#include <phptools.inc>
#include "account.inc"
+<future>
<page func=InfoCon title="Kontoführung">
<?
- if ($_POST[formtype] == "admin" || $_POST[formtype] == "newaccount")
+ if ($_POST['formtype'] == "admin" || $_POST['formtype'] == "newaccount")
$ktoname = "Administration";
?>
<form_to_yyyymmdd>
<?
- if ($_POST[formtype] == "admin") {
+ if ($_POST['formtype'] == "admin") {
$query = "SELECT blz_kto,name,display FROM account_names ORDER BY name";
- $sth = pg_exec ($dbh, $query);
-
- for ($nr=0; $nr < pg_NumRows ($sth); $nr++) {
- $row = pg_fetch_array ($sth, $nr);
-
+ foreach ($db->fetchAssocList($query) as $row) {
if ($_POST['name_' . $row['blz_kto']] != $row['name'] ||
($_POST['display_' . $row['blz_kto']] ? 1 : 0) != $row['display']) {
$query = sprintf ("UPDATE account_names SET name='%s',display=%d,sys_user='%s',sys_edit=now() WHERE blz_kto = '%s'",
$_SERVER['REMOTE_USER'],
$row['blz_kto']);
- pg_exec ($dbh, $query);
+ $db->execute($query);
$output = "Kontoinformationen aktualisiert.";
}
}
- } elseif ($_POST[formtype] == "newaccount") {
+ } elseif ($_POST['formtype'] == "newaccount") {
if (isset($_POST['blz']) && isset($_POST['kto']) && isset($_POST['name'])) {
$query = sprintf ("INSERT INTO account_names (blz_kto,name,display,sys_user,sys_edit) ".
"VALUES ('%s:%s','%s',1,'%s',now())",
$_POST['kto'],
$_POST['name'],
$_SERVER['REMOTE_USER']);
- pg_exec ($dbh, $query);
+ $db->execute($query);
$query = sprintf ("INSERT INTO account (blz_kto,statement,datum,from_to,descr,category,value_eur,sys_user,sys_edit) ".
"VALUES ('%s:%s','%s','%s','Account Administration','Initial Zero Statement','Miscellaneous',0.0,'%s',now())",
date("Y") . "/00",
date("Y-m-j"),
$_SERVER['REMOTE_USER']);
- pg_exec ($dbh, $query);
+ $db->execute($query);
$output = "Neues Konto erstellt.";
} else {
} else {
$table = "account";
$field = "value_eur";
- if ((strlen ($_POST[currency]) > 0) && ($_POST[currency] == "dm")) {
+ if ((strlen ($_POST['currency']) > 0) && ($_POST['currency'] == "dm")) {
$table = "account_dm";
$field = "value_dm";
}
- if (strlen ($_POST[category]) == 0 && strlen ($_POST[newcategory]) > 0) {
- $category = $_POST[newcategory];
+ if (strlen ($_POST['category']) == 0 && strlen ($_POST['newcategory']) > 0) {
+ $category = $_POST['newcategory'];
} else {
- $category = $_POST[category];
+ $category = $_POST['category'];
}
- if (strlen ($_POST[from_to]) == 0 && strlen ($_POST[newfrom_to]) > 0) {
- $from_to = $_POST[newfrom_to];
+ if (strlen ($_POST['from_to']) == 0 && strlen ($_POST['newfrom_to']) > 0) {
+ $from_to = $_POST['newfrom_to'];
} else {
- $from_to = $_POST[from_to];
+ $from_to = $_POST['from_to'];
}
- $statement = sql_prepare ($_POST[statement]);
- $category = sql_prepare ($category);
- $descr = sql_prepare (trim($_POST[descr]));
- $from_to = sql_prepare ($from_to);
+ $statement = $db->quote($_POST['statement']);
+ $category = $db->quote($category);
+ $descr = $db->quote(trim($_POST['descr']));
+ $from_to = $db->quote($from_to);
- $date = form_to_yyyymmdd ($_POST[datum]);
+ $date = form_to_yyyymmdd ($_POST['datum']);
- $value = ereg_replace (",",".", $_POST[value]);
+ $value = str_replace (",",".", $_POST['value']);
- if (isset($_POST[id]) && $_POST[id] > 0 && strlen ($_POST[delete])) {
- $query = sprintf("DELETE FROM %s WHERE id = %d", $table, $_POST[id]);
+ if (isset($_POST['id']) && $_POST['id'] > 0 && strlen ($_POST['delete'])) {
+ $query = sprintf("DELETE FROM %s WHERE id = %d", $table, $_POST['id']);
$output = "Posten gelöscht.";
- } elseif (isset($_POST[id]) && $_POST[id] > 0) {
- $query = sprintf("UPDATE %s SET datum='%s',statement='%s',from_to='%s',descr='%s',category='%s',%s=%s,sys_user='%s',sys_edit=now() " .
+ } elseif (isset($_POST['id']) && $_POST['id'] > 0) {
+ $query = sprintf("UPDATE %s SET datum='%s',statement=%s,from_to=%s,descr=%s,category=%s,%s=%s,sys_user='%s',sys_edit=now() " .
"WHERE id = %d",
$table,
$date,
$output = "Posten aktualisiert.";
} else {
$query = sprintf("INSERT INTO %s (blz_kto,datum,statement,from_to,descr,category,%s,sys_user,sys_edit) ".
- "VALUES ('%s','%s','%s','%s','%s','%s',%s,'%s',now())",
+ "VALUES ('%s','%s',%s,%s,%s,%s,%s,'%s',now())",
$table, $field,
$_POST['blzkto'],
$date,
$output = "Neuen Posten aufgenommen.";
$output .= sprintf('</p><p><a href="edit.php?blzkto=%s">Weiteren Posten aufnehmen</a>', $_POST['blzkto']);
}
- $sth = pg_exec ($dbh, $query) or die("Datenbank-Abfrage!");
+ $db->execute($query) or die("Datenbank-Abfrage!");
}
echo ("<p>".$output."</p>");
projects / infodrom.org / service.infodrom.org / blobdiff