unsetPostRequestElement('ok');
} // END - if
+// Init SQL array
+nitSqls();
+
if (isFormSent()) {
switch (getRequestElement('do')) {
case 'add':
- addSql("INSERT INTO `{?_MYSQL_PREFIX?}_payments` (`time`, `payment`, `mail_title`, `price`) VALUES ('".postRequestElement('t_wait')."','".postRequestElement('payment')."','".postRequestElement('title')."','".postRequestElement('price')."')");
- if (countSumTotalData(postRequestElement('t_wait'), 'payments', 'id', 'time', TRUE) == 1) {
- // Re-init the array here
- initSqls();
+ if (countSumTotalData(postRequestElement('t_wait'), 'payments', 'id', 'time', TRUE) == 0) {
+ addSql("INSERT INTO
+ `{?_MYSQL_PREFIX?}_payments`
+(
+ `time`,
+ `payment`,
+ `mail_title`,
+ `price`
+) VALUES (
+ '" . postRequestElement('t_wait') . "',
+ '" . postRequestElement('payment') . "',
+ '" . postRequestElement('title') . "',
+ '" . postRequestElement('price') . "'
+)");
} // END - if
break;
case 'edit':
foreach (postRequestElement('time') as $id => $value) {
- addSql("UPDATE `{?_MYSQL_PREFIX?}_payments` SET `time`='" . $value . "',`payment`='".postRequestElement('payment', $id)."', price='".postRequestElement('price', $id)."', mail_title='".postRequestElement('mail_title', $id)."' WHERE `id`='".$id."' LIMIT 1");
+ // Secure id
+ $id = bigintval($id);
+
+ // Add UPDATE
+ addSql("UPDATE
+ `{?_MYSQL_PREFIX?}_payments`
+SET
+ `time`='" . $value . "',
+ `payment`='" . postRequestElement('payment', $id) . "',
+ `price`='" . postRequestElement('price', $id) . "',
+ `mail_title`='" . postRequestElement('mail_title', $id) . "'
+WHERE
+ `id`='" . $id . "'
+LIMIT 1");
} // END - foreach
break;
case 'delete':
foreach (postRequestElement('id') as $id => $value) {
- addSql("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_payments` WHERE `id`=" . bigintval($id) . " LIMIT 1");
+ // Secure id
+ $id = bigintval($id);
+
+ // Add DELETE
+ addSql("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_payments` WHERE `id`=" . $id . " LIMIT 1");
} // END - foreach
break;
} // END - switch
// Delete entries here
$OUT = '';
foreach (postRequestElement('sel') as $id => $value) {
- $result = SQL_QUERY_ESC("SELECT `id`, `time`, `mail_title` FROM `{?_MYSQL_PREFIX?}_payments` WHERE `id`=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT
+ `id`,
+ `time`,
+ `payment`,
+ `mail_title`,
+ `price`
+FROM
+ `{?_MYSQL_PREFIX?}_payments`
+WHERE
+ `id`=%s
+LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
$content = SQL_FETCHARRAY($result);
// Edit entries
$OUT = '';
foreach (postRequestElement('sel') as $id => $value) {
- $result = SQL_QUERY_ESC("SELECT `id`, `time`, `payment`, `mail_title`, `price` FROM `{?_MYSQL_PREFIX?}_payments` WHERE `id`=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT
+ `id`,
+ `time`,
+ `payment`,
+ `mail_title`,
+ `price`
+FROM
+ `{?_MYSQL_PREFIX?}_payments`
+WHERE
+ `id`=%s
+LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
$content = SQL_FETCHARRAY($result);
loadTemplate('admin_edit_payments', FALSE, $OUT);
} else {
// Referral levels
- $result = SQL_QUERY("SELECT `id`, `time`, `payment`, `mail_title`, `price` FROM `{?_MYSQL_PREFIX?}_payments` ORDER BY `time` ASC", __FILE__, __LINE__);
+ $result = SQL_QUERY("SELECT
+ `id`,
+ `time`,
+ `payment`,
+ `mail_title`,
+ `price`
+FROM
+ `{?_MYSQL_PREFIX?}_payments`
+ORDER BY
+ `time` ASC", __FILE__, __LINE__);
if (!SQL_HASZERONUMS($result)) {
// Make referral levels editable and deletable
$OUT = '';