0) { list ($news) = $news; $html .= '« Back'; $html .= "
"; $html .= ""; } else return error("No News found.", true); break; case 'save' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing News ID.", true); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); if (count($news) > 0) { list ($news) = $news; sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); engelsystem_log("News updated: " . $_POST["eBetreff"]); redirect(page_link_to("news")); } else return error("No News found.", true); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing News ID.", true); $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); if (count($news) > 0) { list ($news) = $news; sql_query("DELETE FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); engelsystem_log("News deleted: " . $news['Betreff']); redirect(page_link_to("news")); } else return error("No News found.", true); break; } } return $html; } ?>