1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
<?php
include_once('../../check_login.php');
ini_set('display_errors',0);
$id =$_POST['id'];
$type=$_POST['type'];
unset($_POST['id']);
if($id){
//update db
$data = $_POST;
unset($data['x']);
unset($data['y']);
$data['lastupdate'] = $nowdate;
$data['lastupby'] = $_SESSION['cmsloginid'];
$sql = mysql_install($data,'event','edit','refid');
$data['refid']=$id;
$arraykey=array_keys($data);
for($i=0;$i<count($arraykey);$i++){
$parameters[$i]=$data[$arraykey[$i]];
}
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute($parameters)) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
$msg = '儲存成功';
}else{
//refid
$sql = "select max(refid) as maxid from event";
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute()) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
$row = $sth->fetch(PDO::FETCH_ASSOC);
$_POST['refid'] = $row{"maxid"} + 1;
//sort
$sql = "select max(sort) as maxid from event where type='".$type."'";
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute()) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
$row = $sth->fetch(PDO::FETCH_ASSOC);
$_POST['sort'] = $row{"maxid"} + 1;
//insert db
$data = $_POST;
unset($data['x']);
unset($data['y']);
$data['lastupdate'] = $nowdate;
$data['lastupby'] = $_SESSION['cmsloginid'];
$sql = mysql_install($data,'event','add');
$arraykey=array_keys($data);
for($i=0;$i<count($arraykey);$i++){
$parameters[$i]=$data[$arraykey[$i]];
}
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute($parameters)) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
$msg = '新增成功';
$id = $_POST['refid'];
}
// Upload File
if ($_FILES["photo"]['name'] <> '') {
if($id){
$sql = "select photo from event where refid = ?";
$parameters = array($id);
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute($parameters)) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
$photo_info = $sth->fetch(PDO::FETCH_ASSOC);
if($photo_info['photo']){
unlink("../../../file/event/".$photo_info['photo']);
}
}
unset($data);
//check if image type is valid or not
$filename = $_FILES["photo"]['name'];
preg_match("/\.([^\.]+)$/", $filename, $file_ext);
$newfilename = 'event_'.random_string(10).".".$file_ext[1]; // default length 8
move_uploaded_file($_FILES["photo"]['tmp_name'], "../../../file/event/" . $newfilename) or die ("Could not copy the file");
$photo = $newfilename;
$data['photo'] = $photo;
$sql = mysql_install($data,'event','edit','refid');
$data['refid'] = $id;
$arraykey=array_keys($data);
for($i=0;$i<count($arraykey);$i++){
$parameters[$i]=$data[$arraykey[$i]];
}
if (!($sth = $dbh->prepare($sql))) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
if (!$sth->execute($parameters)) {
throw new Exception('[' . $sth->errorCode() . ']: ' . print_r($sth->errorInfo()));
}
}
header("Location: event_index.php?type=".$_POST['type']."&msg=".$msg);
?>
|