'str', 'nw_division' => 'str', 'nw_begin_time' => 'str', 'nw_end_time' => 'str', 'nw_disable_hours' => 'int', 'nw_left' => 'int', 'nw_top' => 'int', 'nw_height' => 'int', 'nw_width' => 'int', 'nw_content' => 'text', 'nw_content_html' => 'text', ); foreach ($check_keys as $key => $val) { if ($val === 'int') { $posts[$key] = isset($_POST[$key]) ? (int) $_POST[$key] : 0; } elseif ($val === 'str') { $posts[$key] = isset($_POST[$key]) ? clean_xss_tags($_POST[$key], 1, 1) : 0; } else { $posts[$key] = isset($_POST[$key]) ? trim($_POST[$key]) : 0; } } $sql_common = " nw_device = '{$posts['nw_device']}', nw_division = '{$posts['nw_division']}', nw_begin_time = '{$posts['nw_begin_time']}', nw_end_time = '{$posts['nw_end_time']}', nw_disable_hours = '{$posts['nw_disable_hours']}', nw_left = '{$posts['nw_left']}', nw_top = '{$posts['nw_top']}', nw_height = '{$posts['nw_height']}', nw_width = '{$posts['nw_width']}', nw_subject = '{$nw_subject}', nw_content = '{$posts['nw_content']}', nw_content_html = '{$posts['nw_content_html']}' "; if ($w == "") { $sql = " insert {$g5['new_win_table']} set $sql_common "; sql_query($sql); $nw_id = sql_insert_id(); run_event('admin_newwin_created', $nw_id); } elseif ($w == "u") { $sql = " update {$g5['new_win_table']} set $sql_common where nw_id = '$nw_id' "; sql_query($sql); run_event('admin_newwin_updated', $nw_id); } elseif ($w == "d") { $sql = " delete from {$g5['new_win_table']} where nw_id = '$nw_id' "; sql_query($sql); run_event('admin_newwin_deleted', $nw_id); } if ($w == "d") { goto_url('./newwinlist.php'); } else { goto_url("./newwinform.php?w=u&nw_id=$nw_id"); }