lars/accred
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed bug that incorrectly chnaged reqName when updatig record

Browse Source
This commit is contained in:
lars 2019-06-04 16:14:32 +02:00
parent 64e65e2c7f
commit a62b9c265b
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
accred_form.php
View File

@ -115,17 +115,36 @@ if($_POST['btnprocess'] && $isAdmin) {
$updateStatus = true;
}
$reqName = $mysqli->real_escape_string($_POST['demande_pour']);
$demPour = $mysqli->real_escape_string($_POST['demande_pour']);
if( $reqName == '') {
$reqName = $username;
}
// Escape string, mostly in case of quotes
$d = $mysqli->real_escape_string(serialize($_POST));
if(!$aid) {
// New entry. If no demande_pour provided in form, make current user owner
if($demPour=='') {
$reqName = $username;
}
else {
$reqName = $demPour;
}
$query = "INSERT INTO submissions (uid, status, name, reqname, created, formdata,modified) values('$userid',$status,'$username','$reqName',null,'".$d."',NOW())";
syslog(LOG_INFO, "Create entry by uid: $userid / $uname from: {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
}
else {
$query = "UPDATE submissions set reqname='".$reqName."',modifieduid=$userid,formdata='".$d."'";
// Modifying existint record
if($demPour=='') {
// Could have had a value before or already be empty
// regardless, set reqName to same as name (This is NOT username or logged in user)
// Was a prior bug
// Since we don't have the DB values here, we need a different query
$query = "UPDATE submissions set reqname=name,modifieduid=$userid,formdata='".$d."'";
}
else {
// Value for demande_pour non blank, use that for reqName
$query = "UPDATE submissions set reqname='".$demPour."',modifieduid=$userid,formdata='".$d."'";
}
if($updateStatus) {
$query .= ",status=$status ";
}