Several updates, logical and for register globals = off

diff --git a/src/InfoCon/hwdb/update.wml b/src/InfoCon/hwdb/update.wml
index 0472adf..281267c 100644 (file)
--- a/src/InfoCon/hwdb/update.wml
+++ b/src/InfoCon/hwdb/update.wml
@@ -53,8 +53,10 @@
       $sth = pg_exec ($dbh, $query) or die_query("Cannot update the database!", $query);
   } elseif ($_POST[formtype] == "component") {
       pg_exec($dbh, "BEGIN TRANSACTION") or die ("Could not start transaction.");
-      if ($_POST[endtime] == '') {
+      if ($_POST['status'] != 'defunct') {
          $endtime = 'NULL';
+      } elseif ($_POST[endtime] == '') {
+         $endtime = 'now()';
       } else {
          $endtime = "'".addslashes($_POST[endtime])."'";
       }
@@ -62,6 +64,7 @@
           $_POST[price] = "0.0";
       }
       if ($_POST[id]) {
+        $id = $_POST[id];
        $query = sprintf ("UPDATE component SET name='%s',serno='%s',starttime='%s',endtime=%s,"
                         ."owner=%d,hwtype=%d,price=%s,status='%s',comment='%s' "
                         ."WHERE id = %d",
@@ -74,7 +77,7 @@
                         addslashes ($_POST[price]),
                         addslashes ($_POST[status]),
                         addslashes ($_POST[comment]),
-                        $_POST[id]);
+                        $id);
         $sth = pg_exec ($dbh, $query) or die_query("Cannot update the database!", $query);
       } else {
         if (!isset($_POST[starttime]) || !strlen($_POST[starttime])) {
@@ -116,15 +119,23 @@
        if (pg_NumRows ($sth) > 0) {
          $row = pg_fetch_array ($sth, 0);
          if ($row['compound'] != $_POST[compound]
-           || (strlen ($row['usage']) != 0 && $row['usage'] != $usage)) {
-           $query = sprintf ("UPDATE screw SET endtime = now() WHERE oid = %d", $row['oid']);
+           || (strlen ($row['usage']) != 0 && $row['usage'] != $_POST[usage])) {
+
+           if ($_POST[endtime] == '') {
+               $endtime = 'now()';
+           } else {
+               $endtime = "'".addslashes($_POST[endtime])."'";
+           }
+
+           $query = sprintf ("UPDATE screw SET endtime = %s WHERE oid = %d", $endtime, $row['oid']);
            $sth = pg_exec ($dbh, $query) or die_query("Cannot update component history!", $query);
 
            $query = sprintf ("INSERT INTO screw (component,compound,usage,starttime) "
-                            ."VALUES (%d,%d,'%s',now())",
+                            ."VALUES (%d,%d,'%s',%s)",
                             $id,
                             $_POST[compound],
-                            addslashes ($_POST[usage]));
+                            addslashes ($_POST[usage]),
+                            $endtime);
            $sth = pg_exec ($dbh, $query) or die_query("Cannot update component history!", $query);
          } elseif (strlen ($row['usage']) == 0 && strlen ($_POST[usage]) != 0) {
            $query = sprintf ("UPDATE screw SET usage = '%s' WHERE oid = %d",
@@ -144,8 +155,9 @@
                           addslashes ($_POST[starttime]));
          $sth = pg_exec ($dbh, $query) or die_query("Cannot update component history!", $query);
        }
-      } else {
+      } else {  # if ($_POST[compound] != 0)
        if (pg_NumRows ($sth) > 0) {
+         $row = pg_fetch_array ($sth, 0);
          $query = sprintf ("UPDATE screw SET endtime = now() WHERE oid = %d", $row['oid']);
          $sth = pg_exec ($dbh, $query) or die_query("Cannot update component history!", $query);
        }