aboutsummaryrefslogtreecommitdiff
path: root/www/update.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/update.php')
-rw-r--r--www/update.php75
1 files changed, 24 insertions, 51 deletions
diff --git a/www/update.php b/www/update.php
index e59bf8e..04df988 100644
--- a/www/update.php
+++ b/www/update.php
@@ -1,53 +1,26 @@
<?php
-/* Copyright Maximilian Möhring, 2013
-Licensed under the GPL. Read LICENSE for more Information.*/
-
-include('auth.php');
-/*error_reporting(E_ALL);
-
-ini_set('display_errors', '1');*/
-
-$id = SQLite3::escapeString($_POST["id"]);
-$name = SQLite3::escapeString($_POST["name"]);
-$adresse = SQLite3::escapeString($_POST["adresse"]);
-$telefonnummer = SQLite3::escapeString($_POST["telefonnummer"]);
-$handynummer = SQLite3::escapeString($_POST["handynummer"]);
-$email = SQLite3::escapeString($_POST["email"]);
-$bday = SQLite3::escapeString($_POST["geburtstag"]);
-
-//echo "$name<br> $adresse<br>$telefonnummer<br>$handynummer<br>$email<br>$bday<br>$ip<br>$cryptedip";
-
-
-
-$db = new SQLite3('../database/database.sqlite');
-
-$db->exec("UPDATE member SET name='$name' where id=$id;");
-$db->exec("UPDATE member SET adresse='$adresse' where id=$id;");
-$db->exec("UPDATE member SET telefonnummer='$telefonnummer' where id=$id;");
-$db->exec("UPDATE member SET handynummer='$handynummer' where id=$id;");
-$db->exec("UPDATE member SET email='$email' where id=$id;");
-$db->exec("UPDATE member SET geburtstag='$bday' where id=$id;");
-
-/*echo "
-<!doctype html public '-//W3C//DTD XHTML 1.0 //EN'>
-
-<html>
- <head>
- <title>Junge Gemeinde Adlershof - Update erfolgreich!</title>
- <meta http-equiv='Content-type' content='text/html; charset=utf-8' />
- <link rel='stylesheet' type='text/css' href='style.css' />
- <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'>
- </head>
-
- <body>
-<center>
-<p5>Update erfolgreich!</p5><br><br>
-<a4>Weiterleitung in 3.. 2.. 1..</a4>
-</center></body></html>";*/
-
-header("Refresh: 0; liste.php");
-
-
-
-?>
+function update_db($db){
+
+ $id = SQLite3::escapeString($_POST["id"]);
+ $name = SQLite3::escapeString($_POST["name"]);
+ $adresse = SQLite3::escapeString($_POST["adresse"]);
+ $telefonnummer = SQLite3::escapeString($_POST["telefonnummer"]);
+ $handynummer = SQLite3::escapeString($_POST["handynummer"]);
+ $email = SQLite3::escapeString($_POST["email"]);
+ $bday = SQLite3::escapeString($_POST["geburtstag"]);
+
+ if(!preg_match("/^[0-9]+$/", $id) || !preg_match("/[0-9]+$/", $telefonnummer) || !preg_match("/^.+@.+$/", $email)){
+ return false;
+ }
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ UPDATE jg SET name='".$name."', adresse='".$adresse."', telefonnummer='".$telefonnummer."', handynummer='".$handynummer."', email='".$email."', geburtstag='".$bday."' WHERE id=".$id.";
+ COMMIT;
+ ")){
+ return true;
+ } else {
+ return false;
+ }
+}