. For more information, visit http://sourceforge.net/projects/ipreg, or contact me at wietsew@users.sourceforge.net *****************************************************************************/ // includes include("includes.php"); // check for submit if ($_SERVER['REQUEST_METHOD']=="POST") { // what to do? if (isset($_POST['redirect'])) { switch ($_POST['redirect']) { case ("assigniptonode") : // get variables $node_ip = sanitize($_POST['node_ip']); $subnet_id = sanitize($_POST['subnet_id']); switch ($_POST['action']) { case ("assignnodetoasset") : // redirect header_location("assignnodetoasset.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip); break; case ("nodeadd") : // redirect header_location("nodeadd.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip); break; } break; case ("locationsubnet") : // get variables $location_id = sanitize($_POST['location_id']); switch ($_POST['action']) { case ("locationsubnetadd") : // redirect header_location("locationsubnetadd.php?location_id=" . $location_id); break; case ("locationsubnetdel") : // redirect header_location("locationsubnetdel.php?location_id=" . $location_id); break; } break; case ("nat") : // get variables $node_id = sanitize($_POST['node_id']); switch ($_POST['action']) { case ("natadd") : // redirect header_location("natadd.php?node_id=" . $node_id); break; case ("natdel") : // redirect header_location("natdel.php?node_id=" . $node_id); break; } break; case ("subnetlocation") : // get variables $subnet_id = sanitize($_POST['subnet_id']); switch ($_POST['action']) { case ("subnetlocationadd") : // redirect header_location("subnetlocationadd.php?subnet_id=" . $subnet_id); break; case ("subnetlocationdel") : // redirect header_location("subnetlocationdel.php?subnet_id=" . $subnet_id); break; } break; case ("subnetvlan") : // get variables $subnet_id = sanitize($_POST['subnet_id']); switch ($_POST['action']) { case ("subnetvlanadd") : // redirect header_location("subnetvlanadd.php?subnet_id=" . $subnet_id); break; case ("subnetvlandel") : // redirect header_location("subnetvlandel.php?subnet_id=" . $subnet_id); break; } break; case ("vlansubnet") : // get variables $vlan_id = sanitize($_POST['vlan_id']); switch ($_POST['action']) { case ("vlansubnetadd") : // redirect header_location("vlansubnetadd.php?vlan_id=" . $vlan_id); break; case ("vlansubnetdel") : // redirect header_location("vlansubnetdel.php?vlan_id=" . $vlan_id); break; } break; } } if (isset($_POST['add'])) { switch ($_POST['add']) { case ("asset") : // get variables $asset_name = sanitize($_POST['asset_name']); $asset_hostname = sanitize($_POST['asset_hostname']); $assetclass_id = sanitize($_POST['assetclass_id']); $asset_info = sanitize($_POST['asset_info']); // build query $query = "INSERT INTO asset( asset.asset_name, asset.asset_hostname, asset.assetclass_id, asset.asset_info ) VALUE ( '$asset_name', '$asset_hostname', '$assetclass_id', '$asset_info' )"; // run query $asset_id = $db->db_insert($query); // redirect header_location("assetview.php?asset_id=" . $asset_id); break; case ("assetclass") : // get variables $assetclass_name = sanitize($_POST['assetclass_name']); $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); // build query $query = "INSERT INTO assetclass( assetclass.assetclass_name, assetclass.assetclassgroup_id ) VALUE ( '$assetclass_name', '$assetclassgroup_id' )"; // run query $assetclass_id = $db->db_insert($query); // redirect header_location("assetclassview.php?assetclass_id=" . $assetclass_id); break; case ("assetclassgroup") : // get variables $assetclassgroup_name = sanitize($_POST['assetclassgroup_name']); $assetclassgroup_color = preg_replace("|[^A-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color']))); // build query $query = "INSERT INTO assetclassgroup( assetclassgroup.assetclassgroup_name, assetclassgroupassetclassgroup_color ) VALUE ( '$assetclassgroup_name', '$assetclassgroup_color' )"; // run query $assetclassgroup_id = $db->db_insert($query); // redirect header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id); break; case ("assignnodetoasset") : // get variables $node_ip = sanitize($_POST['node_ip']); $subnet_id = sanitize($_POST['subnet_id']); $asset_id = sanitize($_POST['asset_id']); $node_mac = strip_mac(sanitize($_POST['node_mac'])); if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1'])); if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2'])); $node_info = $_POST['node_info']; // build query $query = "INSERT INTO