function edit() { DB::escapePost(); $tmp = self::getOne($_POST['id']); $oldstatus = $tmp['status']; if (trim($_POST['pass']) != '') { $pass = '******'' . $_POST['pass'] . '\'), '; } if (trim($_POST['passman']) != '') { $passman = 'passman=MD5(\'' . $_POST['passman'] . '\'), '; } $sql = ' UPDATE {{dealers}} SET company=\'' . $_POST['company'] . '\', name=\'' . $_POST['name'] . '\', job=\'' . $_POST['job'] . '\', phone=\'' . $_POST['phone'] . '\', email=\'' . $_POST['email'] . '\', manager=\'' . $_POST['manager'] . '\', emailreport=\'' . $_POST['emailreport'] . '\', ' . $pass . ' ' . $passman . ' city=\'' . $_POST['city'] . '\', brands=\'' . $_POST['brands'] . '\', status=\'' . $_POST['status'] . '\', comment=\'' . $_POST['comment'] . '\', code=\'' . $_POST['code'] . '\', balance=\'' . ($_POST['balance'] == '' ? '0' : $_POST['balance']) . '\' WHERE id=' . $_POST['id'] . ' '; DB::exec($sql); self::processImage($_POST['id'], 'avatar', 'avatar'); if ($_POST['delete_avatar'] == 'kill') { $file = $_SERVER['DOCUMENT_ROOT'] . UPLOAD_DIR . 'images/dealers_avatar/' . intval($_POST['id']) . '.png'; if (file_exists($file)) { unlink($file); } } if ($oldstatus != $_POST['status']) { DealersEmail::dealer_status($_POST['id']); } }