<?php include_once "../inc/database.php"; include_once "../inc/func.php"; $link = db_connect(); $id = security_strip($link, $_GET['id']); $approve = security_strip($link, $_GET['approve']); $show = $approve == 'show' ? '0' : '1'; $query = "UPDATE book SET `show`='{$show}' WHERE id={$id}"; $result = mysqli_query($link, $query) or die(mysqli_error($link)); include_once "index.php";
<?php include_once "../inc/database.php"; include_once "../inc/func.php"; $link = db_connect(); $id = security_strip($link, $_GET['id']); $query = "DELETE FROM book WHERE id={$id} LIMIT 1"; $result = mysqli_query($link, $query) or die(mysqli_error($link)); include_once "index.php";
<?php include_once "inc/database.php"; include_once "inc/func.php"; $link = db_connect(); // из database.php foreach ($_GET as $var => $val) { $g[$var] = security_strip($link, $val); } $author = $g['author']; $text = $g['text']; $email = $g['email']; $get['author'] = substr($get['author'], 0, 255); //обрезаетя на случай если пользователь обойдет js $get['text'] = substr($get['text'], 0, 512); //обрезаетя на случай если пользователь обойдет js $query = "INSERT INTO `book` (`id`, `text`, `author`, `email`, `date`, `show`) VALUES (NULL, '{$text}', '{$author}', '{$email}', CURRENT_TIMESTAMP, 0)"; $result = mysqli_query($link, $query) or die(mysqli_error($link)); mysqli_close($link); echo "Уважаемый(ая) {$author}, Ваше сообщение \"{$text}\" поступило на обработку, и будет показано после модерации. Спасибо!";