Skip to content

Commit

Permalink
Changed $$fieldname to $_POST['$fieldname'] for insert and update sur…
Browse files Browse the repository at this point in the history 
…vey data

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/trunk/unstable@145 b72ed6b6-b9f8-46b5-92b4-906544132732
  • Loading branch information
@jcleeland
jcleeland committed Mar 25, 2003
1 parent 15328cb commit 887237c
Showing 1 changed file with 35 additions and 34 deletions.
69 changes: 35 additions & 34 deletions admin/dataentry.php
View file
Expand Up @@ -33,10 +33,10 @@
# Suite 330, Boston, MA 02111-1307, USA. #
#############################################################
*/
$action = $_GET['action'];
$sid = $_GET['sid'];
$id = $_GET['id'];
$surveytable = $_GET['surveytable'];
$action = $_GET['action']; if (!$action) {$action = $_POST['action'];}
$sid = $_GET['sid']; if (!$sid) {$sid = $_POST['sid'];}
$id = $_GET['id']; if (!$id) {$id = $_POST['id'];}
$surveytable = $_GET['surveytable']; if (!$surveytable) {$surveytable = $_POST['surveytable'];}

include("config.php");

Expand Down Expand Up @@ -76,16 +76,16 @@
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}";
$col_name .= "$fieldname, \n";
if (get_magic_quotes_gpc())
{$insertqr .= "'" . $$fieldname . "', \n";}
{$insertqr .= "'" . $_POST[$fieldname] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$insertqr .= "'" . mysql_real_escape_string($$fieldname) . "', \n";
$insertqr .= "'" . mysql_real_escape_string($_POST[$fieldname]) . "', \n";
}
else
{
$insertqr .= "'" . mysql_escape_string($$fieldname) . "', \n";
$insertqr .= "'" . mysql_escape_string($_POST[$fieldname]) . "', \n";
}
}
}
Expand All @@ -95,16 +95,16 @@
$fieldname2 = $fieldname . "comment";
$col_name .= "$fieldname, \n$fieldname2, \n";
if (get_magic_quotes_gpc())
{$insertqr .= "'" . $$fieldname . "', \n'" . $$fieldname2 . "', \n";}
{$insertqr .= "'" . $_POST[$fieldname] . "', \n'" . $_POST[$fieldname2] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$insertqr .= "'" . mysql_real_escape_string($$fieldname) . "', \n'" . mysql_real_escape_string($$fieldname2) . "', \n";
$insertqr .= "'" . mysql_real_escape_string($_POST[$fieldname]) . "', \n'" . mysql_real_escape_string($_POST[$fieldname2]) . "', \n";
}
else
{
$insertqr .= "'" . mysql_escape_string($$fieldname) . "', \n'" . mysql_escape_string($$fieldname2) . "', \n";
$insertqr .= "'" . mysql_escape_string($_POST[$fieldname]) . "', \n'" . mysql_escape_string($_POST[$fieldname2]) . "', \n";
}
}
}
Expand All @@ -118,16 +118,16 @@
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}{$i2row['code']}";
$col_name .= "$fieldname, \n";
if (get_magic_quotes_gpc())
{$insertqr .= "'" . $$fieldname . "', \n";}
{$insertqr .= "'" . $_POST[$fieldname] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$insertqr .= "'" . mysql_real_escape_string($$fieldname) . "', \n";
$insertqr .= "'" . mysql_real_escape_string($_POST[$fieldname]) . "', \n";
}
else
{
$insertqr .= "'" . mysql_escape_string($$fieldname) . "', \n";
$insertqr .= "'" . mysql_escape_string($_POST[$fieldname]) . "', \n";
}
}
$otherexists = "";
Expand All @@ -137,16 +137,16 @@
$fieldname2 = $fieldname."comment";
$col_name .= "$fieldname2, \n";
if (get_magic_quotes_gpc())
{$insertqr .= "'" . $$fieldname2 . "', \n";}
{$insertqr .= "'" . $_POST[$fieldname2] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$insertqr .= "'" . mysql_real_escape_string($$fieldname2) . "', \n";
$insertqr .= "'" . mysql_real_escape_string($_POST[$fieldname2]) . "', \n";
}
else
{
$insertqr .= "'" . mysql_escape_string($$fieldname2) . "', \n";
$insertqr .= "'" . mysql_escape_string($_POST[$fieldname2]) . "', \n";
}
}
}
Expand All @@ -156,16 +156,16 @@
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}other";
$col_name .= "$fieldname, \n";
if (get_magic_quotes_gpc())
{$insertqr .= "'" . $$fieldname . "', \n";}
