Fifth pass at adding key files
This commit is contained in:
dsainty
99
site/retailers/wiki_validate_X.php
Normal file
99
site/retailers/wiki_validate_X.php
Normal file
@@ -0,0 +1,99 @@
|
||||
<?PHP
|
||||
|
||||
// do I need to do additional security checks to make sure the script is being called appropriately?
|
||||
|
||||
include("config.php");
|
||||
|
||||
if (!$_POST){ header('Location: '.$site_url.'/'); }
|
||||
|
||||
// error checking
|
||||
if(!isset($_POST)) exit();
|
||||
|
||||
if (isset($_POST[delete])) {
|
||||
// convert the array to a SQL friendly format
|
||||
$deleteList = mysql_real_escape_string("(".implode(",", $_POST[delete]).")");
|
||||
|
||||
// build the SQL query to delete the edits that are bad
|
||||
$sql = "DELETE FROM gforum_RetailersEdits WHERE edit_id IN $deleteList";
|
||||
|
||||
mysql_query($sql) or die(mysql_error());
|
||||
}
|
||||
|
||||
if (isset($_POST[validate])) {
|
||||
// convert the array to a SQL friendly format
|
||||
$validateList = mysql_real_escape_string("(".implode(",", $_POST[validate]).")");
|
||||
|
||||
$sql = "SELECT * FROM gforum_RetailersEdits WHERE edit_id IN $validateList";
|
||||
|
||||
$results = mysql_query($sql) OR die(mysql_error());
|
||||
|
||||
// Loop through retailers shifting edits over
|
||||
while($row = mysql_fetch_array($results)) {
|
||||
$sql = "UPDATE gforum_Retailers
|
||||
SET retailer_name = '".mysql_escape_string($row[retailer_name])."',
|
||||
retailer_name_tag = '".mysql_escape_string($row[retailer_name_tag])."',
|
||||
retailer_address = '".mysql_escape_string($row[retailer_address])."',
|
||||
retailer_address_two = '".mysql_escape_string($row[retailer_address_two])."',
|
||||
retailer_city = '".mysql_escape_string($row[retailer_city])."',
|
||||
retailer_state = '".mysql_escape_string($row[retailer_state])."',
|
||||
retailer_state_tag = '".mysql_escape_string($row[retailer_state_tag])."',
|
||||
retailer_zip = '".mysql_escape_string($row[retailer_zip])."',
|
||||
retailer_phone = '".mysql_escape_string($row[retailer_phone])."',
|
||||
retailer_fax = '".mysql_escape_string($row[retailer_fax])."',
|
||||
retailer_email = '".mysql_escape_string($row[retailer_email])."',
|
||||
retailer_website = '".mysql_escape_string($row[retailer_website])."',
|
||||
retailer_cart = '".mysql_escape_string($row[retailer_cart])."',
|
||||
retailer_spoke = '".mysql_escape_string($row[retailer_spoke])."',
|
||||
|
||||
retailer_mailorder_ecommerce = '".mysql_escape_string($row[retailer_mailorder_ecommerce])."',
|
||||
retailer_mailorder_phone = '".mysql_escape_string($row[retailer_mailorder_phone])."',
|
||||
retailer_local_ecommerce = '".mysql_escape_string($row[retailer_local_ecommerce])."',
|
||||
retailer_local_phone = '".mysql_escape_string($row[retailer_local_phone])."',
|
||||
retailer_pickup_ecommerce = '".mysql_escape_string($row[retailer_pickup_ecommerce])."',
|
||||
retailer_pickup_phone = '".mysql_escape_string($row[retailer_pickup_phone])."',
|
||||
|
||||
retailer_contact = '".mysql_escape_string($row[retailer_contact])."',
|
||||
retailer_contact_names = '".mysql_escape_string($row[retailer_contact_names])."',
|
||||
retailer_fist = '".mysql_escape_string($row[retailer_fist])."',
|
||||
retailer_fist_names = '".mysql_escape_string($row[retailer_fist_names])."',
|
||||
|
||||
retailer_fist_road = '".mysql_escape_string($row[retailer_fist_road])."',
|
||||
retailer_fist_road_names= '".mysql_escape_string($row[retailer_fist_road_names])."',
|
||||
retailer_fist_advanced = '".mysql_escape_string($row[retailer_fist_advanced])."',
|
||||
retailer_fist_advanced_names= '".mysql_escape_string($row[retailer_fist_advanced_names])."',
|
||||
retailer_bfact = '".mysql_escape_string($row[retailer_bfact])."',
|
||||
|
||||
retailer_serotta = '".mysql_escape_string($row[retailer_serotta])."',
|
||||
retailer_serotta_names = '".mysql_escape_string($row[retailer_serotta_names])."',
|
||||
retailer_method = '".mysql_escape_string($row[retailer_method])."',
|
||||
retailer_fitbikes = ',".mysql_escape_string($row[retailer_fitbikes])."',
|
||||
retailer_motioncapture = ',".mysql_escape_string($row[retailer_motioncapture])."',
|
||||
retailer_wetsuits = ',".mysql_escape_string($row[retailer_wetsuits])."',
|
||||
retailer_bikes = ',".mysql_escape_string($row[retailer_bikes])."',
|
||||
retailer_customs = ',".mysql_escape_string($row[retailer_customs])."',
|
||||
retailer_hours = '".mysql_escape_string($row[retailer_hours])."',
|
||||
retailer_barnett = '".mysql_escape_string($row[retailer_barnett])."',
|
||||
retailer_barnett_names = '".mysql_escape_string($row[retailer_barnett_names])."',
|
||||
retailer_ubi = '".mysql_escape_string($row[retailer_ubi])."',
|
||||
retailer_ubi_names = '".mysql_escape_string($row[retailer_ubi_names])."',
|
||||
retailer_info = '".mysql_escape_string($row[retailer_info])."',
|
||||
retailer_directions = '".mysql_escape_string($row[retailer_directions])."'
|
||||
WHERE retailer_id = '$row[retailer_id_fk]'";
|
||||
//echo $sql;
|
||||
//exit();
|
||||
mysql_query($sql) OR die(mysql_error());
|
||||
|
||||
$sql = "INSERT INTO gforum_RetailersEditors (retailer_id_fk, user_id_fk, edit_timestamp) VALUES ('$row[retailer_id_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
|
||||
mysql_query($sql) OR die(mysql_error());
|
||||
|
||||
$sql = "DELETE FROM gforum_RetailersEdits WHERE edit_id = $row[edit_id]";
|
||||
mysql_query($sql) OR die(mysql_error());
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
header('Location: '.$site_url.'/wiki_validate.php');
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user