File: /home/mckernan/public_html/iJournal/includes/client/updinfo.php
<?php
// open client
// init database name
$database = DB_PREFIX;
// process request
if ($sid != '')
{
// sid check
require "includes/session/sidck.php";
// init return value
$rv = '<root>' . PHP_EOL;
// fetch database name / open db
$db = '';
if ( isset($_POST['db']) ) $db = $_POST['db'];
if ( isset($_GET['db']) ) $db = $_GET['db'];
if ($db == '') die();
$database .= $db;
require "includes/db.php";
// fetch vars
$name1 = getvar($db, 'n1', 'string');
$name2 = getvar($db, 'n2', 'string');
$str1 = getvar($db, 'str1', 'string');
$str2 = getvar($db, 'str2', 'string');
$city = getvar($db, 'cty', 'string');
$state = getvar($db, 'st', 'string');
$zip = getvar($db, 'zip', 'string');
$org = getvar($db, 'org', 'int');
$fye = getvar($db, 'fye', 'int');
$freq = getvar($db, 'frq', 'int');
// fetch client info
$query = "UPDATE client SET cli_mailname1 = '" . $name1 . "', cli_mailname2 = '" . $name2 . "', cli_str1 = '" . $str1 .
"', cli_str2 = '" . $str2 . "', cli_city = '" . $city . "', cli_state = '" . $state . "', cli_zipc = '" . $zip .
"', cli_type = " . $org . ", cli_fye = " . $fye . ", cli_freq = " . $freq . " WHERE 1";
if ($result = $db->query($query))
{
$rv .= '<success>true</success>';
}
else
{
$rv .= '<success></success>';
}
// finish output
$rv .= '</root>' . PHP_EOL;
// return data
echo $rv;
die;
}
else
{
header('Server: ');
header('X-Powered-By: ');
header("HTTP/1.0 404 Not Found");
}
?>