$title = PHP_slashes(htmlspecialchars(strip_tags($_POST['title']))); $chpu = PHP_slashes(htmlspecialchars(strip_tags($_POST['chpu']))); if ($chpu == '') { $chpu = generate_chpu($title); } $cat = intval($_POST['cat']); $comments = intval($_POST['comments']); $text = PHP_slashes(markhtml($_POST['textarea1'])); $date = time(); $show_date = intval($_POST['show_date']); $original_url = htmlspecialchars(strip_tags($_POST['original_url'])); $tags = $tags_ru = htmlspecialchars(strip_tags($_POST['tags'])); $tags = explode(',', $tags); $tags_en = ''; foreach ($tags as $tag) { $t_en = generate_chpu($tag); if (empty($tags_en)) { $tags_en = $t_en; } else { $tags_en = $tags_en . ', ' . $t_en; } $DB->show_err = FALSE; $sql = "\tINSERT INTO `#__tags` (`name_rus`, `name_eng`, `count`) \r\n\t\t\t\t\tVALUES ('" . strtolower($tag) . "', '" . $t_en . "','0')"; $DB->execute($sql); $sql = "\tUPDATE `#__tags` SET `count`=`count`+1\r\n\t\t\t\t\tWHERE `name_rus`='" . strtolower($tag) . "'"; $DB->execute($sql); } if ($_FILES["photo"]["size"] > 0) { $imgpath = save_image_on_server($_FILES["photo"], 'img/uploads/news/prev/', $registry['img']); if (!empty($imgpath[1])) { $path = $imgpath[1];
<?php defined('_JEXEC') or die('Restricted access'); if ($user->get_property('userID') == 1 or $user->get_property('gid') >= 22) { if (!empty($_GET['delete'])) { $sql = "DELETE FROM `category` WHERE `category`.`id` = " . intval($_GET['delete']) . " LIMIT 1"; $DB->execute($sql); header('Location: ?component=category'); } $name = htmlspecialchars(strip_tags($_POST['name'])); $podcat = intval($_POST['podcat']); $chpu = htmlspecialchars(strip_tags($_POST['chpu'])); if ($chpu == '') { $chpu = generate_chpu($name); } if ($_POST['edit'] == 1) { if ($err == 0) { $sql = "UPDATE `category` SET `name` = '" . $name . "',`podcat` = '" . $podcat . "', `cat_chpu` = '" . $chpu . "' WHERE `id`='" . intval($_POST['idd']) . "' LIMIT 1; "; $DB->execute($sql); $message = 'Запись успешно обновлена'; } } if ($_POST['add'] == 1) { $sql = "INSERT INTO `category` (`id`,`podcat`,`name`,`cat_chpu`) VALUES ('', '{$podcat}', '{$name}', '{$chpu}');"; $DB->execute($sql); $message = 'Запись успешно добавлена'; } if (empty($_GET['section'])) { $all = $DB->getAll('SELECT * FROM category WHERE podcat=0'); $i = 0; foreach ($all as $num) {