function createText() { global $error, $user; $title = checkString($_POST["title"], true, 4, 80, "название перевода"); $original_title = checkString($_POST["original_title"], true, 4, 80, "оригинальное название перевода"); $language = intval($_POST["language"]); $original_language = intval($_POST["original_language"]); $text_type_code = intval($_POST["type"]); $access = intval($_POST["access"]); $description = mysql_real_escape_string(htmlspecialchars($_POST["description"])); $uid = $user->uid; if ($text_type_code == 0) { $isbn = checkString($_POST["isbn"], true, 0, 20, "ISBN"); $author = checkString($_POST["author"], true, 0, 100, "имя автора"); $native_author = checkString($_POST["native_author"], true, 0, 100, "оригинальное имя автора"); $release_date = intval($_POST["release_date"]); } else { if ($text_type_code == 1) { $duration = setDuration($_POST["duration"]); } } if ($text_type_code < 0 || $text_type_code > 2 || $access < 1 || $access > 4) { $error = array("Ошибка отправки формы"); } if (count($error) > 0) { return; } $query = "INSERT INTO `text`\n (`type`,\n `access`,\n `creator`,\n `title`,\n `original_title`,\n `language`,\n `original_language`,\n `description`)\n VALUES\n ({$text_type_code},\n {$access},\n {$uid},\n \"{$title}\",\n \"{$original_title}\",\n {$language},\n {$original_language},\n \"{$description}\")"; executeQuery($query); if (count($error) > 0) { return; } $text_id = mysql_insert_id(); if ($text_type_code == 0) { $query = "INSERT INTO `book`\n (`text_id`,\n `isbn`,\n `author`,\n `native_author`,\n `release_date`)\n VALUES\n ({$text_id},\n \"{$isbn}\",\n \"{$author}\",\n \"{$native_author}\",\n {$release_date})"; executeQuery($query); } else { if ($text_type_code == 1) { $query = "INSERT INTO `subtitles`\n (`text_id`,\n `duration`)\n VALUES\n ({$text_id},\n {$duration})"; executeQuery($query); } } if (count($error) == 0) { header('Location: view.php?id=' . $text_id); die; } }
function saveText() { global $error, $text_row, $text_id; $title = checkString($_POST["title"], true, 4, 80, "название перевода"); $original_title = checkString($_POST["original_title"], true, 4, 80, "оригинальное название перевода"); $language = intval($_POST["language"]); $original_language = intval($_POST["original_language"]); $description = mysql_real_escape_string(htmlspecialchars($_POST["description"])); $text_type_code = $text_row["type"]; if ($text_type_code == 0) { $isbn = checkString($_POST["isbn"], true, 0, 20, "ISBN"); $author = checkString($_POST["author"], true, 0, 100, "имя автора"); $native_author = checkString($_POST["native_author"], true, 0, 100, "оригинальное имя автора"); $release_date = intval($_POST["release_date"]); } else { if ($text_type_code == 1) { $duration = setDuration($_POST["duration"]); } } if (count($error) > 0) { return; } $query = "UPDATE `text`\n SET\n `title` = \"{$title}\",\n `original_title` = \"{$original_title}\",\n `language` = {$language},\n `original_language` = {$original_language},\n `description` = \"{$description}\"\n WHERE\n `text_id` = {$text_id}"; executeQuery($query); if (count($error) > 0) { return; } if ($text_type_code == 0) { $query = "UPDATE `book`\n SET\n `isbn` = \"{$isbn}\",\n `author` = \"{$author}\",\n `native_author` = \"{$native_author}\",\n `release_date` = {$release_date}\n WHERE\n `text_id` = {$text_id}"; executeQuery($query); } else { if ($text_type_code == 1) { $query = "UPDATE `subtitles` SET `duration` = {$duration} WHERE `text_id` = {$text_id}"; executeQuery($query); } } if (count($error) == 0) { header('Location: edit.php?id=' . $text_id . '&status=ok'); die; } }