Hi there,
I run into major trouble with your editdb function from
Edit.php, and decided to rewrite it. Here is the result:
//NAME: editdb
//PURPOSE: Edits a record to the database. $arrfield
corresponds to the array of $dbfieldname
// This function was copletely rewritten by Denis Havlik
denis AT havlik DOT org on 11 OCT 2004!!!
function editdb($arrfield, $phpfriendlyurl,
$currenttable) {
$myid=phpFriendlyAdmin::validateurlvars($_GET
['editid']);
$db = $this->currenttable->database->constring();
// Make sure the user is ALLOWED to change this
first!!!
if ($this->currenttable->goodwhereperm($myid) ==
false) {
//Assumes page calling this function is buffered
header("Location: " .
$phpfriendlyurl . "/tables/index.php?currenttable=" .
$currenttable . "¤tr=" . $this->currenttable-
>currentr . "&editwherefailed=yes&" . SID);
exit;
}
$sql = 'UPDATE ' . $this->currenttable-
>dbtablename . ' SET ';
//Build the update statement
$numfields = count($this->currenttable->fields);
$set_ar = array();
for ($count = 0; $count < $numfields; $count++) {
if ((!$this->currenttable->fields[$count]->readonly)
&
($this->currenttable->fields[$count]->type !
= "id")) {
$set_ar[]= $this->currenttable->fields[$count]-
>dbfieldname ."='". $arrfield[$count] ."'";
}
}
$sql .= join (', ', $set_ar);
$sql .= ' WHERE ' . $this->currenttable->findid() . '='.
$myid;
$result = $db->query($sql);
if ($result == true)
return true;
else
return false;
}
Hope this is still readeable, if not I can send you a
patch or so...
Logged In: NO
In case you wonder why... The original function is awkard in
several ways, including:
- attempts to insert a temporary entry to the DB, instead of
updating the existing one
- forgets that all "NOT NULL" fields have to be provided on
insert!
- Checks the rights after inserting the temporary entry,
instead of doing it right away (Please note that I didn't check
the "goodwhereperm" function, hope it does the right thing!)
- messes with "autoincrement"