}
}
- $sql = 'UPDATE ' . $mask['table'] . ' SET ';
- $sql .= implode(', ', $update);
- $sql .= ' WHERE id = ' . intval($_POST['id']);
+ $sql = sprintf('UPDATE %s SET %s WHERE id = %d',
+ empty($mask['edit_table']) ? $mask['table'] : $mask['edit_table'],
+ implode(', ', $update),
+ intval($_POST['id']));
$sth = pg_query($sql);
}
}
- $sql = 'INSERT INTO ' . $mask['table'] . ' (' . implode(',', $fields) . ') ';
- $sql .= 'VALUES (' . implode(',', $values) . ')';
+ $sql = sprintf('INSERT INTO %s (%s) VALUES (%s)',
+ empty($mask['edit_table']) ? $mask['table'] : $mask['edit_table'],
+ implode(',', $fields),
+ implode(',', $values));
$sth = pg_query($sql);
if (empty($_POST['id']))
return array('error' => 'Missing ID');
+ if (!empty($mask['edit_table']))
+ return array('error' => 'Cannot handle deletion for secondary table');
+
if (DELETE_COPY === true) {
$sql = sprintf("INSERT INTO %s_deleted SELECT * FROM %s WHERE id = %d",
$mask['table'], $mask['table'], $_POST['id']);