STR, 'phrasetext' => STR, 'matchmethod' => STR, 'do' => STR, 'doneinsert' => INT, 'oldvarname' => STR)); $use['varname'] = (bool)$_REQUEST['use']['varname']; $use['phrasetext'] = (bool)$_REQUEST['use']['phrasetext']; $use['and'] = (($vars['matchmethod'] == 'and') ? true : false); $use['or'] = (($use['and']) ? false : true); $use['matcher'] = (($use['and']) ? 'AND' : 'OR'); $select['or'] = (($use['or']) ? SELECTED : ''); $select['and'] = (($use['and']) ? SELECTED : ''); $select['search'] = (($vars['do'] == 'search') ? SELECTED : ''); $select['insert'] = (($vars['do'] == 'insert' OR $vars['doneinsert']) ? SELECTED : ''); $select['delete'] = (($vars['do'] == 'delete') ? SELECTED : ''); function sanitize_name($name) { $name = preg_replace('#[^a-zA-Z0-9_]#', '_', $name); $name = preg_replace('#_{1,}#', '_', $name); $name = preg_replace('#(^_|_$)#', '', $name); return $name; } // ################################################################### echo <<Search
Varname:
Phrase text:
Action:
Match Method:
HTML; if ($_REQUEST['do']) { echo "\n\n
\n\n"; } // ################################################################### if ($_REQUEST['do'] == 'kill') { $db->query("DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); header("Location: phrasetools.php"); } // ################################################################### if ($_REQUEST['do'] == 'delete') { $phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); if (!$phrase) { echo 'Not a valid phrase!'; exit; } echo "

Delete

\n\n
Found: $phrase[varname] ===> $phrase[phrasetext]
"; } // ################################################################### if ($_POST['do'] == 'insert') { $vars['varname'] = str_replace(' ', '_', $vars['varname']); $db->query(" INSERT INTO " . TABLE_PREFIX . "phrase (varname, phrasetext) VALUES ('" . addslasheslike(sanitize_name($vars['varname'])) . "', '" . addslasheslike($vars['phrasetext']) . "' )" ); header("Location: phrasetools.php?do=edit&doneinsert=1&varname=$vars[varname]"); } // ################################################################### if ($_POST['do'] == 'update') { $db->query(" UPDATE " . TABLE_PREFIX . "phrase SET varname = '" . addslasheslike(sanitize_name($vars['varname'])) . "', phrasetext = '" . addslasheslike($vars['phrasetext']) . "' WHERE varname = '" . addslasheslike($vars['oldvarname']) . "'" ); header("Location: phrasetools.php?do=edit&varname=$vars[varname]"); } // ################################################################### if ($_REQUEST['do'] == 'edit') { $phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'"); if (!$phrase) { echo 'Not a valid phrase!'; exit; } echo <<Edit
Varname:
Phrase text:
HTML; } // ################################################################### if ($_REQUEST['do'] == 'search') { if ($use['varname'] AND !$use['phrasetext']) { $where = "varname LIKE '%$vars[varname]%'"; } else if (!$use['varname'] AND $use['phrasetext']) { $where = "phrasetext LIKE '%$vars[phrasetext]%'"; } else { $where = "varname LIKE '%$vars[varname]%' $use[matcher] phrasetext LIKE '%$vars[phrasetext]%'"; } $phrases = $db->query("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE $where"); $numrows = $db->num_rows($phrases); if ($numrows < 1) { echo 'No results found!'; exit; } if ($numrows > 2) { while ($phrase = $db->fetch_array($phrases)) { echo "
\$bugsys->language['$phrase[varname]'] =======> " . htmlspecialcharslike($phrase['phrasetext']) . "
"; } } else { $phrase = $db->fetch_array($phrases); header("Location: phrasetools.php?do=edit&varname=$phrase[varname]"); } } ?>