<?PHP // do I need to do additional security checks to make sure the script is being called appropriately? include("config.php"); if (!$_POST){ header('Location: https://slowtwitch.com/calendar/'); } // error checking if(!isset($_POST)) exit(); if (isset($_POST[delete])) { // convert the array to a SQL friendly format $deleteList = "(".implode(",", $_POST[delete]).")"; // build the SQL query to delete the edits that are bad $sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id IN $deleteList"; mysql_query($sql) or die(mysql_error()); } if (isset($_POST[validate])) { // convert the array to a SQL friendly format $validateList = "(".implode(",", $_POST[validate]).")"; $sql = "SELECT * FROM gforum_TriathlonsEdits WHERE edit_id IN $validateList"; $results = mysql_query($sql) OR die(mysql_error()); // Loop through races shifting edits over while($row = mysql_fetch_array($results)) { $sql = "UPDATE gforum_Triathlons SET onetype = '".mysql_escape_string($row[onetype])."', twotype = '".mysql_escape_string($row[twotype])."', threetype = '".mysql_escape_string($row[threetype])."', oneunit = '".mysql_escape_string($row[oneunit])."', twounit = '".mysql_escape_string($row[twounit])."', threeunit = '".mysql_escape_string($row[threeunit])."', name = '".mysql_real_escape_string($row[name])."', nametag = '".mysql_real_escape_string($row[nametag])."', date = '".mysql_escape_string($row[date])."', type = '".mysql_escape_string($row[type])."', indivfee = '".mysql_real_escape_string($row[indivfee])."', teamfee = '".mysql_real_escape_string($row[teamfee])."', swim = ".mysql_real_escape_string($row[swim]).", bike = ".mysql_real_escape_string($row[bike]).", bike_surface = ".mysql_real_escape_string($row[bike_surface]).", draft_legal = ".mysql_real_escape_string($row[draft_legal]).", kids_race = ".mysql_real_escape_string($row[kids_race]).", registration = ".mysql_real_escape_string($row[registration]).", run = ".mysql_real_escape_string($row[run]).", state= '".mysql_real_escape_string($row[state])."', statetag = '".mysql_real_escape_string($row[statetag])."', city = '".mysql_real_escape_string($row[city])."', address = '".mysql_real_escape_string($row[address])."', phone = '".mysql_real_escape_string($row[phone])."', email = '".mysql_real_escape_string($row[email])."', courseinfo = '".mysql_real_escape_string($row[courseinfo])."', moreinfo = '".mysql_real_escape_string($row[moreinfo])."', directions = '".mysql_real_escape_string($row[directions])."', register = '".mysql_real_escape_string($row[register])."', website = '".mysql_real_escape_string($row[website])."', one_points = ".mysql_real_escape_string($row[one_points]).", two_points = ".mysql_real_escape_string($row[two_points]).", three_points = ".mysql_real_escape_string($row[three_points]).", points = ".mysql_real_escape_string($row[points]).", pointclass = ".mysql_real_escape_string($row[pointclass])." WHERE uid = '".($row[race_uid_fk])."'"; //echo $sql; //exit(); mysql_query($sql) OR die(mysql_error()); $sql = "INSERT INTO gforum_TriathlonsEditors (race_uid_fk, user_id_fk, edit_timestamp) VALUES ('$row[race_uid_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')"; mysql_query($sql) OR die(mysql_error()); $sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id = $row[edit_id]"; mysql_query($sql) OR die(mysql_error()); } } header('Location: https://slowtwitch.com/calendar/wiki_validate.php'); ?>