&field=uploads&num=&preSaveTempId=' height='100' width='600' frameborder='0' scrolling='no'>
*/ // $table = @$_REQUEST['table']; $field = @$_REQUEST['field']; $recordNum = intval( @$_REQUEST['num'] ); $preSaveTempId = @$_REQUEST['preSaveTempId']; $submittedForm = @$_REQUEST['REQUEST_METHOD'] == 'POST' || @$_REQUEST['submitForm']; $errorsAndAlerts = ''; // SECURITY WARNING: BE SURE TO ADD SECURITY CHECKS BELOW TO ENSURE USERS CAN'T // ADD OR MODIFY UPLOADS FROM ANY RECORDS THEY ARE NOT SUPPOSE TO. $allowedTables = array('news'); $allowedFields = array('uploads'); if ($recordNum) { // if a $recordNum was supplied, ensure that the user owns it before doing anything! if (!@$CURRENT_USER) { die("You must login to modify a record!"); } $record = mysql_query_fetch_row_assoc("SELECT * FROM {$TABLE_PREFIX}$table WHERE num = '$recordNum'"); if (!$record || $record['createdByUserNum'] != $CURRENT_USER['num']) { die("Invalid recordNum"); } } // error checking if (!$table) { die("No 'tablename' value specified in url!"); } elseif (!in_array($table, $allowedTables)) { die("Tablename '" .htmlencode($table). "' isn't in list of allowed tablenames!"); } if (!$field) { die("No 'fieldname' value specified in url!"); } elseif (!in_array($field, $allowedFields)) { die("Fieldname '" .htmlencode($field). "' isn't in list of allowed fieldnames!"); } if (!$recordNum && !$preSaveTempId) { die("No 'recordNum' or 'preSaveTempId' value was specified!"); } if ($submittedForm && !preg_match("/multipart\/form-data/", @$_SERVER['CONTENT_TYPE'])) { die("Upload Error: <form> tag must have enctype=\"multipart/form-data\""); } // save uploads foreach (getUploadInfoArrays() as $uploadInfo) { // add uploads $errorsAndAlerts .= saveUpload($table, $field, $recordNum, $preSaveTempId, $uploadInfo, $newUploadNums); //die("$recordNum $field $table"); if($preSaveTempId || ($recordNum && $field && $table)) { $infoQuerySet = ""; if(@$_REQUEST['info1']) { $infoQuerySet .= " info1 = '" . $_REQUEST['info1'] . "' "; } if(@$_REQUEST['info2']) { if($infoQuerySet) { $infoQuerySet .= ","; } $infoQuerySet .= " info2 = '" . $_REQUEST['info2'] . "' "; } if($infoQuerySet) { $infoQuery = " UPDATE " . $GLOBALS['TABLE_PREFIX'] . "uploads SET $infoQuerySet WHERE "; if($recordNum && $field && $table) { //We need to get the most recent record for the recordNum, fieldName and tableName //MySQL can not select from same table as update in one query $numQuery = " SELECT num FROM " . $GLOBALS['TABLE_PREFIX'] . "uploads WHERE recordNum = '$recordNum' AND fieldName = '$field' AND tableName = '$table' ORDER BY createdTime DESC LIMIT 1"; $numResult = mysql_query_fetch_row_assoc($numQuery); if(@$numResult['num']) { $infoQuery .= " num=" . $numResult['num']; } else { continue; } } else { $infoQuery .= " preSaveTempId = '$preSaveTempId'"; } // die($infoQuery); mysql_query($infoQuery); } } } // remove uploads if (@$_REQUEST['removeUpload']) { // delete upload $uploadNum = @$_REQUEST['removeUpload']; removeUpload($uploadNum, $recordNum, $preSaveTempId); } // load uploads $uploads = getUploadRecords($table, $field, $recordNum, $preSaveTempId); ?>

Title:
Caption:

" . $upload['info1'] . " " . $upload['info2'] ?> remove

There are no uploads yet.