Anyone care to explain the problem? =p
This is what was in my clipboard....
<?
session_start();
//including session functions
include("/home/mc/public_html/includes/session.inc.php");
session_security();
if (!is_numeric($_POST['id'])) {
header("Location: bargraphcp.php"); }
if ($_POST['submit_edit'] = "Save") {
$num_rows = $_POST['num_rows'];
$id = $_POST['id'];
$addrows = $_POST['addrows'];
$edit_name = $_POST['edit_name'];
$edit_displayname = $_POST['edit_displayname'];
$num_rows = stripslashes($num_rows);
$id = stripslashes($id);
$addrows = stripslashes($addrows);
$edit_name = stripslashes($edit_name);
$edit_displayname = stripslashes($edit_displayname);
if($edit_displayname==null){
$edit_displayname = 0; }
// recreating arrays with easier variables and then stripping slashes that were created from magic quotes i assume
for($i=0; $i < $num_rows; $i++) {
$edit_label[$i] = $_POST['edit_label'][$i];
$edit_data[$i] = $_POST['edit_data'][$i];
$edit_delete[$i] = $_POST['edit_delete'][$i];
$edit_label[$i] = stripslashes($edit_label[$i]);
$edit_data[$i] = stripslashes($edit_data[$i]);
$edit_delete[$i] = stripslashes($edit_delete[$i]);
}
// getting db data for cross checking purposes.
include("/home/mc/secureincludes/dbconnect.inc.php");
$query = "SELECT labels, data FROM bargraph_data WHERE id ='".addslashes($id)."' ORDER BY labels ASC LIMIT 0,100";
$result = mysql_query($query);
if(!result) {
die("Query error (getting bargraph_data)". mysql_error()."<br><br>\n<a href='bargraphcp.php'>Return</a><br>\n"); }
$i = 0;
while ($row = mysql_fetch_assoc($result)) {
$data[$i] = array(
"label" => stripslashes($row['labels']),
"data" => stripslashes($row['data']));
$i++;
}
$i = null;
// getting db properties for cross checking purposes.
include("/home/mc/secureincludes/dbconnect.inc.php");
$query = "SELECT name, displayname FROM bargraph_properties WHERE id ='".addslashes($id)."' LIMIT 0,100";
$result = mysql_query($query);
if(!result) {
die("Query error (getting bargraph_data)". mysql_error()."<br><br>\n<a href='bargraphcp.php'>Return</a><br>\n"); }
$row = mysql_fetch_assoc($result);
$db_name = stripslashes($row['name']);
$db_displayname = $row['displayname'];
// checking if property name or displayname was changed and if so, updating them.
if($edit_name != $db_name or $edit_displayname != $db_displayname) {
$query = "UPDATE bargraph_properties SET name = '".addslashes($edit_name)."', displayname = '".addslashes($edit_displayname)."' WHERE id = '".addslashes($id)."' LIMIT 1";
$result = mysql_query($query);
if(!$result) {
die("There was a problem editing bargraph name or displayname setting: ".mysql_error()."<br><br>\n<a href='bargraphcp.php?id=".$id."'>Return</a><br>\n"); }
print("Bargraph name was changed from <b>'".$db_name."' </b>to <b>'".$edit_name."'</b> and displayname setting was changed from <b>'".$db_displayname."'</b> to <b>'".$edit_displayname."'</b>.<br><br>\n");
}
for($i=0; $i < $num_rows; $i++) {
if($edit_delete[$i] == 1) {
$query = "DELETE FROM bargraph_data WHERE id = '".addslashes($id)."' and labels = '".addslashes($data[$i]['label'])."' and data = '".addslashes($data[$i]['data'])."' LIMIT 1";
$result = mysql_query($query);
if(!$result) {
die("There was a problem deleting row".$data[$i]['label'].".".mysql_error()."<br><br>\n<a href='bargraphcp.php'>Return</a><br>\n"); }
print ("Entry: <b>".$data[$i]['label'].": ".$data[$i]['data']."%</b> was successfully deleted.<br>\n");
} Else {
// checking if labels and data were edited and if so updating the db with the new one
if($edit_label[$i] != $data[$i]['label'] or $edit_data[$i] != $data[$i]['data']) {
// checking data entered to make sure it is a number and it isn't below 0 or above 100.
if($edit_data[$i] <= 100 and $edit_data[$i] >= 0 and is_numeric($edit_data[$i])) {
$query = "UPDATE bargraph_data SET labels = '".addslashes($edit_label[$i])."', data = '".addslashes($edit_data[$i])."' WHERE id = '".addslashes($id)."' AND labels = '".addslashes($data[$i][label])."' AND data = '".addslashes($data[$i][data])."' LIMIT 1";
$result = mysql_query($query);
if(!$result) {
die("There was a problem editing entry: <b>".$data[$i][label]."</b>.".mysql_error()."<br><br>\n<a href='bargraphcp.php?id=".$id."'>Return</a><br>\n"); }
print("Entry: <b>".$data[$i]['label'].": ".$data[$i]['data']."%</b> has been changed to <b>".$edit_label[$i].": ".$edit_data[$i]."%</b><br>\n");
} else {
print("You entered an invalid number in percent field of label: <b>".$data[$i]['label']."</b>.<br>\n");
}
}
}
}// for loop end bracket
// checking if additional rows were specified, and if so... create them
if($addrows != 0) {
if(is_numeric($addrows) and $addrows >= 1 and $addrows <= 10) {
for($i=0;$i<$addrows;$i++) {
$query = "INSERT INTO bargraph_data ( id , labels , data ) VALUES ('".addslashes($id)."', 'UNTITLED', '0')";
$result = mysql_query($query);
if(!$result) {
die("There was a problem inserting row(s).".mysql_error()."<br><br>\n<a href='bargraphcp.php'>Return</a><br>\n"); }
}
print("Successfully added <b>".$addrows."</b> row(s).<br>\n");
} else { print("You entered an invalid number in to the addrows field. You may only add 1-10 rows at a time."); }
}
print ("<br><br>\n<a href='bargraphcp.php?id=".$id."'>Return</a><br>\n");
}
else {
header("Location: bargraphcp.php");
}
?>