Mercurial > hg > fapweb
changeset 112:91660a9d50f0
Add some error checking to compo id updating vs. compo entries.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 22 Oct 2013 12:08:27 +0300 |
parents | ac1df74619cd |
children | 671330b7f5d1 |
files | admajax.php |
diffstat | 1 files changed, 17 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/admajax.php Tue Oct 22 00:34:35 2013 +0300 +++ b/admajax.php Tue Oct 22 12:08:27 2013 +0300 @@ -408,16 +408,24 @@ stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id")) { - $sql = stPrepareSQLUpdate("entries", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "name" => "S", - "author" => "S", - "filename" => "S", - "compo_id" => "D", - )); + $cid = stGetRequestItem("compo_id"); + if (stFetchSQLColumn("SELECT id FROM compos WHERE id=".$cid) === FALSE) + { + stSetStatus(903, "No such compo id."); + } + else + { + $sql = stPrepareSQLUpdate("entries", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "author" => "S", + "filename" => "S", + "compo_id" => "D", + )); - stExecSQLCond($sql, "OK, entry updated."); + stExecSQLCond($sql, "OK, entry updated."); + } } else if ($type == "settings")