  |
1 | 1 | | <?php |
| |
2 | 2 | | /* |
 |
3 | | - | $Id: languages.php,v 1.35 2003/06/29 22:50:52 hpdl Exp $ |
| |
| 3 | + | $Id: languages.php 1755 2007-12-21 14:02:36Z hpdl $ |
|
4 | 4 | | |
| |
5 | 5 | | osCommerce, Open Source E-Commerce Solutions |
| |
6 | 6 | | http://www.oscommerce.com |
| |
7 | 7 | | |
|
8 | | - | Copyright (c) 2003 osCommerce |
| |
| 8 | + | Copyright (c) 2007 osCommerce |
|
9 | 9 | | |
| |
10 | 10 | | Released under the GNU General Public License |
| |
11 | 11 | | */ |
| |
|
|
 |
… |
|
18 | 18 | | switch ($action) { |
| |
19 | 19 | | case 'insert': |
| |
20 | 20 | | $name = tep_db_prepare_input($HTTP_POST_VARS['name']); |
|
21 | | - | $code = tep_db_prepare_input($HTTP_POST_VARS['code']); |
| |
| 21 | + | $code = tep_db_prepare_input(substr($HTTP_POST_VARS['code'], 0, 2)); |
|
22 | 22 | | $image = tep_db_prepare_input($HTTP_POST_VARS['image']); |
| |
23 | 23 | | $directory = tep_db_prepare_input($HTTP_POST_VARS['directory']); |
|
24 | | - | $sort_order = tep_db_prepare_input($HTTP_POST_VARS['sort_order']); |
| |
| 24 | + | $sort_order = (int)tep_db_prepare_input($HTTP_POST_VARS['sort_order']); |
|
25 | 25 | | |
| |
26 | 26 | | tep_db_query("insert into " . TABLE_LANGUAGES . " (name, code, image, directory, sort_order) values ('" . tep_db_input($name) . "', '" . tep_db_input($code) . "', '" . tep_db_input($image) . "', '" . tep_db_input($directory) . "', '" . tep_db_input($sort_order) . "')"); |
| |
27 | 27 | | $insert_id = tep_db_insert_id(); |
| |
|
|
|
… |
|
71 | 71 | | case 'save': |
| |
72 | 72 | | $lID = tep_db_prepare_input($HTTP_GET_VARS['lID']); |
| |
73 | 73 | | $name = tep_db_prepare_input($HTTP_POST_VARS['name']); |
|
74 | | - | $code = tep_db_prepare_input($HTTP_POST_VARS['code']); |
| |
| 74 | + | $code = tep_db_prepare_input(substr($HTTP_POST_VARS['code'], 0, 2)); |
|
75 | 75 | | $image = tep_db_prepare_input($HTTP_POST_VARS['image']); |
| |
76 | 76 | | $directory = tep_db_prepare_input($HTTP_POST_VARS['directory']); |
|
77 | | - | $sort_order = tep_db_prepare_input($HTTP_POST_VARS['sort_order']); |
| |
| 77 | + | $sort_order = (int)tep_db_prepare_input($HTTP_POST_VARS['sort_order']); |
|
78 | 78 | | |
| |
79 | 79 | | tep_db_query("update " . TABLE_LANGUAGES . " set name = '" . tep_db_input($name) . "', code = '" . tep_db_input($code) . "', image = '" . tep_db_input($image) . "', directory = '" . tep_db_input($directory) . "', sort_order = '" . tep_db_input($sort_order) . "' where languages_id = '" . (int)$lID . "'"); |
| |
80 | 80 | | |