<?php header('Content-Type: text/html; charset=utf-8'); include_once '../includes/nocache.php'; include_once '../includes/config.php'; include_once '../includes/sanitize.php'; include_once '../includes/helpers.php'; require_once '../includes/class.upload.php'; include 'includes/valida-login.php'; include 'includes/meta.php'; if (_IS_POST()) { $id_codigo = sanitize_sql_string($_POST['hcodigo']); $titulo = sanitize_sql_string($_POST['titulo']); $categorias = $_POST['categorias']; $campos = array('titulo' => $titulo); $db->update('confort', $campos, 'id=' . $id_codigo); $db->delete('confort_categorias', 'id_confort=' . $id_codigo); if (is_array($categorias)) { foreach ($categorias as $clave => $valor) { $campos = array('id_confort' => $id_codigo, 'id_categoria' => $clave); $db->insert('confort_categorias', $campos); } } redirige_pagina('confort_modificar.php?id_confort=' . $id_codigo . '&err=2'); } $id_codigo = $_GET['id_confort']; $aLisReg = $db->select(getRow, 'confort', array('where' => 'id=' . $id_codigo, 'order' => 'orden')); $categoria = $aLisReg['padre']; $titulo = $aLisReg['titulo']; ?> <link href='http://fonts.googleapis.com/css?family=Ubuntu:300,400,700' rel='stylesheet' type='text/css'>
function check($input, $flags, $min = '', $max = '') { $oldput = $input; if ($flags & UTF8) { $input = my_utf8_decode($input); } if ($flags & PARANOID) { $input = sanitize_paranoid_string($input, $min, $max); } if ($flags & INT) { $input = sanitize_int($input, $min, $max); } if ($flags & FLOAT) { $input = sanitize_float($input, $min, $max); } if ($flags & HTML) { $input = sanitize_html_string($input, $min, $max); } if ($flags & SQL) { $input = sanitize_sql_string($input, $min, $max); } if ($flags & LDAP) { $input = sanitize_ldap_string($input, $min, $max); } if ($flags & SYSTEM) { $input = sanitize_system_string($input, $min, $max, TRUE); } if ($input != $oldput) { return FALSE; } return TRUE; }
} } // Conforts relacionados del producto $db->delete('productos_conforts','id_producto='.$id_publicacion); $conforts = $_POST['conforts']; foreach($conforts as $clave => $valor){ if($clave > 0){ $campos = array( 'id_producto' => $id_publicacion, 'id_confort' => sanitize_sql_string($clave), 'orden' => '0', 'estado' => '1', ); $db->insert('productos_conforts',$campos); } } $bErr = 2; //redirige_pagina("vender_ok.php?err=2"); }
// //////////////////////////////////////////////////////////////////////////////////// //by CobraCRK 21.07.2006 - www.extremeshare.org - cobracrk@yahoo.com //converted to xbtit by cooly if (!defined("IN_BTIT")) { die("non direct access!"); } require_once "include/sanitize.php"; require load_language("lang_subs.php"); global $STYLEURL, $CURUSER; if ($CURUSER["view_torrents"] == "no") { err_msg(ERROR, NOT_AUTH_VIEW_NEWS); stdfoot(); exit; } $src = sanitize_sql_string($_POST['src']); $subsearchtpl = new bTemplate(); $subsearchtpl->set("language", $language); if ($CURUSER["can_upload"] == "yes") { $subadd = "<br><center><a href=\"index.php?page=subadd\"><img src=\"images/Add.png\" width=30 height=30 alt=\"Add Subtitle\" title=\"Add Subtitle\"></a> <a href=\"index.php?page=subtitles\"><img src=\"images/Back.png\" width=30 height=30 alt=\"Back\" title=\"Back\"></a></center>"; } $search = "<form id=\"form1\" name=\"form1\" method=\"post\" action=\"index.php?page=subsearch\">\r\r <div align=\"center\">\r\r <input name=\"src\" type=\"text\" size=\"40\" value=\"{$src}\" />\r\r <input type=\"submit\" class=btn name=\"Submit\" value=\"" . $language['SUBSEARCH'] . "\" />\r\r </div>\r\r</form>\r\r\r<p> </p>\r\r<table border=\"0\" align=\"center\" cellpadding=\"1\" cellspacing=\"1\">"; $subsearchtpl->set("subadd", $subadd); $subsearchtpl->set("subsearch", $search); $subres = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}subtitles WHERE name LIKE '%{$src}%'", true); $subnum = mysqli_fetch_row($subres); $num2 = $subnum[0]; if ($num2 == 0) { stderr("Sorry", $language['SUBS_EMPTY_STD']); } $perpage = max(0, $CURUSER["torrentsperpage"]) > 0 ? $CURUSER["torrentsperpage"] : 10;
