prepare($sql); $sth->execute([$name, $hostname, $assetclass_id, $info, $intf, $asset_type]); header_location("assetview.php?asset_id=" . $dbh->lastInsertId()); break; /* refactored case ("assetclass") : $name = sanitize($_POST['assetclass_name']); $description = sanitize($_POST['assetclass_description']); $group_id = sanitize($_POST['assetclassgroup_id']); $sql = "INSERT INTO assetclass (assetclass_name, assetclass_description, assetclassgroup_id) VALUE (?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$name, $description, $group_id]); header_location("assetclassview.php?assetclass_id=" . $dbh->lastInsertId()); break; case ("assetclassgroup") : $name = sanitize($_POST['acg_name']); $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color']))); $desc = sanitize($_POST['acg_description']); $sql = "INSERT INTO assetclassgroup (assetclassgroup_name, assetclassgroup_color, assetclassgroup_description) VALUE (?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$name, $color, $desc]); header_location("assetclassgroupview.php?assetclassgroup_id=" . $dbh->lastInsertId()); break; */ case ("assignnodetoasset") : $node_ip = sanitize($_POST['node_ip']); $subnet_id = sanitize($_POST['subnet_id']); $asset_id = sanitize($_POST['asset_id']); $node_mac = strip_mac(sanitize($_POST['node_mac'])); if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1'])); if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2'])); $node_info = $_POST['node_info']; $sql = "INSERT INTO node ( node_ip, node_mac, node_dns1, node_dns2, subnet_id, asset_id, node_info) VALUE (?, ?, ?, ?, ?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2, $subnet_id, $asset_id, $node_info]); header_location("nodeview.php?node_id=" . $dbh->lastInsertId()); break; case ("assignlocationtosubnet") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $sql = "INSERT INTO subnetlocation (location_id, subnet_id) VALUE (?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$location_id, $subnet_id]); header_location("Location: location.php?location_id=" . $dbh->lastInsertId()); break; case ("assignsubnettovlan") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $sql = "UPDATE subnet SET vlan_id=? WHERE subnet_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$vlan_id, $subnet_id]); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("location") : $name = sanitize($_POST['location_name']); $parent = sanitize($_POST['location_parent']); $info = sanitize($_POST['location_info']); $sql = "INSERT INTO location ( location_name, location_parent, location_info ) VALUE (?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$name, $parent, $info]); header_location("locationview.php?location_id=" . $dbh->lastInsertId()); break; case ("locationsubnet") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $sql = "INSERT INTO subnetlocation (location_id, subnet_id) VALUE (?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$location_id, $subnet_id]); header_location("locationview.php?location_id=" . $location_id); break; case ("nat") : $node_id_ext = sanitize($_POST['node_id_ext']); $node_id_int = sanitize($_POST['node_id_int']); $nat_type = sanitize($_POST['nat_type']); $sql = "INSERT INTO nat (nat_ext, nat_int, nat_type) VALUE (?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$node_id_ext, $node_id_int, $nat_type]); header_location("nodeview.php?node_id=" . $node_id_ext); break; case ("node") : $asset_name = sanitize($_POST['asset_name']); $asset_hostname = sanitize($_POST['asset_hostname']); $assetclass_id = sanitize($_POST['assetclass_id']); $ip = sanitize($_POST['node_ip']); $mac = strip_mac(sanitize($_POST['node_mac'])); if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1'])); if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2'])); $node_info = sanitize($_POST['node_info']); $subnet_id = $_POST['subnet_id']; $sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id) VALUE (?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$asset_name, $asset_hostname, $assetclass_id]); $asset_id = $dbh->lastInsertId(); $sql = "INSERT INTO node ( node_ip, node_mac, node_dns1, node_dns2, node_info, subnet_id, asset_id ) VALUE (?, ?, ?, ?, ?