From e069856ca23906151bf85c617877213250ae0d69 Mon Sep 17 00:00:00 2001 From: Penny Leach Date: Mon, 10 Jul 2006 19:22:17 +1200 Subject: [PATCH] fixing breakfast bugs --- .../serendipity_plugin_breakfast/admin.inc.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/plugins/serendipity_plugin_breakfast/admin.inc.php b/plugins/serendipity_plugin_breakfast/admin.inc.php index fbab061..b386372 100644 --- a/plugins/serendipity_plugin_breakfast/admin.inc.php +++ b/plugins/serendipity_plugin_breakfast/admin.inc.php @@ -66,7 +66,7 @@ echo ' // make an event. serendipity_db_query('INSERT INTO mbg_event (date,cafe'.((!empty($_GET['comment'])) ? ',comment' : '').') - VALUES ('.$date.','.$cafeid.((!empty($_GET['comment'])) ? ',\''.$_GET['comment'].'\'' : '').')'); + VALUES ('.$date.','.$cafeid.((!empty($_GET['comment'])) ? ',\''.addslashes($_GET['comment']).'\'' : '').')'); $eventid = serendipity_db_insert_id(); for ($i = 0; $i < $maxattendees; $i++) { @@ -92,15 +92,20 @@ echo ' $personid = $_GET['person'.$i]; } if (!empty($_GET['meal_free'.$i])) { - $sql = 'INSERT INTO mbg_meal (name) VALUES (\''.$_GET['meal_free'.$i].'\');'; - serendipity_db_query($sql); - $mealid = serendipity_db_insert_id(); + // look for one first! + if ($exists = serendipity_db_query('SELECT * FROM mbg_meal WHERE name = \''.$_GET['meal_free'.$i].'\'',true)) { + $mealid = $exists['id']; + } else { + $sql = 'INSERT INTO mbg_meal (name) VALUES (\''.$_GET['meal_free'.$i].'\');'; + serendipity_db_query($sql); + $mealid = serendipity_db_insert_id(); + } } else { $mealid = $_GET['meal'.$i]; } // now we can make an attendee... then just score to go $sql = "INSERT INTO mbg_attendee (event,person,ate,comment) VALUES ($eventid,$personid,$mealid,". - ((!empty($_GET['comment'.$i])) ? "'".$_GET['comment'.$i]."'" : 'null') + ((!empty($_GET['comment'.$i])) ? "'".addslashes($_GET['comment'.$i])."'" : 'null') .')'; serendipity_db_query($sql); $attendee = serendipity_db_insert_id(); -- 2.39.5