node( node.node_ip, node.node_mac, node.node_dns1, node.node_dns2, node.subnet_id, node.asset_id, node.node_info ) VALUE ( '$node_ip', '$node_mac', '$node_dns1', '$node_dns2', '$subnet_id', '$asset_id', '$node_info' )"; // run query $node_id = $db->db_insert($query); // redirect header_location("nodeview.php?node_id=" . $node_id); break; case ("assignlocationtosubnet") : // get variables $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); // build query $query = "INSERT INTO subnetlocation( subnetlocation.location_id, subnetlocation.subnet_id ) VALUE ( '$location_id', '$subnet_id' )"; // run query $db->db_insert($query); // redirect header_location("Location: location.php"); break; case ("assignsubnettovlan") : // get variables $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); // build query $query = "UPDATE subnet SET subnet.vlan_id='$vlan_id' WHERE subnet.subnet_id='$subnet_id'"; // run query $db->db_update($query); // redirect header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("location") : // get variables $location_name = sanitize($_POST['location_name']); $location_parent = sanitize($_POST['location_parent']); $location_info = sanitize($_POST['location_info']); // build query $query = "INSERT INTO location( location.location_name, location.location_parent, location.location_info ) VALUE ( '$location_name', '$location_parent', '$location_info' )"; // run query $location_id = $db->db_update($query); // redirect header_location("locationview.php?location_id=" . $location_id); break; case ("locationsubnet") : // get variables $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); // build query $query = "INSERT INTO subnetlocation( subnetlocation.location_id, subnetlocation.subnet_id ) VALUE ( '$location_id', '$subnet_id' )"; // run query $location_id = $db->db_insert($query); // redirect header_location("locationview.php?location_id=" . $location_id); break; case ("nat") : // get variables $node_id_ext = sanitize($_POST['node_id_ext']); $node_id_int = sanitize($_POST['node_id_int']); $nat_type = sanitize($_POST['nat_type']); // build query $query = "INSERT INTO nat( nat.nat_ext, nat.nat_int, nat.nat_type ) VALUE ( '$node_id_ext', '$node_id_int', '$nat_type' )"; // run query $db->db_insert($query); // redirect header_location("nodeview.php?node_id=" . $node_id_ext); break; case ("node") : // get variables $asset_name = sanitize($_POST['asset_name']); $asset_hostname = sanitize($_POST['asset_hostname']); $assetclass_id = sanitize($_POST['assetclass_id']); $ip = sanitize($_POST['node_ip']); $mac = strip_mac(sanitize($_POST['node_mac'])); if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1'])); if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2'])); $node_info = sanitize($_POST['node_info']); $subnet_id = $_POST['subnet_id']; // build query $query = "INSERT INTO asset( asset.asset_name, asset.asset_hostname, asset.assetclass_id ) VALUE ( '$asset_name', '$asset_hostname', '$assetclass_id' )"; // run query $asset_id = $db->db_insert($query); // build query $query = "INSERT INTO node( node.node_ip, node.node_mac, node.node_dns1, node.node_dns2, node.node_info, node.subnet_id, node.asset_id ) VALUE ( '$ip', '$mac', '$dns1', '$dns2', '$node_info', '$subnet_id', '$asset_id' )"; // run query $node_id = $db->db_insert($query); // redirect header_location("nodeview.php?node_id=" . $node_id); break; case ("subnet") : // get variables $subnet_address= sanitize($_POST['subnet_address']); $subnet_mask = sanitize($_POST['subnet_mask']); $subnet_info = sanitize($_POST['subnet_info']); // build query $query = "INSERT INTO subnet( subnet.subnet_address, subnet.subnet_mask, subnet.subnet_info ) VALUE ( '$subnet_address', '$subnet_mask', '$subnet_info' )"; // run query $subnet_id = $db->db_insert($query); // redirect header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("subnetlocation") : // get variables $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); // build query $query = "INSERT INTO subnetlocation( subnetlocation.location_id, subnetlocation.subnet_id ) VALUE ( '$location_id', '$subnet_id' )"; // run query $db->db_insert($query); // redirect header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("subnetvlan") : // get variables $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); // build query $query = "INSERT INTO subnetvlan( subnetvlan.subnet_id, subnetvlan.vlan_id ) VALUE ( '$subnet_id', '$vlan_id' )"; // run query $db->db_insert($query); // redirect header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : // get variables $user_name = strtolower(sanitize($_POST['user_name'])); $user_displayname = sanitize($_POST['user_displayname']); $user_password = md5(sanitize($_POST['user_password'])); // build query $query = "SELECT user.user_name FROM user WHERE user.user_name='$user_name'"; // run query $users = $db->db_select($query); // count results $user_counter = count($users); // user exists? if ($user_counter==0) { // build query $query = "INSERT INTO user( user.user_name, user.user_displayname, user.user_pass ) VALUE ( '$user_name', '$user_displayname', '$user_password' )"; // run query $user_id = $db->db_insert($query); // redirect header_location("userview.php?user_id=" . $user_id); } // display error $comments = "usernameinuse"; break; case ("vlan") : // get variables $vlan_name = sanitize($_POST['vlan_name']); $vlan_number = sanitize($_POST['vlan_number']); $vlan_info = sanitize($_POST['vlan_info']); // build query $query = "INSERT INTO vlan( vlan.vlan_name, vlan.vlan_number, vlan.vlan_info ) VALUE ( '$vlan_name', '$vlan_number', '$vlan_info' )"; // run query $vlan_id = $db->db_insert($query); // redirect header_location("vlanview.php?vlan_id=" . $vlan_id); break; case ("vlansubnet") : // get variables $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); // build query $query = "INSERT INTO subnetvlan( subnetvlan.subnet_id, subnetvlan.vlan_id ) VALUE ( '$subnet_id', '$vlan_id' )"; // run query $db->db_insert($query); // redirect header_location("vlanview.php?vlan_id=" . $vlan_id); break; } } if (isset($_POST['del'])) { switch ($_POST['del']) { case ("asset") : // get variables $asset_id = sanitize($_POST['asset_id']); // delete asset // build query $query = "DELETE FROM asset WHERE asset.asset_id=" . $asset_id; // run query $db->db_delete($query); // delete nodes $query = "DELETE FROM node WHERE node.asset_id=" . $asset_id; // run query $db->db_delete($query); // redirect header_location("asset.php"); break; case ("assetclass") : // get variables $assetclass_id = sanitize($_POST['assetclass_id']); // build query $query = "DELETE FROM assetclass WHERE assetclass.assetclass_id=" . $assetclass_id; // run query $db->db_delete($query); // redirect header_location("assetclass.php"); break; case ("assetclassgroup") : // get variables $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); // build query $query = "DELETE FROM assetclassgroup WHERE assetclassgroup.assetclassgroup_id=" . $assetclassgroup_id; // run query $db->db_delete($query); // redirect header_location("assetclassgroup.php"); break; case ("location") : // get variables $location_id = sanitize($_POST['location_id']); // build query $query = "DELETE FROM location WHERE location.location_id=" . $location_id; // run query $db->db_delete($query); // redirect header_location("location.php"); break; case ("locationsubnet") : // get variables $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); // build query $query = "DELETE FROM subnetlocation WHERE subnetlocation.location_id=" . $location_id . " AND subnetlocation.subnet_id=" . $subnet_id; // run query $db->db_delete($query); // redirect header_location("locationview.php?location_id=" . $location_id); break; case ("nat") : // get variables $node_id_ext = sanitize($_POST['node_id_ext']); $node_id_int = sanitize($_POST['node_id_int']); // build query $query = "DELETE FROM nat WHERE nat.nat_ext=" . $node_id_ext . " AND nat.nat_int=" . $node_id_int; // run query $db->db_delete($query); // redirect header_location("nodeview.php?node_id=" . $node_id_ext); break; case ("node") : // get variables $node_id = sanitize($_POST['node_id']); $asset_id = sanitize($_POST['asset_id']); // build query $query = "DELETE FROM node WHERE node.node_id=" . $node_id; // run query $db->db_delete($query); // redirect header_location("assetview.php?asset_id=" . $asset_id); break; case ("subnet") : // get variables $subnet_id = sanitize($_POST['subnet_id']); // delete subnet // build query $query = "DELETE FROM subnet WHERE subnet.subnet_id=" . $subnet_id; // run query $db->db_delete($query); // delete nodes // build query $query = "DELETE FROM node WHERE subnet_id=" . $subnet_id; // run query $db->db_delete($query); // redirect header_location("subnet.php"); break; case ("subnetlocation") : // get variables $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); // build query $query = "DELETE FROM subnetlocation WHERE subnetlocation.location_id=" . $location_id . " AND subnetlocation.subnet_id=" . $subnet_id; // run query $db->db_delete($query); // redirect header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("subnetvlan") : // get