if (isPostRequestParameterSet(('status'))) {
// Change status
if (postRequestParameter('active', $id) == 'Y') {
- $sql = "UPDATE `{?_MYSQL_PREFIX?}_themes` SET theme_active='N' WHERE `id`='".$id."' LIMIT 1";
+ $sql = "UPDATE `{?_MYSQL_PREFIX?}_themes` SET `theme_active`='N' WHERE `id`=%s LIMIT 1";
} else {
- $sql = "UPDATE `{?_MYSQL_PREFIX?}_themes` SET theme_active='Y' WHERE `id`='".$id."' LIMIT 1";
+ $sql = "UPDATE `{?_MYSQL_PREFIX?}_themes` SET `theme_active`='Y' WHERE `id`=%s LIMIT 1";
}
$OUT = getMessage('ADMIN_THEMES_UPDATED');
- } elseif (isPostRequestParameterSet('del')) {
+ } elseif (isFormSent('del')) {
// Delete themes
- $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_themes` WHERE `id`='".$id."' LIMIT 1";
+ $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_themes` WHERE `id`=%s LIMIT 1";
$OUT = getMessage('ADMIN_THEMES_DELETED');
}
// Run SQL command?
if (!empty($sql)) {
// Run it
- $result = SQL_QUERY($sql, __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC($sql, array(bigintval($id)), __FILE__, __LINE__);
// Rebuild cache
rebuildCache('themes', 'them');
// Prepare data for the row template
$content = array(
- 'sw' => $SW,
- 'id' => $content['id'],
- 'active' => $content['theme_active'],
- 'link' => $LINK,
- 'name' => $content['theme_name'],
- 'is_act' => translateYesNo($content['theme_active']),
- 'email' => '<a href="mailto:' . $GLOBALS['theme_data']['email'] . '?Subject=[Theme:] ' . $GLOBALS['theme_data']['name'] . ' (' . $content['theme_path'] . ')\>' . $GLOBALS['theme_data']['author'] . '</a>',
- 'url_link' => generateDerefererUrl($GLOBALS['theme_data']['url']),
- 'url_title' => $GLOBALS['theme_data']['url'],
- 'ver' => $content['theme_ver'],
+ 'sw' => $SW,
+ 'id' => $content['id'],
+ 'link' => $LINK,
+ 'theme_name' => $content['theme_name'],
+ 'theme_active' => $content['theme_active'],
+ 'email' => '<a href="mailto:' . $GLOBALS['theme_data']['email'] . '?Subject=[Theme:] ' . $GLOBALS['theme_data']['name'] . ' (' . $content['theme_path'] . ')\>' . $GLOBALS['theme_data']['author'] . '</a>',
+ 'url_link' => generateDerefererUrl($GLOBALS['theme_data']['url']),
+ 'url_title' => $GLOBALS['theme_data']['url'],
+ 'theme_ver' => $content['theme_ver'],
);
// Load row template and switch color
SQL_FREERESULT($result);
} else {
// No themes found???
- $OUT .= "<tr>
- <td colspan=\"7\" class=\"bottom\" height=\"60\">
- ".loadTemplate('admin_settings_saved', true, getMessage('ADMIN_NO_THEMES_FOUND'))."
+ $OUT .= '<tr>
+ <td colspan="7" class="bottom" height="60">
+ ' . loadTemplate('admin_settings_saved', true, getMessage('ADMIN_NO_THEMES_FOUND')) . '
</td>
-</tr>\n";
+</tr>';
}
// Load template