// make an event.
serendipity_db_query('INSERT INTO mbg_event (date,cafe'.((!empty($_GET['comment'])) ? ',comment' : '').')
- VALUES ('.$date.','.$cafeid.((!empty($_GET['comment'])) ? ',\''.$_GET['comment'].'\'' : '').')');
+ VALUES ('.$date.','.$cafeid.((!empty($_GET['comment'])) ? ',\''.addslashes($_GET['comment']).'\'' : '').')');
$eventid = serendipity_db_insert_id();
for ($i = 0; $i < $maxattendees; $i++) {
$personid = $_GET['person'.$i];
}
if (!empty($_GET['meal_free'.$i])) {
- $sql = 'INSERT INTO mbg_meal (name) VALUES (\''.$_GET['meal_free'.$i].'\');';
- serendipity_db_query($sql);
- $mealid = serendipity_db_insert_id();
+ // look for one first!
+ if ($exists = serendipity_db_query('SELECT * FROM mbg_meal WHERE name = \''.$_GET['meal_free'.$i].'\'',true)) {
+ $mealid = $exists['id'];
+ } else {
+ $sql = 'INSERT INTO mbg_meal (name) VALUES (\''.$_GET['meal_free'.$i].'\');';
+ serendipity_db_query($sql);
+ $mealid = serendipity_db_insert_id();
+ }
} else {
$mealid = $_GET['meal'.$i];
}
// now we can make an attendee... then just score to go
$sql = "INSERT INTO mbg_attendee (event,person,ate,comment) VALUES ($eventid,$personid,$mealid,".
- ((!empty($_GET['comment'.$i])) ? "'".$_GET['comment'.$i]."'" : 'null')
+ ((!empty($_GET['comment'.$i])) ? "'".addslashes($_GET['comment'.$i])."'" : 'null')
.')';
serendipity_db_query($sql);
$attendee = serendipity_db_insert_id();
projects / s9y.git / commitdiff