modifyaddress.php

一个页面界面的邮件程序

<?php
require_once("../inc/constants.inc.php");
require_once("../inc/properties.inc.php");
require_once("../inc/tools.inc.php");
require_once("../inc/db.inc.php");

header('Content-type: text/xml;');

if (!isset($_SESSION['user'])) {
	die();
}

if (isset($_POST['idaddress']))
	$param = $_POST;
else if (isset($_GET['idaddress']))
	$param = $_GET;
else
	die("Attribute 'idaddress' not found ! Can't modify address");

$idperson = prepSqlValue($param['idperson']);
$idaddress = prepSqlValue($param['idaddress']);
$title = prepSqlValue($param['title']);
$street = prepSqlValue($param['street']);
$streetNext = prepSqlValue($param['streetNext']);
$zipcode = prepSqlValue($param['zipcode']);
$town = prepSqlValue(strtoupper($param['town']));
$country = prepSqlValue($param['country']);
$note = ((isset($param['note'])) ? prepSqlValue($param['note']) : "NULL");

$sql = "UPDATE `address` SET title = $title, street = $street, street_next = $streetNext, zipcode = $zipcode, town = $town, " .
		"country = $country, note = $note WHERE id = $idaddress AND idperson = $idperson";
$result = mysql_query($sql) or die("Error in SQL : " . $sql);

$dom = new DOMDocument('1.0', ENCODING);
$root = $dom->appendChild(new DOMElement('response'));
$root->setAttribute("updatedSql", prepShowValue($sql));

addGroups($root);
addContactTypes($root);
addAddressTitles($root);

$sql = "SELECT P.id as personID, P.*, UP.*, G.id as groupID, G.* FROM `person` P, `user` U, `user_person` UP, `group` G " .
		" WHERE UP.idperson = P.id AND UP.iduser = U.id AND P.idgroup = G.id AND G.iduser = U.id AND U.id='" . $_SESSION['user'] . "' AND P.id = ". $idperson;

$result = mysql_query($sql);

$root->setAttribute("sql", prepShowValue($sql));

if ($result && mysql_num_rows($result) > 0) {
	if ($line = mysql_fetch_assoc($result)) {
		addPersonNodeToXml($root, $line);
	}
}

echo $dom->saveXML();
?>