);
+ XDB::rawExecute("INSERT INTO {$this->table} ({$fields})
+ VALUES ({$values})");
+ }
if ($id !== false && $id !== null) {
$page->trigSuccess("L'entrée ".$id." a été mise à jour.");
} else {
$page->trigSuccess("Une nouvelle entrée a été créée.");
$id = XDB::insertId();
}
- } else
+ } else {
$page->trigError("Impossible de mettre à jour.");
+ }
if (!$this->auto_return) {
return $this->apply($page, 'edit', $id);
}