Mercurial > hg > extraction-interface
diff interface/save_tag_element.php @ 0:b12c99b7c3f0
commit for previous development
| author | Zoe Hong <zhong@mpiwg-berlin.mpg.de> |
|---|---|
| date | Mon, 19 Jan 2015 17:13:49 +0100 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/interface/save_tag_element.php Mon Jan 19 17:13:49 2015 +0100 @@ -0,0 +1,85 @@ +<?php +header("Content-Type: text/html;charset=utf-8"); + +include_once('config.php'); + +$link_mysql = mysql_connect($mysql_server, $mysql_user, $mysql_password); +mysql_query("SET NAMES utf8"); + +if (!$link_mysql) { + die('Could not connect: ' . mysql_error()); +} + +$db_selected = mysql_select_db($mysql_database, $link_mysql); +if (!$db_selected) { + die ('Can\'t use foo : ' . mysql_error()); +} + +if (!function_exists("GetSQLValueString")) { +function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") +{ + $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; + + $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); + + switch ($theType) { + case "text": + $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; + break; + case "long": + case "int": + $theValue = ($theValue != "") ? intval($theValue) : "NULL"; + break; + case "double": + $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; + break; + case "date": + $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; + break; + case "defined": + $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; + break; + } + return $theValue; +} +} + +if ($_POST['id']){ + + if ( stripslashes($_POST['type'])=="delete" ) { + $queryInsert = sprintf("DELETE FROM `taglist` WHERE `id` = %s", stripslashes($_POST['id'])); + $resultInsert = mysql_query($queryInsert); + } + + if (get_magic_quotes_gpc()) { + $id = stripslashes($_POST['id']); + $name = stripslashes($_POST['name']); + $tag = stripslashes($_POST['tag']); + $color = stripslashes($_POST['color']); + $type = stripslashes($_POST['type']); + } else { + $id = $_POST['id']; + $name = $_POST['name']; + $tag = $_POST['tag']; + $color = $_POST['color']; + $type = $_POST['type']; + } + + if ( $type=="insert" ) { + $query1 = sprintf("INSERT INTO `taglist` (`id`, `name`, `tag`, `color`, `systemName`) VALUES (%s, %s, %s, %s, %s)", + GetSQLValueString($id, "int"), + GetSQLValueString($name, "text"), + GetSQLValueString($tag, "text"), + GetSQLValueString($color, "text"), + GetSQLValueString($systemNAME, "text")); + $result1 = mysql_query($query1); + } else { + $queryInsert = sprintf("UPDATE taglist SET `name`=%s, `tag`=%s, `color`=%s WHERE `id`=%s", + GetSQLValueString($name, "text"), + GetSQLValueString($tag, "text"), + GetSQLValueString($color, "text"), + GetSQLValueString($id, "int")); + $resultInsert = mysql_query($queryInsert); + } +} +?>