File: /home/mckernan/public_html/iJournal/includes/tracker/entrydtl.php
<?php
// tracker entry details
// init database name
$database = DB_PREFIX;
// process request
if ($sid != '')
{
// sid check
require "includes/session/sidck.php";
// init return value
$rv = '<root>' . PHP_EOL;
// fetch database name / open db
$db = '';
if ( isset($_POST['db']) ) $db = $_POST['db'];
if ( isset($_GET['db']) ) $db = $_GET['db'];
if ($db == '') die();
$database .= $db;
require "includes/db.php";
// fetch params
$eid = getvar($db, 'eid', 'int');
$tid = getvar($db, 'tid', 'int');
$per = getvar($db, 'per', 'int');
// fetch list
if ($eid > 0)
{
$query = "SELECT e.trkg_id, e.trkg_tracker, e.trkg_amt, t.trkr_id, t.trkr_caption FROM
tracking e LEFT JOIN tracker t ON t.trkr_id = e.trkg_tracker
WHERE e.trkg_id = " . $eid;
}
else
{
$query = "SELECT t.trkr_id, t.trkr_caption, e.trkg_id, e.trkg_amt FROM tracker AS t LEFT JOIN
(SELECT trkg_id, trkg_tracker, trkg_amt FROM tracking WHERE trkg_per = " . $per . ") AS e
ON e.trkg_tracker = t.trkr_id WHERE t.trkr_id = " . $tid;
}
if ($result = $db->query($query))
{
while ($row = $result->fetch_assoc())
{
$rv .= '<entry>' . PHP_EOL;
$rv .= '<eid>' . $row['trkg_id'] . '</eid>' . PHP_EOL;
$rv .= '<tid>' . $row['trkr_id'] . '</tid>' . PHP_EOL;
$rv .= '<per>' . $per . '</per>' . PHP_EOL;
$rv .= '<cap>' . $row['trkr_caption'] . '</cap>' . PHP_EOL;
$rv .= '<amt>' . $row['trkg_amt'] . '</amt>' . PHP_EOL;
$rv .= '</entry>' . PHP_EOL;
}
}
// finish output
$rv .= '</root>' . PHP_EOL;
// return data
echo $rv;
die;
}
else
{
header('Server: ');
header('X-Powered-By: ');
header("HTTP/1.0 404 Not Found");
}
?>