[Planeshift-cvs] CVS: SC database.php,1.43,1.44 form.php,1.22,1.23

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/planeshift/SC
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21227

Modified Files:
	database.php form.php 
Log Message:
Add NPC synonym editing.  CSS fixes. More removal of duplicate code.  More fixing of database, html and url escaping.

Index: database.php
===================================================================
RCS file: /cvsroot/planeshift/SC/database.php,v
retrieving revision 1.43
retrieving revision 1.44
diff -C2 -d -r1.43 -r1.44
*** database.php	15 Jun 2005 02:59:41 -0000	1.43
--- database.php	15 Jun 2005 05:01:48 -0000	1.44
***************
*** 111,114 ****
--- 111,121 ----
   	
   	/**
+  	 * Escapes SQL strings
+  	 */
+  	function escapeSQL($string) {
+  		return mysql_escape_string($string);
+  	}
+  	
+  	/**
   	 * Generates a SQL statement to get all rows from a table
   	 * by a field or set of fields
***************
*** 402,406 ****
   		$sql = "delete from $table where";
   		for ($iterator=0;$iterator<count($sqlWhere['fields']);$iterator++) {
!  			$sql .= " " . $sqlWhere['fields'][$iterator] . " = " . $sqlWhere['values'][$iterator] . " and ";
   		}
   		$sql = substr($sql, 0, -5);
--- 409,413 ----
   		$sql = "delete from $table where";
   		for ($iterator=0;$iterator<count($sqlWhere['fields']);$iterator++) {
!  			$sql .= " " . $sqlWhere['fields'][$iterator] . " = '" . $this->escapeSQL($sqlWhere['values'][$iterator]) . "' and ";
   		}
   		$sql = substr($sql, 0, -5);
***************
*** 597,603 ****
          $this->getFieldsByXML($table);
          $sqlFields = $this->getXMLListFields();
!         if($order_by==null) {
              $order_by[0] = "name";
          }
          return $this->getAllByIDLike($sqlFields, $sqlWhere, $table, $order_by);
      }
--- 604,613 ----
          $this->getFieldsByXML($table);
          $sqlFields = $this->getXMLListFields();
!         if($order_by === null && in_array('name', $sqlFields)) {
              $order_by[0] = "name";
          }
+         elseif($order_by === null && in_array('id', $sqlFields)) {
+             $order_by[0] = "id";
+         }
          return $this->getAllByIDLike($sqlFields, $sqlWhere, $table, $order_by);
      }

Index: form.php
===================================================================
RCS file: /cvsroot/planeshift/SC/form.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -C2 -d -r1.22 -r1.23
*** form.php	15 Jun 2005 02:59:41 -0000	1.22
--- form.php	15 Jun 2005 05:01:48 -0000	1.23
***************
*** 160,164 ****
   				$content .= "<td nowrap class='$class'><a href='" . BASE_URL . $this->_ourPage . "/index-" . $this->_ourPage . ".php?action=" . $editAction;
   				foreach ($keys as $k => $v) {
!  					$content .= "&{$k}=" . $rs->fields[$v];
   				}
   				$content .= "'><img src='" . BASE_URL . "images/pencil.gif' border=0></a> &nbsp;&nbsp;</td>";
--- 160,164 ----
   				$content .= "<td nowrap class='$class'><a href='" . BASE_URL . $this->_ourPage . "/index-" . $this->_ourPage . ".php?action=" . $editAction;
   				foreach ($keys as $k => $v) {
!  					$content .= "&amp;" . urlencode($k) . "=" . urlencode($rs->fields[$v]);
   				}
   				$content .= "'><img src='" . BASE_URL . "images/pencil.gif' border=0></a> &nbsp;&nbsp;</td>";