well that was silly; fix add and remove

db.go

@@ -68,3 +68,11 @@ func getpid(id string) int {
 	}
 	return pid
 }
+
+func execute(sql string) os.Error {
+	err := db.Query(sql)
+	if err != nil {
+		log.Println(err)
+	}
+	return err
+}

main.go

@@ -62,12 +62,30 @@ func add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	sql := "INSERT INTO `song` (`pid`,`yid`,`title`,`user`) VALUES(%d,'%s','%s','%s')"
+	err := db.Start()
+	if err != nil {
+		http.Error(w, err.String(), http.StatusInternalServerError)
+		return
+	}
+	maxOrder, err := queryInt("SELECT MAX(`order`) FROM `song` WHERE pid = ?", pid)
+	if err != nil {
+		db.Rollback()
+		http.Error(w, err.String(), http.StatusInternalServerError)
+		return
+	}
+	sql := "INSERT INTO `song` (`pid`,`yid`,`title`,`user`,`order`) VALUES(%d,'%s','%s','%s','%d')"
 	sql = fmt.Sprintf(sql, pid,
 			db.Escape(q.Get("yid")),
 			db.Escape(q.Get("title")),
-			db.Escape(q.Get("user")))
-	err := db.Query(sql)
+			db.Escape(q.Get("user")),
+			maxOrder + 1)
+	err = execute(sql)
+	if err != nil {
+		db.Rollback()
+		http.Error(w, err.String(), http.StatusInternalServerError)
+		return
+	}
+	err = db.Commit()
 	if err != nil {
 		http.Error(w, err.String(), http.StatusInternalServerError)
 		return
@@ -86,9 +104,39 @@ func remove(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	err := db.Start()
+	if err != nil {
+		http.Error(w, err.String(), http.StatusInternalServerError)
+		return
+	}
+
+	order, err := queryInt("SELECT `order` FROM `song` WHERE `yid` = ? AND `pid` = ?",
+		q.Get("yid"), pid)
+	if err != nil {
+		db.Rollback()
+		http.Error(w, err.String(), http.StatusInternalServerError)
+		return
+	}
+
 	sql := "DELETE FROM `song` WHERE `pid` = %d AND yid = '%s'"
-	sql = fmt.Sprintf(sql, pid, q.Get("yid"))
-	err := db.Query(sql)
+	sql = fmt.Sprintf(sql, pid, db.Escape(q.Get("yid")))
+	err = execute(sql)
+	if err != nil {
+		db.Rollback()
+		http.Error(w, err.String(), http.StatusInternalServerError)
+		return
+	}
+
+	sql = "UPDATE `song` SET `order` = `order`-1 WHERE `order` > %d AND `pid` = %d"
+	sql = fmt.Sprintf(sql, order, pid)
+	err = execute(sql)
+	if err != nil {
+		db.Rollback()
+		http.Error(w, err.String(), http.StatusInternalServerError)
+		return
+	}
+
+	err = db.Commit()
 	if err != nil {
 		http.Error(w, err.String(), http.StatusInternalServerError)
 		return
@@ -121,6 +169,7 @@ func move(w http.ResponseWriter, r *http.Request) {
 	order, err := queryInt("SELECT `order` FROM `song` WHERE `yid` = ? AND `pid` = ?",
 		q.Get("yid"), pid)
 	if err != nil {
+		db.Rollback()
 		http.Error(w, err.String(), http.StatusInternalServerError)
 		return
 	}
@@ -130,14 +179,16 @@ func move(w http.ResponseWriter, r *http.Request) {
 	} else if direction == moveDownAction {
 		newOrder++
 	} else {
+		db.Rollback()
 		http.Error(w, "invalid direction or cannot move up", http.StatusBadRequest)
 		return
 	}
 
 	sql := "UPDATE `song` SET `order` = %d WHERE `order` = %d AND pid = %d"
 	sql = fmt.Sprintf(sql, order, newOrder, pid)
-	err = db.Query(sql)
+	err = execute(sql)
 	if err != nil {
+		db.Rollback()
 		http.Error(w, err.String(), http.StatusInternalServerError)
 		return
 	} else if db.AffectedRows != 1 {