358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
|
if( zSQL[0]==0 ){
zErr = "Please supply an SQL query statement";
}else if( (zTitle = trim_string(zTitle))[0]==0 ){
zErr = "Please supply a title";
}else{
zErr = verify_sql_statement(zSQL);
}
if( zErr==0 ){
login_verify_csrf_secret();
if( rn>0 ){
db_multi_exec("UPDATE reportfmt SET title=%Q, sqlcode=%Q,"
" owner=%Q, cols=%Q WHERE rn=%d",
zTitle, zSQL, zOwner, zClrKey, rn);
}else{
db_multi_exec("INSERT INTO reportfmt(title,sqlcode,owner,cols) "
"VALUES(%Q,%Q,%Q,%Q)",
zTitle, zSQL, zOwner, zClrKey);
rn = db_last_insert_rowid();
}
cgi_redirect(mprintf("rptview?rn=%d", rn));
return;
}
}else if( rn==0 ){
|
>
>
>
>
>
>
|
|
|
|
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
|
if( zSQL[0]==0 ){
zErr = "Please supply an SQL query statement";
}else if( (zTitle = trim_string(zTitle))[0]==0 ){
zErr = "Please supply a title";
}else{
zErr = verify_sql_statement(zSQL);
}
if( zErr==0
&& db_exists("SELECT 1 FROM reportfmt WHERE title=%Q and rn<>%d",
zTitle, rn)
){
zErr = mprintf("There is already another report named \"%h\"", zTitle);
}
if( zErr==0 ){
login_verify_csrf_secret();
if( rn>0 ){
db_multi_exec("UPDATE reportfmt SET title=%Q, sqlcode=%Q,"
" owner=%Q, cols=%Q, mtime=now() WHERE rn=%d",
zTitle, zSQL, zOwner, zClrKey, rn);
}else{
db_multi_exec("INSERT INTO reportfmt(title,sqlcode,owner,cols,mtime) "
"VALUES(%Q,%Q,%Q,%Q,now())",
zTitle, zSQL, zOwner, zClrKey);
rn = db_last_insert_rowid();
}
cgi_redirect(mprintf("rptview?rn=%d", rn));
return;
}
}else if( rn==0 ){
|