include_once('includes/helpers.php'); require_once( 'inc/variables.php' ); require_once('includes/class.upload.php'); $nombre_pagina = 'HOME'; if(_IS_POST()){ $plan = sanitize_sql_string($_POST['plan']); $nombre = sanitize_sql_string($_POST['nombre']); $provincia = sanitize_sql_string($_POST['provincia']); $localidad = sanitize_sql_string($_POST['localidad']); $cuit = sanitize_sql_string($_POST['cuit']); $telefono = sanitize_sql_string($_POST['telefono']); $direccion = sanitize_sql_string($_POST['direccion']); $email = sanitize_sql_string($_POST['email']); $clave = sanitize_sql_string($_POST['clave']); // Verificar que usuario de la concesionarias no exista. $aLisReg = $db->select(getRow,'clientes',array('where'=>'email="'.$email.'"','order'=>'email')); if(count($aLisReg) > 0){ $bErr = 1; $bErrDes = "El usuario ya existe, por favor revise bien el email."; }else{ $i = 0; foreach ($_FILES as $imagenesT){ $i++;
<? include_once('includes/nocache.php'); include_once('includes/config.php'); include_once('includes/sanitize.php'); include_once('includes/helpers.php'); require_once( 'inc/variables.php' ); require_once('includes/class.upload.php'); $nombre_pagina = 'HOME'; if(_IS_POST()){ $direccion = sanitize_sql_string($_POST['address']); $punto = $_POST['point']; if($direccion == '') $punto = ''; // Verificar que usuario del cliente no exista. $i = 0; foreach ($_FILES as $imagenesT){ $i++; if(is_array($_FILES['imagen'.$i]) && $_FILES['imagen'.$i]['name'] != ''){ $oImgReg = new Upload($_FILES['imagen'.$i]); if ($oImgReg->uploaded) { $oImgReg->allowed = array('image/*'); $oImgReg->Process('imagenes/concesionario/temp/'); if ($oImgReg->processed) $imagen = $oImgReg->file_dst_name;
require load_language("lang_subs.php"); global $STYLEURL, $CURUSER; if ($CURUSER["view_torrents"] == "no") { err_msg($langauge["ERROR"], $language["NOT_AUTH_VIEW_NEWS"]); stdfoot(); exit; } $substpl = new bTemplate(); $substpl->set("language", $language); if ($CURUSER["can_upload"] == "yes") { $subadd = "<br><center><a href=\"index.php?page=subadd\"><img src=\"images/Add.png\" width=30 height=30 alt=\"Add Subtitle\" title=\"Add Subtitle\"></a></center>"; } $search = "<form id=\"form1\" name=\"form1\" method=\"post\" action=\"index.php?page=subsearch\">\n\n <div align=\"center\">\n\n <input name=\"src\" type=\"text\" size=\"40\" />\n\n <input type=\"submit\" class=btn name=\"Submit\" value=\"" . $language['SUBSEARCH'] . "\" />\n\n </div>\n\n</form>\n\n"; require_once "include/sanitize.php"; if (isset($_GET['id'])) { $id = sanitize_sql_string($_GET['id']); $where = "AND hash='{$id}'"; } $substpl->set("subadd", $subadd); $substpl->set("subsearch", $search); $subres = do_sqlquery("SELECT COUNT(*) from {$TABLE_PREFIX}subtitles where id>0 {$where} ORDER BY id ASC {$limit}"); $subnum = mysqli_fetch_row($subres); $result = ""; $num2 = $subnum[0]; if ($num2 == 0) { $result = $language['SUBS_EMPTY']; } $perpage = max(0, $CURUSER["torrentsperpage"]) > 0 ? $CURUSER["torrentsperpage"] : 10; list($pagertop, $pagerbottom, $limit) = pager($perpage, $num2, "index.php?page=subtitles&"); $substpl->set("pagertop", $pagertop); $substpl->set("pagerbottom", $pagerbottom);
