- switch ($_POST['ok'])
- {
- case "edit": // Edit menu
- foreach ($_POST['sel'] as $sel => $menu)
- {
- // Secure ID
- $sel = bigintval($sel);
-
- // Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET
-title='%s',
-action='%s',
-what='%s',
-descr='%s'
-WHERE ".$AND." AND id=%s LIMIT 1",
- array(
- $menu,
- $_POST['sel_action'][$sel],
- $_POST['sel_what'][$sel],
- $_POST['sel_desc'][$sel],
- $sel,
-), __FILE__, __LINE__);
- }
- CACHE_PURGE_ADMIN_MENU(0, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel]);
- LOAD_TEMPLATE("admin_data_saved");
- break;
-
- case "del": // Delete menu
- foreach ($_POST['sel'] as $sel => $menu)
- {
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($sel)), __FILE__, __LINE__);
- CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
- }
- LOAD_TEMPLATE("admin_data_saved");
- break;
-
- default: // Unexpected action
- define('__OK_VALUE', $_POST['ok']);
- LOAD_TEMPLATE("admin_menu_unknown_okay");
- break;
- }
-}
- else
-{
- if ((!empty($_GET['act'])) && (!empty($_GET['tid'])) && (!empty($_GET['fid'])))
- {
- // Get IDs
- if (!empty($_GET['w']))
- {
- // Sub menus selected
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND sort='%s' LIMIT 1",
- array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
- list($tid) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- $result = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND sort='%s' LIMIT 1",
- array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
- list($fid) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- }
- else
- {
- // Main menu selected
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) AND sort='%s' LIMIT 1",
- array(bigintval($_GET['tid'])), __FILE__, __LINE__);
- list($tid) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) AND sort='%s' LIMIT 1",
- array(bigintval($_GET['fid'])), __FILE__, __LINE__);
- list($fid) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- }
-
- if ((!empty($tid)) && (!empty($fid)))
- {
- // Sort menu
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admin_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
- CACHE_PURGE_ADMIN_MENU(0, "", "", $AND);
- }
- }
+ switch (postRequestElement('ok')) {
+ case 'edit': // Edit menu
+ foreach (postRequestElement('sel') as $sel => $menu) {
+ // Secure id
+ $sel = bigintval($sel);
+
+ // Update entry
+ SQL_QUERY_ESC("UPDATE
+ `{?_MYSQL_PREFIX?}_admin_menu`
+SET
+ `title`='%s',
+ `action`='%s',
+ `what`='%s',
+ `descr`='%s'
+WHERE
+ ".$AND." AND
+ `id`=%s
+LIMIT 1",
+ array(
+ $menu,
+ postRequestElement('sel_action', $sel),
+ postRequestElement('sel_what', $sel),
+ postRequestElement('sel_desc', $sel),
+ $sel,
+ ), __FILE__, __LINE__);
+ }