{$insertqr .= "'" . $_POST[$fieldname] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$insertqr .= "'" . mysql_real_escape_string($$fieldname) . "', \n";
$insertqr .= "'" . mysql_real_escape_string($_POST[$fieldname]) . "', \n";
}
else
{
$insertqr .= "'" . mysql_escape_string($$fieldname) . "', \n";
$insertqr .= "'" . mysql_escape_string($_POST[$fieldname]) . "', \n";
}
}
}
Expand Down Expand Up @@ -551,35 +551,36 @@
{
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}";
if (get_magic_quotes_gpc())
{$updateqr .= "$fieldname = '" . $$fieldname . "', \n";}
//{$updateqr .= "$fieldname = '" . $_POST[$fieldname] . "', \n";}
{$updateqr .= "$fieldname = '" . $_POST[$fieldname] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$updateqr .= "$fieldname = '" . mysql_real_escape_string($$fieldname) . "', \n";
$updateqr .= "$fieldname = '" . mysql_real_escape_string($_POST[$fieldname]) . "', \n";
}
else
{
$updateqr .= "$fieldname = '" . mysql_escape_string($$fieldname) . "', \n";
$updateqr .= "$fieldname = '" . mysql_escape_string($_POST[$fieldname]) . "', \n";
}
}
}
elseif ($irow['type'] == "O")
{
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}";
$updateqr .= "$fieldname = '" . $$fieldname . "', \n";
$updateqr .= "$fieldname = '" . $_POST[$fieldname] . "', \n";
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}comment";
if (get_magic_quotes_gpc())
{$updateqr .= "$fieldname = '" . $$fieldname . "', \n";}
{$updateqr .= "$fieldname = '" . $_POST[$fieldname] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$updateqr .= "$fieldname = '" . mysql_real_escape_string($$fieldname) . "', \n";
$updateqr .= "$fieldname = '" . mysql_real_escape_string($_POST[$fieldname]) . "', \n";
}
else
{
$updateqr .= "$fieldname = '" . mysql_escape_string($$fieldname) . "', \n";
$updateqr .= "$fieldname = '" . mysql_escape_string($_POST[$fieldname]) . "', \n";
}
}
}
Expand All @@ -592,22 +593,22 @@
while ($i2row = mysql_fetch_array($i2result))
{
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}{$i2row['code']}";
$updateqr .= "$fieldname = '" . $$fieldname . "', \n";
$updateqr .= "$fieldname = '" . $_POST[$fieldname] . "', \n";
if ($i2row['other'] == "Y") {$otherexists = "Y";}
if ($irow['type'] == "P")
{
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}{$i2row['code']}comment";
if (get_magic_quotes_gpc())
{$updateqr .= "$fieldname = '" . $$fieldname . "', \n";}
{$updateqr .= "$fieldname = '" . $_POST[$fieldname] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$updateqr .= "$fieldname = '" . mysql_real_escape_string($$fieldname) . "', \n";
$updateqr .= "$fieldname = '" . mysql_real_escape_string($_POST[$fieldname]) . "', \n";
}
else
{
$updateqr .= "$fieldname = '" . mysql_escape_string($$fieldname) . "', \n";
$updateqr .= "$fieldname = '" . mysql_escape_string($_POST[$fieldname]) . "', \n";
}
}
}
Expand All @@ -616,16 +617,16 @@
{
$fieldname = "{$irow['sid']}X{$irow['gid']}X{$irow['qid']}other";
if (get_magic_quotes_gpc())
{$updateqr .= "$fieldname = '" . $$fieldname . "', \n";}
{$updateqr .= "$fieldname = '" . $_POST[$fieldname] . "', \n";}
else
{
if (phpversion() >= "4.3.0")
{
$updateqr .= "$fieldname = '" . mysql_real_escape_string($$fieldname) . "', \n";
$updateqr .= "$fieldname = '" . mysql_real_escape_string($_POST[$fieldname]) . "', \n";
}
else
{
$updateqr .= "$fieldname = '" . mysql_escape_string($$fieldname) . "', \n";
$updateqr .= "$fieldname = '" . mysql_escape_string($_POST[$fieldname]) . "', \n";
}
}
}
Expand All @@ -637,7 +638,7 @@
echo "<br />\n<b>Record has been updated.</b><br /><br />\n";
echo "<a href='browse.php?sid=$sid&action=id&id=$id'>View record again</a>\n<br />\n";
echo "<a href='browse.php?sid=$sid&action=all'>Browse all records</a>\n";
//echo "<pre style='text-align: left'>$updateqr</pre>"; //Debugging info
echo "<pre style='text-align: left'>$updateqr</pre>"; //Debugging info
echo "</body>\n</html>\n";
}

Expand Down

0 comments on commit 887237c

Please sign in to comment.