- if (empty($_GET['mode'])) $_GET['mode'] = "add";
- $SQL = "";
- switch ($_GET['mode'])
- {
- case "add":
- // Check if banner is already added
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_refbanner WHERE url='%s' LIMIT 1",
- array($_POST['url']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 0)
- {
- // Add banner
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_refbanner (url, alternate, visible)
-VALUES ('%s', '%s', '%s')",
- array($_POST['url'], $_POST['alternate'], $_POST['visible']), __FILE__, __LINE__);
- }
- else
- {
+ if (!isGetRequestElementSet('mode')) setGetRequestElement('mode', 'add');
+ $sql = '';
+ switch (getRequestElement('mode')) {
+ case 'add':
+ // Check if banner is already added
+ $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_refbanner` WHERE `url`='%s' LIMIT 1",
+ array(postRequestElement('url')), __FILE__, __LINE__);
+
+ // Was the banner found?
+ if (SQL_HASZERONUMS($result)) {
+ // Add banner
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_refbanner` (`url`,`alternate`,`visible`)
+VALUES ('%s','%s','%s')",
+ array(
+ postRequestElement('url'),
+ postRequestElement('alternate'),
+ postRequestElement('visible')
+ ), __FILE__, __LINE__);
+ } // END - if
+