Sorry, I snipped the code to the form end. Here is the rest of the file:
<p>
<!-- <p>Date format is 'YYYY-MM-DD HH:MM' with the HH:MM being optional</p>A -->
<?
} // end of if !isset(POST)
else { // update DB and post results
if (isset($_POST['id'])) {
$id= str_replace("\"", "'", FormatInput($_POST['id'])) ;
}
if (isset($_POST['side'])) {
$side= str_replace("\"", "'", FormatInput($_POST['side'])) ;
if ( strcmp($side, "side_1")== 0 || strcmp($side, "side_2") == 0 || strcmp($side, "side_3") == 0 ) {
$side_str = " and ahevents_scenarios.members.side = '" . $side . "'" ;
}
elseif ( strcmp($side,"all") == 0 ) {
$side_str = "" ;
}
else { die("Error: invalid input") ; }
$sqlstr = sprintf(" select ahevents_joom1.jos_comprofiler.cb_gameid,
ahevents_joom1.jos_comprofiler.cb_bbsid,
ahevents_joom1.jos_comprofiler.cb_ahmasquad,
ahevents_joom1.jos_comprofiler.cb_ahseasquad,
ahevents_joom1.jos_users.name,
ahevents_joom1.jos_users.email,
ahevents_scenarios.members.side,
ahevents_scenarios.members.info
from ahevents_joom1.jos_comprofiler, ahevents_joom1.jos_users, ahevents_scenarios.members
where ahevents_joom1.jos_users.id = ahevents_joom1.jos_comprofiler.user_id and
ahevents_joom1.jos_users.id = ahevents_scenarios.members.jid and
ahevents_scenarios.members.scenario_id = '%s'
%s", $id, $side_str);
if (isset($_POST['sqland'])) {
$sqland = str_replace("\"", "'", FormatInput($_POST['sqland'])) ;
if (strcmp($sqland, "na") == 0 ) {
unset($sqland) ;
}
}
if (isset($_POST['regdate'])) {
$regdate = str_replace("\"", "'", FormatInput($_POST['regdate'])) ;
if (isset($sqland)) {
$sqlstr .= " and ( registration.reg_date >= '" . $regdate . "' " ;
}
else {
# do nothing
}
}
if (isset($_POST['moddate'])) {
$moddate = str_replace("\"", "'", FormatInput($_POST['moddate'])) ;
if (isset($sqland)) {
$sqlstr .= " " . $sqland . " registration.update_date >= '" . $moddate . "') " ;
}
else {
# do nothing
}
}
$result = mysql_query($sqlstr) or die("Error: ".mysql_error()."<br>Query: $sqlstr");
$output = "\015\012";
$output .= "side,name,email,gameid,bbsid,ma_squad,sea_squad,info\015\012";
while ( $row = mysql_fetch_array($result)) {
$output .= '"'.$row['side'].'",' ;
$output .= '"'.$row['name'].'",' ;
$output .= '"'.$row['email'].'",' ;
$output .= '"'.$row['cb_gameid'].'",' ;
$output .= '"'.$row['cb_bbsid'].'",' ;
$output .= '"'.$row['cb_ahmasquad'].'",' ;
$output .= '"'.$row['cb_ahseasquad'].'",' ;
$output .= '"'.$row['info'].'",' ;
$output .= "\015\012";
}
header("Content-type: application/vnd.ms-excel");
header("Content-disposition: attachment; filename=" . $side . "_" . date("Y-m-d") . ".csv");
print $output ;
exit ;
print "here<br>\n" ;
}
}
}
?>