$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
-if (!empty($_GET['sub']))
-{
- $AND = sprintf("action='%s'", SQL_ESCAPE($_GET['sub']));
+if (!empty($_GET['sub'])) {
+ $AND = sprintf("action='%s' AND what IS NOT NULL", SQL_ESCAPE($_GET['sub']));
// Get count of (maybe) selected menu points
$chk = 0;
if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
// Get count of (maybe) selected menu points
$chk = 0;
if (!empty($_POST['sel'])) $chk = SELECTION_COUNT($_POST['sel']);
define('__CHK_VALUE', $chk);
$cnt = 0; $SW = 2; $OUT = "";
define('__CHK_VALUE', $chk);
$cnt = 0; $SW = 2; $OUT = "";
- $query = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
define('__CHK_VALUE', $chk);
$cnt = 0; $OUT = ""; $SW = 2;
define('__CHK_VALUE', $chk);
$cnt = 0; $OUT = ""; $SW = 2;
- $query = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
break;
case "del": // Delete menu
array($menu, $_POST['sel_action'][$sel], $_POST['sel_what'][$sel], $sel),__FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
break;
case "del": // Delete menu
array(bigintval($sel)), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
break;
case "status": // Change access levels
array(bigintval($sel)), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
break;
case "status": // Change access levels
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET visible='%s', locked='%s' WHERE ".$AND." AND id=%s LIMIT 1",
array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
array($_POST['visible'][$sel], $_POST['locked'][$sel], $sel), __FILE__, __LINE__);
}
LOAD_TEMPLATE("admin_data_saved");
- $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title, visible, locked FROM "._MYSQL_PREFIX."_guest_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// Sub menus selected
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_guest_menu WHERE action='%s' AND sort='%s' LIMIT 1",
array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
// Sub menus selected
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_guest_menu WHERE action='%s' AND sort='%s' LIMIT 1",
array($_GET['act'], bigintval($_GET['tid'])), __FILE__, __LINE__);
array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
array($_GET['act'], bigintval($_GET['fid'])), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
array(bigintval($_GET['tid'])), __FILE__, __LINE__);
list($tid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
array(bigintval($_GET['tid'])), __FILE__, __LINE__);
list($tid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
array(bigintval($_GET['fid'])), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
array(bigintval($_GET['fid'])), __FILE__, __LINE__);
list($fid) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
- array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
- $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%d LIMIT 1",
- array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
- }
- }
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
+ array(bigintval($_GET['tid']), bigintval($fid)), __FILE__, __LINE__);
+ $result_sort = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_guest_menu SET sort='%s' WHERE ".$AND." AND id=%s LIMIT 1",
+ array(bigintval($_GET['fid']), bigintval($tid)), __FILE__, __LINE__);
+ } // END - if
+ } // END - if
- $query = SQL_QUERY("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE what='' ORDER BY sort ASC", __FILE__, __LINE__);
- }
- else
- {
+ $result = SQL_QUERY("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE (what='' OR what IS NULL) ORDER BY sort ASC", __FILE__, __LINE__);
+ } else {
- $query = SQL_QUERY_ESC("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE action='%s' AND what != '' ORDER BY sort ASC",
+ $result = SQL_QUERY_ESC("SELECT id, action, what, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort ASC",
array($SUB), __FILE__, __LINE__);
}
// Get number of menu entries
array($SUB), __FILE__, __LINE__);
}
// Get number of menu entries
- // Some entties does exist!
- if (!empty($SUB))
- {
- // Set sub value
- define('__SUB_VALUE', $SUB);
- }
- else
- {
- // No sub menu selected
- define('__SUB_VALUE', "");
- }
+ // Set sub value
+ define('__SUB_VALUE', $SUB);
- while (list($id, $act, $wht, $title, $sort) = SQL_FETCHROW($query))
+ while (list($id, $act, $wht, $title, $sort) = SQL_FETCHROW($result))