replyrec.php

火花留言本

<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" ";
$FF_authFailedURL="sparkLog.php";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
  if (true || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
    $FF_grantAccess = 1;
  }
}
if (!$FF_grantAccess) {
  $FF_qsChar = "?";
  if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";
  $FF_referrer = $HTTP_SERVER_VARS['PHP_SELF'];
  if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && strlen($HTTP_SERVER_VARS['QUERY_STRING']) > 0) $FF_referrer .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
  $FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
  header("Location: $FF_authFailedURL");
  exit;
}

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
//更新记录
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE board SET digiB_name=%s, digiB_face=%s, digiB_subject=%s, digiB_email=%s, digiB_web=%s, qq=%s, `open`=%s, digiB_content=%s,reply_content=%s WHERE digiB_id=%s",
                       GetSQLValueString($_POST['digiB_name'], "text"),
                       GetSQLValueString($_POST['digiB_face'], "text"),
                       GetSQLValueString($_POST['digiB_subject'], "text"),
                       GetSQLValueString($_POST['digiB_email'], "text"),
                       GetSQLValueString($_POST['digiB_Web'], "text"),
                       GetSQLValueString($_POST['qq'], "text"),
                       GetSQLValueString($_POST['open'], "int"),
                       GetSQLValueString($_POST['digiB_content'], "text"),
					   GetSQLValueString($_POST['reply_content'], "text"),
                       GetSQLValueString($_POST['digiB_id'], "int"));

  mysql_select_db($database_connBoard, $connBoard);
  $Result1 = mysql_query($updateSQL, $connBoard) or die(mysql_error());

  $updateGoTo = "spark_ed.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

$colname_RecBoard = "1";
if (isset($_GET['digiB_id'])) {
  $colname_RecBoard = (get_magic_quotes_gpc()) ? $_GET['digiB_id'] : addslashes($_GET['digiB_id']);
}
mysql_select_db($database_connBoard, $connBoard);
$query_RecBoard = sprintf("SELECT * FROM board WHERE digiB_id = %s", $colname_RecBoard);
$RecBoard = mysql_query($query_RecBoard, $connBoard) or die(mysql_error());
$row_RecBoard = mysql_fetch_assoc($RecBoard);
$totalRows_RecBoard = mysql_num_rows($RecBoard);
?>