diff --git a/lib/sql.php b/lib/sql.php index d404bb4..a1acfbd 100644 --- a/lib/sql.php +++ b/lib/sql.php @@ -4,7 +4,7 @@ SQL function library - Copyright (C) 2001 Jeff Teunissen + Copyright (C) 2001-2007 Jeff Teunissen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License @@ -29,10 +29,9 @@ have ('sql'); function sqlReadQuery ($query) { - $ret = null; - global $sqlError; + $ret = null; $sqlError = null; // always set SQL error condition if (sqlAvail && $conn = @mysql_pconnect (sqlHost, sqlUser, sqlPass)) { @@ -44,6 +43,7 @@ function sqlReadQuery ($query) } else { // Successful query, no rows returned. $ret = true; } + @mysql_free_result ($result); } else { // Query failed. $sqlError = mysql_error (); $ret = false; @@ -65,23 +65,22 @@ function sqlWriteQuery ($query) $sqlError = null; // always set SQL error condition - if (sqlAvail - && defined (sqlRWUser) - && defined (sqlRWPass) + if (sqlAvail && defined ('sqlRWUser') && defined ('sqlRWPass') && $conn = @mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass)) { - if ($result = @mysql_db_query (sqlDB, $query, $conn)) { - if ($numRows = @mysql_affected_rows ($result)) { // Success - $ret = $numRows; - } + if ($result = @mysql_db_query (sqlDB, $query, $conn)) { // Success + $ret = @mysql_affected_rows ($conn); + @mysql_free_result ($result); } else { // Query failed. $sqlError = @mysql_error (); $ret = false; } - @mysql_close ($conn); } else { // Couldn't even connect. - if (sqlAvail && defined (sqlRWUser) && defined (sqlRWPass)) + if (sqlAvail && defined ('sqlRWUser') && defined ('sqlRWPass')) $sqlError = @mysql_error (); + else + $sqlError = "Cannot write to database."; } + @mysql_close ($conn); return $ret; } ?> \ No newline at end of file diff --git a/plan_add.php b/plan_add.php index 554eab7..d88a942 100644 --- a/plan_add.php +++ b/plan_add.php @@ -12,12 +12,13 @@ $user = $userInfo['u_displayname']; if ($planText && $planSubj && $mode == "Post") { + $planSubj = addSlashes ($planSubj); $planText = addSlashes ($planText); - $query = 'INSERT INTO plans (p_date, p_user, p_subject, p_plan) VALUES (' + $query = 'INSERT INTO plans (p_date, p_user, p_title, p_plan) VALUES (' ."NOW(), '$user', '$planSubj', '$planText')"; $rows = sqlWriteQuery ($query); - if ($rows && $rows !== true) { + if ($rows) { echo '

Your plan entry has been posted successfully.

'; } else { echo "

Somebody screwed up, MySQL said '$sqlError'. Bug a project admin or somethin', eh?

"; diff --git a/plan_edit.php b/plan_edit.php index 340266a..5698c56 100644 --- a/plan_edit.php +++ b/plan_edit.php @@ -42,7 +42,7 @@ $id = $array['p_id']; $usr = $array['p_user']; $date = dateFromSQLDateTime ($array['p_date']); - $subj = convertFromHTML (stripSlashes ($array['p_subject'])); + $subj = convertFromHTML (stripSlashes ($array['p_title'])); $txt = convertFromHTML (stripSlashes ($array['p_plan'])); newsBoxOpen ("Edit Plan Entry #$id"); @@ -76,7 +76,7 @@ if ($planSubj && $planText && $planUser) { $planText = addSlashes ($planText); $query = 'UPDATE plans SET' - ." p_user='$planUser', p_subject='$planSubj' p_plan='$planText'" + ." p_user='$planUser', p_title='$planSubj', p_plan='$planText'" ." WHERE p_id='$planID'"; $rows = sqlWriteQuery ($query); @@ -90,7 +90,7 @@ echo '

Your edit was processed successfully. Congratulations on your revision of history.:)

'; } } else { - $query = 'SELECT p_id, p_date, p_user, p_plan FROM plans' + $query = 'SELECT p_id, p_date, p_user, p_title, p_plan FROM plans' ." WHERE p_id=$planID"; $entries = sqlReadQuery ($query); @@ -107,7 +107,7 @@ } else { newsBoxOpen ("All Plan Entries"); - $query = 'SELECT p_id, p_date, p_user, p_plan FROM plans' + $query = 'SELECT p_id, p_date, p_user, p_title, p_plan FROM plans' .' ORDER BY p_date DESC'; $entries = sqlReadQuery ($query);