97 lines
3.0 KiB
PHP
97 lines
3.0 KiB
PHP
<?PHP
|
|
|
|
// do I need to do additional security checks to make sure the script is being called appropriately?
|
|
|
|
/*
|
|
|
|
FIELD NAMES:
|
|
coach_id
|
|
coach_name
|
|
coach_name_tag
|
|
coach_address
|
|
coach_address_two
|
|
coach_city
|
|
coach_state
|
|
coach_state_tag
|
|
coach_zip
|
|
coach_phone
|
|
coach_fax
|
|
coach_email
|
|
coach_website
|
|
coach_certifications
|
|
coach_services
|
|
coach_degrees
|
|
coach_cost
|
|
coach_info
|
|
coach_camps
|
|
coach_submitted_by
|
|
coach_valid
|
|
coach_user_tags
|
|
|
|
*/
|
|
|
|
include("config.php");
|
|
|
|
if (!$_POST){ header('Location: '.$site_url.'/'); }
|
|
|
|
// error checking
|
|
if(!isset($_POST)) exit();
|
|
|
|
if (isset($_POST[delete])) {
|
|
// convert the array to a SQL friendly format
|
|
$deleteList = "(".implode(",", $_POST[delete]).")";
|
|
|
|
// build the SQL query to delete the edits that are bad
|
|
$sql = "DELETE FROM ".$prefix."CoachesEdits WHERE edit_id IN $deleteList";
|
|
|
|
mysql_query($sql) or die(mysql_error());
|
|
}
|
|
|
|
if (isset($_POST[validate])) {
|
|
// convert the array to a SQL friendly format
|
|
$validateList = "(".implode(",", $_POST[validate]).")";
|
|
|
|
$sql = "SELECT * FROM ".$prefix."CoachesEdits WHERE edit_id IN $validateList";
|
|
|
|
$results = mysql_query($sql) OR die(mysql_error());
|
|
|
|
// Loop through coaches shifting edits over
|
|
while($row = mysql_fetch_array($results)) {
|
|
$sql = "UPDATE ".$prefix."Coaches
|
|
SET coach_name = '".mysql_escape_string($row[coach_name])."',
|
|
coach_name_tag = '".mysql_escape_string($row[coach_name_tag])."',
|
|
coach_address = '".mysql_escape_string($row[coach_address])."',
|
|
coach_address_two = '".mysql_escape_string($row[coach_address_two])."',
|
|
coach_city = '".mysql_escape_string($row[coach_city])."',
|
|
coach_state = '".mysql_escape_string($row[coach_state])."',
|
|
coach_state_tag = '".mysql_escape_string($row[coach_state_tag])."',
|
|
coach_phone = '".mysql_escape_string($row[coach_phone])."',
|
|
coach_fax = '".mysql_escape_string($row[coach_fax])."',
|
|
coach_zip = '".mysql_escape_string($row[coach_zip])."',
|
|
coach_email = '".mysql_escape_string($row[coach_email])."',
|
|
coach_website = '".mysql_escape_string($row[coach_website])."',
|
|
coach_certifications = '".mysql_escape_string($row[coach_certifications])."',
|
|
coach_services = '".mysql_escape_string($row[coach_services])."',
|
|
coach_degrees = '".mysql_escape_string($row[coach_degrees])."',
|
|
coach_cost = '".mysql_escape_string($row[coach_cost])."',
|
|
coach_info = '".mysql_escape_string($row[coach_info])."',
|
|
coach_camps = '".mysql_escape_string($row[coach_camps])."'
|
|
WHERE coach_id = '".mysql_escape_string($row[coach_id_fk])."'";
|
|
//echo $sql;
|
|
//exit();
|
|
mysql_query($sql) OR die(mysql_error());
|
|
|
|
$sql = "INSERT INTO ".$prefix."CoachesEditors (coach_id_fk, user_id_fk, edit_timestamp) VALUES ('$row[coach_id_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
|
|
mysql_query($sql) OR die(mysql_error());
|
|
|
|
$sql = "DELETE FROM ".$prefix."CoachesEdits WHERE edit_id = $row[edit_id]";
|
|
mysql_query($sql) OR die(mysql_error());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
header('Location: '.$site_url.'/wiki_validate.php');
|
|
|
|
?>
|