variables $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); // build query $query = "DELETE FROM subnetvlan WHERE subnetvlan.subnet_id=" . $subnet_id . " AND subnetvlan.vlan_id=" . $vlan_id; // run query $db->db_delete($query); // redirect header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : // get variables $user_id = sanitize($_POST['user_id']); // build query $query = "DELETE FROM user WHERE user.user_id=" . $user_id; // run query $db->db_delete($query); // redirect header_location("user.php"); break; case ("vlan") : // get variables $vlan_id = sanitize($_POST['vlan_id']); // build query $query = "DELETE FROM vlan WHERE vlan.vlan_id=" . $vlan_id; // run query $db->db_delete($query); // redirect header_location("vlan.php"); break; case ("vlansubnet") : // get variables $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); // build query $query = "DELETE FROM subnetvlan WHERE subnetvlan.subnet_id=" . $subnet_id . " AND subnetvlan.vlan_id=" . $vlan_id; // run query $db->db_delete($query); // redirect header_location("vlanview.php?vlan_id=" . $vlan_id); break; } } if (isset($_POST['edit'])) { switch ($_POST['edit']) { case ("asset") : // get variables $asset_id = sanitize($_POST['asset_id']); $asset_name = sanitize($_POST['asset_name']); $asset_info = sanitize($_POST['asset_info']); $asset_hostname = sanitize($_POST['asset_hostname']); $assetclass_id = sanitize($_POST['assetclass_id']); // build query $query = "UPDATE asset SET asset.asset_name='$asset_name', asset.asset_info='$asset_info', asset.asset_hostname='$asset_hostname', asset.assetclass_id='$assetclass_id' WHERE asset.asset_id=" . $asset_id; // run query $db->db_update($query); // redirect header_location("assetview.php?asset_id=" . $asset_id); case ("assetclass") : // get variables $assetclass_id = sanitize($_POST['assetclass_id']); $assetclass_name = sanitize($_POST['assetclass_name']); $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); // build query $query = "UPDATE assetclass SET assetclass.assetclass_name='$assetclass_name', assetclass.assetclassgroup_id='$assetclassgroup_id' WHERE assetclass.assetclass_id=" . $assetclass_id; // run query $db->db_update($query); // redirect header_location("assetclassview.php?assetclass_id=" . $assetclass_id); break; case ("assetclassgroup") : // get variables $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); $assetclassgroup_name = sanitize($_POST['assetclassgroup_name']); $assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color']))); // update db $query = "UPDATE assetclassgroup SET assetclassgroup.assetclassgroup_name='$assetclassgroup_name', assetclassgroup.assetclassgroup_color='$assetclassgroup_color' WHERE assetclassgroup.assetclassgroup_id=" . $assetclassgroup_id; // run query $db->db_update($query); // redirect header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id); break; case ("location") : // get variables $location_id = sanitize($_POST['location_id']); $location_name = sanitize($_POST['location_name']); $location_info = sanitize($_POST['location_info']); $parentlocation_id = sanitize($_POST['parentlocation_id']); // update db $query = "UPDATE location SET location.location_name='$location_name', location.location_parent='$parentlocation_id', location.location_info='$location_info' WHERE location.location_id=" . $location_id; // run query $db->db_update($query); // redirect header_location("locationview.php?location_id=" . $location_id); break; case ("node") : // get variables $node_id = sanitize($_POST['node_id']); $asset_id = sanitize($_POST['asset_id']); $node_ip = sanitize($_POST['node_ip']); $subnet_id = sanitize($_POST['subnet_id']); $node_mac = strip_mac(sanitize($_POST['node_mac'])); $node_dns1 = sanitize($_POST['node_dns1']); $node_dns2 = sanitize($_POST['node_dns2']); $node_info = sanitize($_POST['node_info']); // update db $query = "UPDATE node SET node.asset_id='$asset_id', node.node_ip='$node_ip', node.subnet_id='$subnet_id', node.node_mac='$node_mac', node.node_dns1='$node_dns1', node.node_dns2='$node_dns2', node.node_info='$node_info' WHERE node.node_id=" . $node_id; // run query $db->db_update($query); // redirect header_location("nodeview.php?node_id=" . $node_id); break; case ("optionsdisplay") : // get variables $user_id = $_SESSION['suser_id']; $user_imagesize = sanitize($_POST['user_imagesize']); $user_imagecount = sanitize($_POST['user_imagecount']); $user_mac = sanitize($_POST['user_mac']); $user_dateformat = sanitize($_POST['user_dateformat']); $user_dns1suffix = sanitize($_POST['user_dns1suffix']); $user_dns2suffix = sanitize($_POST['user_dns2suffix']); $user_menu_assets = sanitize($_POST['user_menu_assets']); $user_menu_assetclasses = sanitize($_POST['user_menu_assetclasses']); $user_menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']); $user_menu_locations = sanitize($_POST['user_menu_locations']); $user_menu_nodes = sanitize($_POST['user_menu_nodes']); $user_menu_subnets = sanitize($_POST['user_menu_subnets']); $user_menu_users = sanitize($_POST['user_menu_users']); $user_menu_vlans = sanitize($_POST['user_menu_vlans']); // update db $query = "UPDATE user SET user.user_imagesize='" . $user_imagesize . "', user.user_imagecount='" . $user_imagecount . "', user.user_mac='" . $user_mac . "', user.user_dateformat='" . $user_dateformat . "', user.user_dns1suffix='" . $user_dns1suffix . "', user.user_dns2suffix='" . $user_dns2suffix . "', user.user_menu_assets='" . $user_menu_assets . "', user.user_menu_assetclasses='" . $user_menu_assetclasses . "', user.user_menu_assetclassgroups='" . $user_menu_assetclassgroups . "', user.user_menu_locations='" . $user_menu_locations . "', user.user_menu_nodes='" . $user_menu_nodes . "', user.user_menu_subnets='" . $user_menu_subnets . "', user.user_menu_users='" . $user_menu_users . "', user.user_menu_vlans='" . $user_menu_vlans . "' WHERE user.user_id=" . $user_id; // update session $_SESSION['suser_imagesize'] = $user_imagesize; $_SESSION['suser_imagecount'] = $user_imagecount; $_SESSION['suser_mac'] = $user_mac; $_SESSION['suser_dateformat'] = $user_dateformat; $_SESSION['suser_dns1suffix'] = $user_dns1suffix; $_SESSION['suser_dns2suffix'] = $user_dns2suffix; $_SESSION['suser_menu_assets'] = $user_menu_assets; $_SESSION['suser_menu_assetclasses'] = $user_menu_assetclasses; $_SESSION['suser_menu_assetclassgroups'] = $user_menu_assetclassgroups; $_SESSION['suser_menu_locations'] = $user_menu_locations; $_SESSION['suser_menu_nodes'] = $user_menu_nodes; $_SESSION['suser_menu_subnets'] = $user_menu_subnets; $_SESSION['suser_menu_users'] = $user_menu_users; $_SESSION['suser_menu_vlans'] = $user_menu_vlans; // run query $db->db_update($query); // redirect header_location("options.php"); break; case ("optionspassword") : // get variables $user_id = $_SESSION['suser_id']; $user_currentpass = sanitize($_POST['user_currentpass']); $user_newpass1 = sanitize($_POST['user_newpass1']); $user_newpass2 = sanitize($_POST['user_newpass2']); // get current pass from db $query = "SELECT user.user_pass FROM user WHERE user.user_id='" . $user_id . "'"; // run query $user = $db->db_select($query); // check current pass if(!strcmp(md5($user_currentpass), $user[0]['user_pass'])) { if(!strcmp($user_newpass1, $user_newpass2)) { // update db $query = "UPDATE user SET user.user_pass='" . md5($user_newpass1) . "' WHERE user.user_id=" . $user_id; // run query $db->db_update($query); // redirect header_location("options.php"); } } break; case ("subnet") : // get variables $subnet_id = sanitize($_POST['subnet_id']); $subnet_address= sanitize($_POST['subnet_address']); $subnet_mask = sanitize($_POST['subnet_mask']); $subnet_info = sanitize($_POST['subnet_info']); // update db $query = "UPDATE subnet SET subnet.subnet_address='$subnet_address', subnet.subnet_mask='$subnet_mask', subnet.subnet_info='$subnet_info' WHERE subnet.subnet_id=" . $subnet_id; // run query $db->db_update($query); // redirect header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : // get variables $user_id = sanitize($_POST['user_id']); $user_name = sanitize($_POST['user_name']); $user_displayname = sanitize($_POST['user_displayname']); // update db $query = "UPDATE user SET user.user_name='" . $user_name . "', user.user_displayname='" . $user_displayname . "' WHERE user.user_id=" . $user_id; // run query $db->db_update($query); // redirect header_location("userview.php?user_id=" . $user_id); break; case ("vlan") : // get variables $vlan_id = sanitize($_POST['vlan_id']); $vlan_name = sanitize($_POST['vlan_name']); $vlan_number = sanitize($_POST['vlan_number']); $vlan_info = sanitize($_POST['vlan_info']); // update db $query = "UPDATE vlan SET vlan.vlan_name='$vlan_name', vlan.vlan_number='$vlan_number', vlan.vlan_info='$vlan_info' WHERE vlan.vlan_id=" . $vlan_id; // run query $db->db_update($query); // redirect header_location("vlanview.php?vlan_id=" . $vlan_id); break; } } } // still not redirected, check for error if(empty($comments)) { $comments = "error"; } // redirect header_location("comments.php?comments=" . $comments); ?>