$aeliminar = $_POST['elimina']; $estado_gral = $_POST['estado_consulta']; if (count($aestados) > 0) { $campos = array('estado' => '0'); $db->update('productos', $campos, 'id in (' . implode(",", $estado_gral) . ')'); foreach ($aestados as $key => $value) { if ($key != '') { $campos = array('estado' => '1'); $db->update('productos', $campos, 'id=' . $key); } } } $titulo = $_POST['titulo']; $precio1 = $_POST['precio1']; foreach ($precio1 as $key => $value) { $campos = array('precio' => sanitize_sql_string($value), 'titulo' => htmlentities($titulo[$key], ENT_QUOTES, "UTF-8")); $db->update('productos_articulos', $campos, 'id=' . $key); } if (is_array($aeliminar)) { foreach ($aeliminar as $key => $value) { if ($key != '') { $db->delete('productos', 'id=' . $key); $db->delete('productos_articulos', 'id_producto=' . $key); $db->delete('productos_imagenes', 'id_producto=' . $key); } } } $bErr = 2; } ?> <link href='http://fonts.googleapis.com/css?family=Ubuntu:300,400,700' rel='stylesheet' type='text/css'>
function sanitize($input, $flags, $min = '', $max = '') { if ($flags & UTF8) { $input = my_utf8_decode($input); } if ($flags & PARANOID) { $input = sanitize_paranoid_string($input, $min, $max); } if ($flags & INT) { $input = sanitize_int($input, $min, $max); } if ($flags & FLOAT) { $input = sanitize_float($input, $min, $max); } if ($flags & HTML) { $input = sanitize_html_string($input, $min, $max); } if ($flags & SQL) { $input = sanitize_sql_string($input, $min, $max); } if ($flags & LDAP) { $input = sanitize_ldap_string($input, $min, $max); } if ($flags & SYSTEM) { $input = sanitize_system_string($input, $min, $max); } return $input; }
include_once '../includes/config.php'; include_once '../includes/sanitize.php'; include_once '../includes/helpers.php'; require_once '../includes/class.upload.php'; include 'includes/valida-login.php'; include 'includes/meta.php'; $id_codigo = $_GET['id']; if (_IS_POST()) { $categoria = $_POST['categoria']; $id_codigo = sanitize_int($_POST['id_codigo']); $titulo = sanitize_sql_string($_POST['titulo']); $fecha = sanitize_sql_string($_POST['fecha']); $descripcion = sanitize_sql_string($_POST['descripcion']); $target = $_POST['target']; $link = $_POST['link']; $portada = sanitize_sql_string($_POST['portada']); $imagen = $_POST['himagen']; $imagen_thumbs = $_POST['himagen_thumb']; if ($portada == '') { $portada = '0'; } if ($_POST['chkborrar'] == '1') { if (file_exists("../marcas/" . $imagen)) { unlink("../marcas/" . $imagen); } if (file_exists("../marcas/thumbs/" . $imagen_thumbs)) { unlink("../marcas/thumbs/" . $imagen_thumbs); } $imagen = ""; $imagen_thumbs = ""; }
?> " class="contenido_botonera" target="_blank"> <span class="cuadrado"></span><p>Configuración de E-mails</p> </a> <a href="modificar_clave.php" class="contenido_botonera"> <span class="cuadrado"></span><p>Modificar Contraseña</p> </a> </div> </div> <div id="contenido" class="mod_cont"> <p class="titulo_abm color">Productos :: Ordenar productos</p> <div class="titulo_abm_line bcolor"></div> <div id="imageFloatContainer"> <? if($categoria != '') $scad = ' and id_categoria='.$categoria; $aLisReg = $db->select(getAll,'productos',array('where'=>'id is not null'.sanitize_sql_string($scad),'order'=>'orden, id desc')); for($i=0; $i < count($aLisReg); $i++){ ?> <div class="cls_ordenar" id="img_<?php echo $aLisReg[$i]['id']; ?> "> <?php echo limpiarTexto($aLisReg[$i]['codigo'] . '-' . $aLisReg[$i]['titulo']); ?> </div> <? }?> <hr style="clear:both;border:0;visibility:none;"> </div> <br>
