#include <infodrom.style>
#include <phptools.inc>
+<future>
<page func="Infodrom Oldenburg" title="Patches">
<?
- $dbh = pg_pconnect ("<dbhost>", "<dbport>", "<dbname>")
- or die("Unable to connect to SQL server");
-
- if ($_POST[id] > 0) {
- if ($_POST[delete] > 0) {
- $query = "DELETE FROM patches WHERE oid = $_POST[id]";
+ if ($_POST['id'] > 0) {
+ if ($_POST['delete'] > 0) {
+ $sql = sprintf("DELETE FROM patches WHERE oid = %d", $_POST['id']);
} else {
- $query = "UPDATE patches SET "
- . sprintf ("subject='%s',package='%s',version='%s',description='%s',download='%s'",
- addslashes ($_POST[subject]),
- addslashes ($_POST[package]),
- addslashes ($_POST[version]),
- addslashes ($_POST[description]),
- addslashes ($_POST[download]))
- . " WHERE oid = $_POST[id]";
+ $sql = sprintf("UPDATE patches SET subject=%s, package=%s, version=%s, description=%s, download=%s WHERE oid = %d",
+ $db->quote($_POST['subject']),
+ $db->quote($_POST['package']),
+ $db->quote($_POST['version']),
+ $db->quote($_POST['description']),
+ $db->quote($_POST['download']),
+ $_POST['id']);
}
} else {
$date = date ("Y-m-j H:i");
- $query = "INSERT INTO patches "
- . "(subject,package,version,description,download,submitted) VALUES ("
- . sprintf ("'%s','%s','%s','%s','%s','%s'",
- addslashes ($_POST[subject]),
- addslashes ($_POST[package]),
- addslashes ($_POST[version]),
- addslashes ($_POST[description]),
- addslashes ($_POST[download]),
- addslashes ($date))
- . ")";
-
+ $sql = sprintf("INSERT INTO patches (subject,package,version,description,download,submitted) VALUES (%s,%s,%s,%s,%s,%s)",
+ $db->quote($_POST['subject']),
+ $db->quote($_POST['package']),
+ $db->quote($_POST['version']),
+ $db->quote($_POST['description']),
+ $db->quote($_POST['download']),
+ $db->quote($date));
}
- //printf ("<pre>\n%s\n</pre>\n", $query);
- $sth = pg_exec ($dbh, $query) or die("Datenbank-Abfrage!");
-
+ //printf ("<pre>\n%s\n</pre>\n", $sql);
+ $db->execute($sql);
?>
-<h3><? echo $_POST[subject]; ?></h3>
+<h3><? echo $_POST['subject']; ?></h3>
-<h5><? echo $_POST[package] . " " . $_POST[version]; ?></h5>
+<h5><? echo $_POST['package'] . " " . $_POST['version']; ?></h5>
-<b><? echo $_POST[description]; ?></b><p>
+<b><? echo $_POST['description']; ?></b><p>
-<b>Download:</b> <? echo $_POST[download]; ?><p>
+<b>Download:</b> <? echo $_POST['download']; ?><p>
</page>