101 lines
3.6 KiB
PHP
101 lines
3.6 KiB
PHP
<?PHP
|
|
|
|
// do I need to do additional security checks to make sure the script is being called appropriately?
|
|
|
|
/*
|
|
|
|
FIELD NAMES:
|
|
fitter_id
|
|
fitter_name
|
|
fitter_name_tag
|
|
fitter_address
|
|
fitter_address_two
|
|
fitter_city
|
|
fitter_state
|
|
fitter_state_tag
|
|
fitter_zip
|
|
fitter_phone
|
|
fitter_fax
|
|
fitter_email
|
|
fitter_website
|
|
fitter_certifications
|
|
fitter_fitbikes
|
|
fitter_motioncapture
|
|
fitter_cost
|
|
fitter_info
|
|
fitter_directions
|
|
fitter_submitted_by
|
|
fitter_valid
|
|
fitter_user_tags
|
|
|
|
*/
|
|
|
|
|
|
include("config.php");
|
|
|
|
if (!$_POST){ header('Location: '.$site_url.'/'); }
|
|
|
|
// error checking
|
|
if(!isset($_POST)) exit();
|
|
|
|
if (isset($_POST[delete])) {
|
|
// convert the array to a SQL friendly format
|
|
$deleteList = "(".implode(",", $_POST[delete]).")";
|
|
|
|
// build the SQL query to delete the edits that are bad
|
|
$sql = "DELETE FROM ".$prefix."FittersEdits WHERE edit_id IN $deleteList";
|
|
|
|
mysql_query($sql) or die(mysql_error());
|
|
}
|
|
|
|
if (isset($_POST[validate])) {
|
|
// convert the array to a SQL friendly format
|
|
$validateList = "(".implode(",", $_POST[validate]).")";
|
|
|
|
$sql = "SELECT * FROM ".$prefix."FittersEdits WHERE edit_id IN $validateList";
|
|
|
|
$results = mysql_query($sql) OR die(mysql_error());
|
|
|
|
// Loop through fitters shifting edits over
|
|
while($row = mysql_fetch_array($results)) {
|
|
$sql = "UPDATE ".$prefix."Fitters
|
|
SET fitter_name = '".mysql_escape_string($row[fitter_name])."',
|
|
fitter_name_tag = '".mysql_escape_string($row[fitter_name_tag])."',
|
|
fitter_address = '".mysql_escape_string($row[fitter_address])."',
|
|
fitter_address_two = '".mysql_escape_string($row[fitter_address_two])."',
|
|
fitter_city = '".mysql_escape_string($row[fitter_city])."',
|
|
fitter_state = '".mysql_escape_string($row[fitter_state])."',
|
|
fitter_state_tag = '".mysql_escape_string($row[fitter_state_tag])."',
|
|
fitter_phone = '".mysql_escape_string($row[fitter_phone])."',
|
|
fitter_fax = '".mysql_escape_string($row[fitter_fax])."',
|
|
fitter_zip = '".mysql_escape_string($row[fitter_zip])."',
|
|
fitter_lat = '".mysql_escape_string($row[fitter_lat])."',
|
|
fitter_lng = '".mysql_escape_string($row[fitter_lng])."',
|
|
fitter_email = '".mysql_escape_string($row[fitter_email])."',
|
|
fitter_website = '".mysql_escape_string($row[fitter_website])."',
|
|
fitter_method = '".mysql_escape_string($row[fitter_method])."',
|
|
fitter_certifications = '".mysql_escape_string($row[fitter_certifications])."',
|
|
fitter_fitbikes = '".mysql_escape_string($row[fitter_fitbikes])."',
|
|
fitter_motioncapture = '".mysql_escape_string($row[fitter_motioncapture])."',
|
|
fitter_cost = '".mysql_escape_string($row[fitter_cost])."',
|
|
fitter_info = '" . mysql_escape_string($row[fitter_info]) . "',
|
|
fitter_directions = '" . mysql_escape_string($row[fitter_directions]) . "',
|
|
fitter_portfolio = '".mysql_escape_string($row[fitter_portfolio])."'
|
|
WHERE fitter_id = '$row[fitter_id_fk]'";
|
|
//echo $sql;
|
|
//exit();
|
|
mysql_query($sql) OR die(mysql_error());
|
|
|
|
$sql = "INSERT INTO ".$prefix."FittersEditors (fitter_id_fk, user_id_fk, edit_timestamp) VALUES ('$row[fitter_id_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
|
|
mysql_query($sql) OR die(mysql_error());
|
|
|
|
$sql = "DELETE FROM ".$prefix."FittersEdits WHERE edit_id = $row[edit_id]";
|
|
mysql_query($sql) OR die(mysql_error());
|
|
}
|
|
|
|
}
|
|
|
|
header('Location: '.$site_url.'/wiki_validate.php');
|
|
|
|
?>
|