X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=d6b6c0b65e459e6ebcd88095304250e1d8cadc58;hp=395bc3e64e50062e582130f7f90849cd89c33f7b;hb=7076b0bf4f326c0dcb87daa0e02e15b0f42e619e;hpb=2305bb069ede07db6227ab5e51960e501e75d7e6 diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 395bc3e64e..d6b6c0b65e 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -656,10 +656,10 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con $test = (float)$val; if ("".$val."" == "".$test."") { // Add numbers - $DATA[] = $id."=".$val.""; + $DATA[] = sprintf("`%s`=%s%s", $id, $test); } else { // Add strings - $DATA[] = $id."='".trim($val)."'"; + $DATA[] = sprintf("`%s`='%s'", $id, trim($val)); } // Update current configuration @@ -672,9 +672,9 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con $result = false; if (!$alwaysAdd) { if (!empty($whereStatement)) { - $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$tableName." WHERE ".$whereStatement." LIMIT 1", __FILE__, __LINE__); + $result = SQL_QUERY("SELECT * FROM `"._MYSQL_PREFIX.$tableName."` WHERE ".$whereStatement." LIMIT 1", __FILE__, __LINE__); } else { - $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$tableName." LIMIT 1", __FILE__, __LINE__); + $result = SQL_QUERY("SELECT * FROM `"._MYSQL_PREFIX.$tableName."` LIMIT 1", __FILE__, __LINE__); } } // END - if @@ -683,7 +683,11 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con $DATA_UPDATE = implode(", ", $DATA); // Generate SQL string - $SQL = "UPDATE "._MYSQL_PREFIX.$tableName." SET ".$DATA_UPDATE." WHERE ".$whereStatement." LIMIT 1"; + $SQL = sprintf("UPDATE `"._MYSQL_PREFIX."%s` SET %s WHERE %s LIMIT 1", + $tableName, + $DATA_UPDATE, + $whereStatement + ); } else { // Add Line (does only work with auto_increment! $KEYs = array(); $VALUEs = array(); @@ -698,7 +702,11 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con $VALUEs = implode(", ", $VALUEs); // Generate SQL string - $SQL = "INSERT INTO "._MYSQL_PREFIX.$tableName." (".$KEYs.") VALUES (".$VALUEs.")"; + $SQL = sprintf("INSERT INTO "._MYSQL_PREFIX."%s (%s) VALUES (%s)", + $tableName, + $KEYs, + $VALUEs + ); } // Free memory @@ -748,7 +756,7 @@ function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") { return $OUT; } // -function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user") { +function ADMIN_USER_PROFILE_LINK ($uid, $title="", $wht="list_user") { if (($title == "") && ($title != "0")) { // Set userid as title $title = $uid; @@ -913,7 +921,11 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions, $content['sw'] = $SW; // Then list it - $OUT .= LOAD_TEMPLATE("admin_".$listType."_".$table."_row", true, $content); + $OUT .= LOAD_TEMPLATE(sprintf("admin_%s_%s_row", + $listType, + $table + ), true, $content + ); // Switch color $SW = 3 - $SW; @@ -924,7 +936,11 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions, } // END - foreach // Load master template - LOAD_TEMPLATE("admin_".$listType."_".$table."", false, $OUT); + LOAD_TEMPLATE(sprintf("admin_%s_%s", + $listType, + $table + ), false, $OUT + ); } // Change status of "build" list function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray) { @@ -964,14 +980,14 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct } // END - if } elseif (isset($content[$column])) { // Unfinished! - mxchange_die("{--".__FUNCTION__."--}:UNFINISHED: id={$id}/{$column}[".gettype($statusInfo)."] = {$content[$column]}"); + mxchange_die("{--".__FUNCTION__."--}:".__LINE__.":UNFINISHED: id={$id}/{$column}[".gettype($statusInfo)."] = {$content[$column]}"); } } // END - foreach // Add other columns as well foreach ($_POST as $key => $entries) { - // Skip id, raw userid and 'do_lock' - if (!in_array($key, array($idColumn, 'uid_raw', 'do_lock'))) { + // Skip id, raw userid and 'do_$mode' + if (!in_array($key, array($idColumn, 'uid_raw', ('do_'.$mode)))) { // Are there brackets () at the end? if (substr($entries[$id], -2, 2) == "()") { // Direct SQL command found @@ -979,12 +995,20 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct } else { // Add regular entry $SQL .= sprintf(" %s='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); + + // Add entry + $content[$key] = $entries[$id]; } } // END - if - } // END - if + } // END - foreach // Finish SQL statement - $SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".bigintval($id)." AND ".$statusColumn."='".$oldStatus."' LIMIT 1"; + $SQL = substr($SQL, 0, -1) . sprintf(" WHERE %s=%s AND %s='%s' LIMIT 1", + $idColumn, + bigintval($id), + $statusColumn, + $oldStatus + ); // Run the SQL SQL_QUERY($SQL, __FILE__, __LINE__); @@ -1143,7 +1167,7 @@ function ADMIN_LOCK_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc // Shall we un-/lock here or list for locking? if ($lockNow) { // Un-/lock entries - ADMIN_BUILD_STATUS_HANDLER("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + ADMIN_BUILD_STATUS_HANDLER("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing ADMIN_BUILD_LIST("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);