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]); header_location("nodeview.php?node_id=" . $dbh->lastInsertId()); break; case ("subnet") : $subnet_address= sanitize($_POST['subnet_address']); $subnet_mask = sanitize($_POST['subnet_mask']); $subnet_info = sanitize($_POST['subnet_info']); $sql = "INSERT INTO subnet (subnet_address, subnet_mask, subnet_info) VALUE (?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$subnet_address, $subnet_mask, $subnet_info]); header_location("subnetview.php?subnet_id=" . $dbh->lastInsertId()); break; case ("subnetlocation") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $sql = "INSERT INTO subnetlocation (location_id, subnet_id) VALUE (?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$location_id, $subnet_id]); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("subnetvlan") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id) VALUE (?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$subnet_id, $vlan_id]); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : $user_name = strtolower(sanitize($_POST['user_name'])); $user_displayname = sanitize($_POST['user_displayname']); $user_password = md5(sanitize($_POST['user_password'])); // check if username exists $sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?"); $sth->execute([$user_name]); if ($sth->fetchColumn() == 0) { $sql = "INSERT INTO user (user_name, user_displayname, user_pass) VALUE (?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$user_name, $user_displayname, $user_password]); header_location("userview.php?user_id=" . $dbh->lastInsertId()); break; } $comments = "usernameinuse"; break; case ("vlan") : $vlan_name = sanitize($_POST['vlan_name']); $vlan_number = sanitize($_POST['vlan_number']); $vlan_info = sanitize($_POST['vlan_info']); $vlan_color = sanitize($_POST['vlan_color']); $sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_color, vlan_info) VALUE (?, ?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info]); header_location("vlanview.php?vlan_id=" . $dbh->lastInsertId()); break; case ("vlansubnet") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id) VALUE (?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$subnet_id, $vlan_id]); header_location("vlanview.php?vlan_id=" . $vlan_id); break; case ("zone") : $zone_origin = sanitize($_POST['zone_origin']); $zone_ttl_default = sanitize($_POST['zone_ttl_default']); $zone_soa = sanitize($_POST['zone_soa']); $zone_hostmaster = sanitize($_POST['zone_hostmaster']); $zone_refresh = sanitize($_POST['zone_refresh']); $zone_retry = sanitize($_POST['zone_retry']); $zone_expire = sanitize($_POST['zone_expire']); $zone_ttl = sanitize($_POST['zone_ttl']); $zone_serial = sanitize($_POST['zone_serial']); $zone_ns1 = sanitize($_POST['zone_ns1']); $zone_ns2 = sanitize($_POST['zone_ns2']); $zone_ns3 = sanitize($_POST['zone_ns3']); $zone_mx1 = sanitize($_POST['zone_mx1']); $zone_mx2 = sanitize($_POST['zone_mx2']); $zone_info = sanitize($_POST['zone_info']); $sql = "INSERT INTO zone ( zone_origin, zone_ttl_default, zone_soa, zone_hostmaster, zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial, zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info) VALUE (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"; $sth = $dbh->prepare($sql); $sth->execute([$zone_origin, $zone_ttl_default, $zone_soa, $zone_hostmaster, $zone_refresh, $zone_retry, $zone_expire, $zone_ttl, $zone_serial, $zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]); header_location("zoneview.php?zone_id=" . $dbh->lastInsertId()); break; } } if (isset($_POST['del'])) { switch ($_POST['del']) { case ("asset") : $asset_id = sanitize($_POST['asset_id']); $sth = $dbh->prepare("DELETE FROM asset WHERE asset_id=?"); $sth->execute([$asset_id]); $sth = $dbh->prepare("DELETE FROM node WHERE asset_id=?"); $sth->execute([$asset_id]); header_location("asset.php"); break; /* refactored case ("assetclass") : $assetclass_id = sanitize($_POST['assetclass_id']); $sth = $dbh->prepare("DELETE FROM assetclass WHERE assetclass_id=?"); $sth->execute([$assetclass_id]); header_location("assetclass.php"); break; case ("assetclassgroup") : $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); $sth = $dbh->prepare("DELETE FROM assetclassgroup WHERE assetclassgroup_id=?"); $sth->execute([$assetclassgroup_id]); header_location("assetclassgroup.php"); break; */ case ("location") : $location_id = sanitize($_POST['location_id']); $sth = $dbh->prepare("DELETE FROM location WHERE location_id=?"); $sth->execute([$location_id]); header_location("location.php"); break; case ("locationsubnet") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?"); $sth->execute([$location_id, $subnet_id]); header_location("locationview.php?location_id=" . $location_id); break; case ("nat") : $nat_id = sanitize($_POST['nat_id']); $node_id_ext = sanitize($_POST['node_id_ext']); $sth = $dbh->prepare("DELETE FROM nat WHERE nat_id=?"); $sth->execute([$nat_id]); header_location("nodeview.php?node_id=" . $node_id_ext); break; case ("node") : $node_id = sanitize($_POST['node_id']); $sth = $dbh->prepare("DELETE FROM node WHERE node_id=?"); $sth->execute([$node_id]); header_location("assetview.php?asset_id=" . $asset_id); break; case ("subnet") : $subnet_id = sanitize($_POST['subnet_id']); $sth = $dbh->prepare("DELETE FROM subnet WHERE subnet_id=?"); $sth->execute([$subnet_id]); $sth = $dbh->prepare("DELETE FROM node WHERE subnet_id=?"); $sth->execute([$subnet_id]); header_location("subnet.php"); break; case ("subnetlocation") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?"); $sth->execute([$location_id, $subnet_id]); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("subnetvlan") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?"); $sth->execute([$subnet_id, $vlan_id]); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : $user_id = sanitize($_POST['user_id']); $sth = $dbh->prepare("DELETE FROM user WHERE user_id=?"); $sth->execute([$user_id]); header_location("user.php"); break; case ("vlan") : $vlan_id = sanitize($_POST['vlan_id']); $sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=?"); $sth->execute([$vlan_id]); header_location("vlan.php"); break; case ("vlansubnet") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?"); $sth->execute([$subnet_id, $vlan_id]); header_location("vlanview.php?vlan_id=" . $vlan_id); break; case ("zone") : $zone_id = sanitize($_POST['zone_id']); $sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?"); $sth->execute([$zone_id]); header_location("zone.php"); break; } } if (isset($_POST['edit'])) { switch ($_POST['edit']) { case ("asset") : $asset_id = sanitize($_POST['asset_id']); $asset_name = sanitize($_POST['asset_name']); $asset_info = sanitize($_POST['asset_info']); $asset_intf = sanitize($_POST['asset_intf']); $asset_hostname = sanitize($_POST['asset_hostname']); $assetclass_id = sanitize($_POST['assetclass_id']); $asset_type = sanitize($_POST['asset_type']); $sql = "UPDATE asset SET asset_name=?, asset_info=?, asset_hostname=?, assetclass_id=?, asset_intf=?, asset_type=? WHERE asset_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$asset_name, $asset_info, $asset_hostname, $assetclass_id, $asset_intf, $asset_type, $asset_id]); header_location("assetview.php?asset_id=" . $asset_id); /* refactored case ("assetclass") : $id = sanitize($_POST['assetclass_id']); $name = sanitize($_POST['assetclass_name']); $description = sanitize($_POST['assetclass_description']); $group_id = sanitize($_POST['assetclassgroup_id']); $sql = "UPDATE assetclass SET assetclass_name=?, assetclass_description=?, assetclassgroup_id=? WHERE assetclass_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$name, $description, $group_id, $id]); header_location("assetclassview.php?assetclass_id=" . $id); break; */ case ("assetclassgroup") : $acg_id = sanitize($_POST['acg_id']); $acg_name = sanitize($_POST['acg_name']); $acg_desc = sanitize($_POST['acg_description']); $acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color']))); $sql = "UPDATE assetclassgroup SET assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=? WHERE assetclassgroup_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$acg_name, $acg_color, $acg_desc, $acg_id]); header_location("assetclassgroupview.php?assetclassgroup_id=" . $acg_id); break; case ("location") : $location_id = sanitize($_POST['location_id']); $location_name = sanitize($_POST['location_name']); $location_info = sanitize($_POST['location_info']); $parentlocation_id = sanitize($_POST['parentlocation_id']); $sql = "UPDATE location SET location_name=?, location_parent=?, location_info=? WHERE location_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$location_name, $parentlocation_id, $location_info, $location_id]); header_location("locationview.php?location_id=" . $location_id); break; case ("node") : $node_id = sanitize($_POST['node_id']); $asset_id = sanitize($_POST['asset_id']); $node_ip = sanitize($_POST['node_ip']); $subnet_id = sanitize($_POST['subnet_id']); $node_mac = strip_mac(sanitize($_POST['node_mac'])); $node_dns1 = sanitize($_POST['node_dns1']); $node_dns2 = sanitize($_POST['node_dns2']); $node_info = sanitize($_POST['node_info']); $zone_id = sanitize($_POST['zone_id']); $sql = "UPDATE node SET asset_id=?, node_ip=?, subnet_id=?, node_mac=?, node_dns1=?, node_dns2=?, node_info=?, zone_id=? WHERE node_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac, $node_dns1, $node_dns2, $node_info, $zone_id, $node_id]); header_location("nodeview.php?node_id=" . $node_id); break; case ("optionsdisplay") : $id = $_SESSION['suser_id']; $language = $_POST['user_language']; $imagesize = sanitize($_POST['user_imagesize']); $imagecount = sanitize($_POST['user_imagecount']); $mac = sanitize($_POST['user_mac']); $dateformat = sanitize($_POST['user_dateformat']); $dns1suffix = sanitize($_POST['user_dns1suffix']); $dns2suffix = sanitize($_POST['user_dns2suffix']); $tooltips = sanitize($_POST['user_tooltips']); $menu_assets = sanitize($_POST['user_menu_assets']); $menu_assetclasses = sanitize($_POST['user_menu_assetclasses']); $menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']); $menu_cables = sanitize($_POST['user_menu_cables']); $menu_locations = sanitize($_POST['user_menu_locations']); $menu_nodes = sanitize($_POST['user_menu_nodes']); $menu_subnets = sanitize($_POST['user_menu_subnets']); $menu_vlans = sanitize($_POST['user_menu_vlans']); $menu_zones = sanitize($_POST['user_menu_zones']); // construct menu set $menu = array(); if ($menu_assets) $menu[] = 'asset'; if ($menu_assetclasses) $menu[] = 'class'; if ($menu_assetclassgroups) $menu[] = 'group'; if ($menu_cables) $menu[] = 'cable'; if ($menu_locations) $menu[] = 'location'; if ($menu_nodes) $menu[] = 'node'; if ($menu_subnets) $menu[] = 'subnet'; if ($menu_vlans) $menu[] = 'vlan'; if ($menu_zones) $menu[] = 'zone'; $sql = "UPDATE user SET user_language=?, user_imagesize=?, user_imagecount=?, user_mac=?, user_dateformat=?, user_dns1suffix=?, user_dns2suffix=?, user_tooltips=?, user_menu=? WHERE user_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$language, $imagesize, $imagecount, $mac, $dateformat, $dns1suffix, $dns2suffix, $tooltips, implode(',', $menu), $id]); $_SESSION['suser_language'] = $language; $_SESSION['suser_imagesize'] = $imagesize; $_SESSION['suser_imagecount'] = $imagecount; $_SESSION['suser_mac'] = $mac; $_SESSION['suser_dateformat'] = $dateformat; $_SESSION['suser_dns1suffix'] = $dns1suffix; $_SESSION['suser_dns2suffix'] = $dns2suffix; $_SESSION['suser_menu_assets'] = $menu_assets; $_SESSION['suser_menu_assetclasses'] = $menu_assetclasses; $_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups; $_SESSION['suser_menu_cables'] = $menu_cables; $_SESSION['suser_menu_locations'] = $menu_locations; $_SESSION['suser_menu_nodes'] = $menu_nodes; $_SESSION['suser_menu_subnets'] = $menu_subnets; $_SESSION['suser_menu_vlans'] = $menu_vlans; $_SESSION['suser_menu_zones'] = $menu_zones; $_SESSION['suser_tooltips'] = $tooltips; header_location("options.php"); break; case ("optionspassword") : $user_id = $_SESSION['suser_id']; $currentpass = sanitize($_POST['user_currentpass']); $newpass1 = sanitize($_POST['user_newpass1']); $newpass2 = sanitize($_POST['user_newpass2']); $sth = $dbh->prepare("SELECT user_pass FROM user WHERE user_id=?"); $sth->execute([$user_id]); $userpass = $sth->fetchColumn();; if (password_verify($currentpass, $userpass)) { if (!strcmp($newpass1, $newpass2)) { $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?"); $newhash = password_hash($newpass1, PASSWORD_BCRYPT); $sth->execute([$newhash, $user_id]); header_location("options.php"); } } // TODO generate errormessages here break; case ("subnet") : $subnet_id = sanitize($_POST['subnet_id']); $subnet_address= sanitize($_POST['subnet_address']); $subnet_proto_vers = sanitize($_POST['subnet_proto_vers']); $subnet_mask = sanitize($_POST['subnet_mask']); $subnet_dhcpstart = sanitize($_POST['subnet_dhcpstart']); $subnet_dhcpend = sanitize($_POST['subnet_dhcpend']); $subnet_ntp_server = sanitize($_POST['subnet_ntp_server']); $subnet_info = sanitize($_POST['subnet_info']); $sql = "UPDATE subnet SET subnet_address=?, subnet_mask=?, subnet_dhcp_start=?, subnet_dhcp_end=?, subnet_info=?, protocol_version=?, ntp_server=? WHERE subnet_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$subnet_address, $subnet_mask, $subnet_dhcpstart, $subnet_dhcpend, $subnet_info, $subnet_proto_vers, $subnet_ntp_server, $subnet_id]); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : $user_id = sanitize($_POST['user_id']); $user_name = sanitize($_POST['user_name']); $user_displayname = sanitize($_POST['user_displayname']); $user_realm = sanitize($_POST['user_realm']); // roles $role_add = sanitize($_POST['role_add']); $role_edit = sanitize($_POST['role_edit']); $role_delete = sanitize($_POST['role_delete']); $role_manage = sanitize($_POST['role_manage']); $role_admin = sanitize($_POST['role_admin']); // construct menu set $role = array(); if ($role_add) $role[] = 'add'; if ($role_edit) $role[] = 'edit'; if ($role_delete) $role[] = 'delete'; if ($role_manage) $role[] = 'manage'; if ($role_admin) $role[] = 'admin'; $sql = "UPDATE user SET user_name=?, user_displayname=?, user_realm=?, user_role=? WHERE user_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$user_name ,$user_displayname, $user_realm, implode(',', $role), $user_id]); header_location("userview.php?user_id=" . $user_id); break; case ("vlan") : $vlan_id = sanitize($_POST['vlan_id']); $vlan_name = sanitize($_POST['vlan_name']); $vlan_number = sanitize($_POST['vlan_number']); $vlan_info = sanitize($_POST['vlan_info']); $vlan_color = sanitize($_POST['vlan_color']); $sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_color=?, vlan_info=? WHERE vlan_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info, $vlan_id]); header_location("vlanview.php?vlan_id=" . $vlan_id); break; case ("zone") : $id = sanitize($_POST['zone_id']); $origin = sanitize($_POST['zone_origin']); $ttl_default = sanitize($_POST['zone_ttl_default']); $soa = sanitize($_POST['zone_soa']); $hostmaster = sanitize($_POST['zone_hostmaster']); $refresh = sanitize($_POST['zone_refresh']); $retry = sanitize($_POST['zone_retry']); $expire = sanitize($_POST['zone_expire']); $ttl = sanitize($_POST['zone_ttl']); $serial = sanitize($_POST['zone_serial']); $ns1 = sanitize($_POST['zone_ns1']); $ns2 = sanitize($_POST['zone_ns2']); $ns3 = sanitize($_POST['zone_ns3']); $mx1 = sanitize($_POST['zone_mx1']); $mx2 = sanitize($_POST['zone_mx2']); $info = sanitize($_POST['zone_info']); $sql = "UPDATE zone SET zone_origin=?, zone_ttl_default=?, zone_soa=?, zone_hostmaster=?, zone_refresh=?, zone_retry=?, zone_expire=?, zone_ttl=?, zone_serial=?, zone_ns1=?, zone_ns2=?, zone_ns3=?, zone_mx1=?, zone_mx2=?, zone_info=? WHERE zone_id=?"; $sth = $dbh->prepare($sql); $sth->execute([$origin, $ttl_default, $soa, $hostmaster, $refresh, $retry, $expire, $ttl, $serial, $ns1, $ns2, $ns3, $mx1, $mx2, $info, $id]); header_location("zoneview.php?zone_id=" . $zone_id); break; } } // still not redirected, check for error if(empty($comments)) { $comments = "error"; } header_location("comments.php?comments=" . $comments); ?>