File: /home/mckernan/public_html/iJournal/includes/tracker/saventry.php
<?php
// add / update tracker entry item
// init database name
$database = DB_PREFIX;
// process request
if ($sid != '')
{
// sid check
require "includes/session/sidck.php";
// init return value
$rv = '<root>' . PHP_EOL;
// fetch database name / open db
$dbname = '';
if ( isset($_POST['db']) ) $dbname = $_POST['db'];
if ( isset($_GET['db']) ) $dbname = $_GET['db'];
if ($dbname == '') die();
$database .= $dbname;
require "includes/db.php";
// fetch / validate params
$entryid = getvar($db, 'eid', 'int');
$itemid = getvar($db, 'tid', 'int');
$perid = getvar($db, 'pid', 'int');
$amt = getvar($db, 'amt', 'float');
if ($entryid < 1)
{
$query = "INSERT INTO tracking (trkg_tracker, trkg_per, trkg_amt) VALUES (" . $itemid . ", " . $perid . ", " . $amt . ")";
}
else
{
$query = "UPDATE tracking SET trkg_amt = " . $amt . " WHERE trkg_id = " . $entryid;
}
if ($result = $db->query($query))
{
if ($db->affected_rows == 1)
{
$rv .= "<success>true</success>" . PHP_EOL;
}
else
{
$rv .= "<success></success>" . PHP_EOL;
}
}
else
{
$rv .= "<success></success>" . PHP_EOL;
}
// finish output
$rv .= '</root>' . PHP_EOL;
// return data
echo $rv;
die;
}
else
{
header('Server: ');
header('X-Powered-By: ');
header("HTTP/1.0 404 Not Found");
}
?>