qemudb/admin/editVendor.php

<?php
require("path.php");
require(BASE."include/incl.php");
require_once(BASE."include/vendor.php");

$aClean = array(); //array of filtered user input
$aClean['iVendorId'] = makeSafe($_REQUEST['iVendorId']);
$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);
$aClean['sName'] = makeSafe($_REQUEST['sName']);
$aClean['sWebpage'] = makeSafe($_REQUEST['sWebpage']);

if(!$_SESSION['current']->hasPriv("admin"))
    util_show_error_page_and_exit();

$oVendor = new Vendor($aClean['iVendorId']);
if($aClean['sSubmit'])
{
    $oVendor->update($aClean['sName'],$aClean['sWebpage']);
    util_redirect_and_exit(apidb_fullurl("vendorview.php"));
}
else
{
    if($oVendor->iVendorId)
        apidb_header("Edit Vendor");
    else
        apidb_header("Add Vendor");

    // Show the form
    echo '<form name="sQform" action="'.$_SERVER['PHP_SELF'].'" method="post" enctype="multipart/form-data">',"\n";

    $oVendor->OutputEditor();

    echo '<tr valign=top><td class=color3 align=center colspan=2>',"\n";
    echo '<input name="sSubmit" type="submit" value="Submit" class="button" >&nbsp',"\n";
    echo '</td></tr>',"\n";

    echo "</form>";
    echo html_frame_end("&nbsp;");
    apidb_footer();

}
?>
- replaced tons of tabs with spaces - replaced <? with <?php for compatibility sake (see TODO and CODING_STANDARD to know more) - improved overall code lisibility 2004-12-12 03:51:51 +00:00			`<?php`
Clean up includes. Make 'path.php' and 'incl.php' required includes. Switch to using require_once() for including files in /include so we can have include/*.php files include their own dependencies rather than figuring out that to include A.php we need to include B.php 2006-07-07 18:14:53 +00:00			`require("path.php");`
			`require(BASE."include/incl.php");`
Let users browse vendors and remove some duplicate code 2005-10-25 00:47:32 +00:00			`require_once(BASE."include/vendor.php");`
Initial revision 2004-03-15 16:22:00 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$aClean = array(); //array of filtered user input`
			`$aClean['iVendorId'] = makeSafe($_REQUEST['iVendorId']);`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`$aClean['sSubmit'] = makeSafe($_REQUEST['sSubmit']);`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$aClean['sName'] = makeSafe($_REQUEST['sName']);`
			`$aClean['sWebpage'] = makeSafe($_REQUEST['sWebpage']);`

- OO version of user class - no more duplicated functions - improved performances (much less duplicated mysql queries) - less code and better error handling 2005-01-30 23:12:48 +00:00			`if(!$_SESSION['current']->hasPriv("admin"))`
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them 2006-07-06 18:44:56 +00:00			`util_show_error_page_and_exit();`
Let users browse vendors and remove some duplicate code 2005-10-25 00:47:32 +00:00
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$oVendor = new Vendor($aClean['iVendorId']);`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`if($aClean['sSubmit'])`
Initial revision 2004-03-15 16:22:00 +00:00			`{`
Filter all user input to reduce the security impact of manipulated data 2006-06-17 06:10:10 +00:00			`$oVendor->update($aClean['sName'],$aClean['sWebpage']);`
Rename util_show_error_page() to util_show_error_page_and_exit() and redirect() to util_redirect_and_exit() so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them 2006-07-06 18:44:56 +00:00			`util_redirect_and_exit(apidb_fullurl("vendorview.php"));`
Initial revision 2004-03-15 16:22:00 +00:00			`}`
			`else`
			`{`
Let users browse vendors and remove some duplicate code 2005-10-25 00:47:32 +00:00			`if($oVendor->iVendorId)`
			`apidb_header("Edit Vendor");`
			`else`
			`apidb_header("Add Vendor");`

			`// Show the form`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo '<form name="sQform" action="'.$_SERVER['PHP_SELF'].'" method="post" enctype="multipart/form-data">',"\n";`
Let users browse vendors and remove some duplicate code 2005-10-25 00:47:32 +00:00
			`$oVendor->OutputEditor();`

			`echo '<tr valign=top><td class=color3 align=center colspan=2>',"\n";`
Prefix all GPC variables according to our coding standard 2006-07-06 17:27:54 +00:00			`echo '<input name="sSubmit" type="submit" value="Submit" class="button" >&nbsp',"\n";`
Let users browse vendors and remove some duplicate code 2005-10-25 00:47:32 +00:00			`echo '</td></tr>',"\n";`

			`echo "</form>";`
			`echo html_frame_end(" ");`
Let users view distributions 2005-10-21 02:48:27 +00:00			`apidb_footer();`
Let users browse vendors and remove some duplicate code 2005-10-25 00:47:32 +00:00
Initial revision 2004-03-15 16:22:00 +00:00			`}`
			`?>`