From 13321a2a593f5c7b7b12b25a8000a97eea9d9030 Mon Sep 17 00:00:00 2001 From: jakani24 Date: Thu, 20 Jun 2024 16:16:00 +0200 Subject: [PATCH] Update manage_incident.php --- .../system/secure_zone/php/manage_incident.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/server/cyberhex-code/system/secure_zone/php/manage_incident.php b/src/server/cyberhex-code/system/secure_zone/php/manage_incident.php index d740751..4c78cdc 100644 --- a/src/server/cyberhex-code/system/secure_zone/php/manage_incident.php +++ b/src/server/cyberhex-code/system/secure_zone/php/manage_incident.php @@ -30,9 +30,11 @@ include "../../../api/php/log/add_server_entry.php"; //to log things if(isset($_GET["add_todolist"])){ $name=htmlspecialchars($_POST["name"]); - $sql="INSERT INTO todo_lists (name) VALUES(?)"; - $stmt->bind_param("s", $name); + $incident_id=htmlspecialchars($_GET"incident_id"]); + $sql="INSERT INTO todo_lists (name,belongs_to_incident) VALUES(?,?)"; + $stmt->bind_param("si", $name,$incident_id); $name=htmlspecialchars($_POST["name"]); + $incident_id=htmlspecialchars($_GET["incident_id"]); $stmt->execute(); $stmt->close(); } @@ -91,7 +93,9 @@ if(isset($_GET["add_todolist"])){ //list todos -> list each entry of each todo - $sql_lists = "SELECT id, name FROM todo_lists"; + $sql_lists = "SELECT id, name FROM todo_lists WHERE belongs_to_incident = ?"; + $incident_id=htmlspecialchars($_GET["incident_id"]); + $stmt->bind_param("i", $incident_id); $result_lists = $conn->query($sql_lists); if ($result_lists->num_rows > 0) { @@ -133,7 +137,7 @@ if(isset($_GET["add_todolist"])){
-
+ " method="post">