X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=classes%2Fpltableeditor.php;h=88a413309f304dce04c6db716b93010157e0f55d;hb=acfa828e1057ce2edc55437cd69c615e3b06f56e;hp=f61dd4fc80b981cfeeb390eaa6dd782447c036f6;hpb=7e001f68b7928d80ccf32b8a8bca55d304476d3e;p=platal.git diff --git a/classes/pltableeditor.php b/classes/pltableeditor.php index f61dd4f..88a4133 100644 --- a/classes/pltableeditor.php +++ b/classes/pltableeditor.php @@ -281,55 +281,69 @@ class PLTableEditor if ($action == 'update') { S::assert_xsrf_token(); - $values = ""; $cancel = false; + $values = array(); + $new = false; foreach ($this->vars as $field => $descr) { - if ($values) $values .= ','; - if (($field == $this->idfield) && !$this->idfield_editable) { - if ($id === false || $id === null) { - $val = "'".addslashes(XDB::fetchOneCell("SELECT MAX( {$field} ) + 1 FROM {$this->table}"))."'"; + $val = null; + $new = ($id === false || $id === null); + if ($field == $this->idfield && !$this->idfield_editable) { + if ($new) { + $val = XDB::fetchOneCell("SELECT MAX({$field}) + 1 + FROM {$this->table}"); } else { - $val = "'".addslashes($id)."'"; + continue; } } elseif ($descr['Type'] == 'set') { - $val = ""; - if (Post::has($field)) foreach (Post::v($field) as $option) { - if ($val) $val .= ','; - $val .= $option; + $val = new PlFlagset(); + if (Post::has($field)) { + foreach (Post::v($field) as $option) { + $val->addFlag($option); + } } - $val = "'".addslashes($val)."'"; } elseif ($descr['Type'] == 'checkbox') { - $val = Post::has($field)?"'".addslashes($descr['Value'])."'":"''"; + $val = Post::has($field)? $descr['Value'] : ""; } elseif (Post::has($field)) { $val = Post::v($field); if ($descr['Type'] == 'timestamp') { $val = preg_replace('/([0-9]{1,2})\/([0-9]{1,2})\/([0-9]{4}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})/', '\3\2\1\4\5\6', $val); - } - elseif ($descr['Type'] == 'date') { + } else if ($descr['Type'] == 'date') { $val = preg_replace('/([0-9]{1,2})\/([0-9]{1,2})\/([0-9]{4})/', '\3-\2-\1', $val); - } - elseif ($descr['Type'] == 'ip_address') { + } elseif ($descr['Type'] == 'ip_address') { $val = ip2long($val); } - $val = "'".addslashes($val)."'"; } else { $cancel = true; $page->trigError("Il manque le champ ".$field); } - $values .= $val; + $values[$field] = XDB::escape($val); } if (!$cancel) { - if ($this->idfield_editable && $id != Post::v($this->idfield)) - XDB::execute("UPDATE {$this->table} SET {$this->idfield} = {?} WHERE {$this->idfield} = {?} AND {$this->whereclause}", Post::v($this->idfield), $id); - XDB::execute("REPLACE INTO {$this->table} VALUES ($values)"); + if (!$new) { + $update = array(); + foreach ($values as $field => $value) { + $update[] = $field . ' = ' . $value; + } + $update = implode(', ', $update); + XDB::rawExecute("UPDATE {$this->table} + SET {$update} + WHERE {$this->idfield} = " . XDB::escape($id) . " + AND {$this->whereclause}"); + } else { + $fields = implode(', ', array_keys($values)); + $values = implode(', ', $values); + XDB::rawExecute("INSERT INTO {$this->table} ({$fields}) + VALUES ({$values})"); + } if ($id !== false && $id !== null) { $page->trigSuccess("L'entrée ".$id." a été mise à jour."); } else { $page->trigSuccess("Une nouvelle entrée a été créée."); $id = XDB::insertId(); } - } else + } else { $page->trigError("Impossible de mettre à jour."); + } if (!$this->auto_return) { return $this->apply($page, 'edit', $id); }