- if (empty($_GET['mode'])) $_GET['mode'] = "add";
- $SQL = "";
- switch ($_GET['mode'])
- {
- case "add":
- // Check if banner is already added
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_refbanner WHERE url='%s' LIMIT 1",
- array($_POST['url']), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 0)
- {
- // Add banner
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_refbanner (url, alternate, visible)
-VALUES ('%s', '%s', '%s')",
- array($_POST['url'], $_POST['alternate'], $_POST['visible']), __FILE__, __LINE__);
- }
- else
- {
- // Free memory
- SQL_FREERESULT($result);
- }
- break;
+ if (!isGetRequestParameterSet('mode')) setGetRequestParameter('mode', 'add');
+ $sql = '';
+ switch (getRequestParameter('mode')) {
+ case 'add':
+ // Check if banner is already added
+ $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_refbanner` WHERE url='%s' LIMIT 1",
+ array(postRequestParameter('url')), __FILE__, __LINE__);
+ if (SQL_HASZERONUMS($result)) {
+ // Add banner
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_refbanner` (url, alternate, visible)
+VALUES ('%s','%s','%s')",
+ array(postRequestParameter('url'), postRequestParameter('alternate'), postRequestParameter('visible')), __FILE__, __LINE__);
+ } else {
+ // Free memory
+ SQL_FREERESULT($result);
+ }
+ break;