<?php require_once '../../includes/config_reports.php'; require_once '../../includes/config.php'; $template->loadTemplatefile('ad_campaign/summary.tpl'); $client_id = sanitize_int($_GET['client_id']); $product_data_id = sanitize_int($_GET['product_data_id']); $report_month = sanitize_int($_GET['report_month']); $report_year = sanitize_int($_GET['report_year']); $year_period_start_date = sanitize_sql_string($_GET['year_period_start_date']); $year_period_end_date = sanitize_sql_string($_GET['year_period_end_date']); $date = DateTime::createFromFormat("Y-m-d", $year_period_end_date); $quantity_days = $date->format("d"); $last_month = ""; $measurement_array = array('clicks', 'impressions', 'ctr', 'avg_cpc', 'cost'); // finding the Search Ad product client_id $query = "\tSELECT gpd.currency_id\n\t\t\tFROM sYra.google_advertising ga\n\t\t\t\tLEFT JOIN sYra.generic_products_data gpd ON gpd.product_data_id = ga.product_data_id\n\t\t\tWHERE ga.client_id = :client_id"; $db_syssql = db::connect('syssql'); $row = $db_syssql->select($query)->binds(array(':client_id' => $client_id))->execute()->fetch(); $currency_id = $row['currency_id']; $query = "\tSELECT MONTH(awr.DAY) AS month, YEAR(awr.DAY) AS year,\n\t\t\t\tSUM(awr.clicks) AS clicks,\n\t\t\t\tSUM(awr.impressions) AS impressions,\n\t\t\t\tIFNULL((SUM(awr.clicks)/SUM(awr.impressions))*100, 0) AS ctr,\n\t\t\t\tIFNULL((SUM(awr.cost)/SUM(awr.clicks)), 0) AS avg_cpc,\n\t\t\t\tSUM(awr.cost) AS cost\n\t\t\tFROM AWReports.AW_ReportAd awr\n\t\t\tWHERE awr.account_id = :client_id\n\t\t\t\tAND CAST(awr.DAY AS DATE) BETWEEN :year_period_start_date AND :year_period_end_date\n\t\t\t\tAND awr.DEVICE IS NOT NULL\n\t\t\tGROUP BY YEAR(awr.DAY), MONTH(awr.DAY)\n\t\t\tORDER BY YEAR(awr.DAY), MONTH(awr.DAY)"; $bind = array(':client_id' => $client_id, ':year_period_start_date' => $year_period_start_date, ':year_period_end_date' => $year_period_end_date); $result = db::connect('awreports')->select($query)->binds($bind)->execute(); if ($result->row_count() > 0) { $row = $result->fetch_all(); $template->touchBlock("campaign_summary_google_data"); foreach ($row as $summary_row) { foreach ($measurement_array as $label) { ${$label}[] = array(substr($month_name[$summary_row['month']], 0, 3) . '/' . $summary_row['year'], round((double) $summary_row[$label], 2)); if (in_array($label, array('clicks', 'impressions'))) { $template_data['campaign_summary_' . $label] = number_format($summary_row[$label], 0, ".", ",");
$localidad = sanitize_int($_POST['localidad']); $precio = sanitize_sql_string($_POST['precio']); $tipo = sanitize_sql_string($_POST['tipo']); $portada = sanitize_sql_string($_POST['portada']); $principal = sanitize_sql_string($_POST['principal']); if ($portada == '') { $portada = '0'; } if ($principal == '') { $principal = '0'; } if ($precio == '') { $precio = '0'; } $imagen = sanitize_sql_string($_POST['himagen']); $imagen_thumbs = sanitize_sql_string($_POST['himagen_thumb']); $campos = array('id_vendedor' => $vendedor, 'id_concesionaria' => $concesionaria, 'id_categoria' => $categoria, 'id_marca' => $marca, 'id_modelo' => $modelo, 'id_provincia' => $provincia, 'id_localidad' => $localidad, 'titulo' => $titulo, 'copete' => $copete, 'descripcion' => $descripcion, 'confort' => $confort, 'ano' => $ano, 'recorrido' => $recorrido, 'color' => $color, 'imagen' => "", 'imagen_thumbs' => "", 'precio' => $precio, 'url_amigable' => $url_ami, 'portada' => $portada, 'principal' => $principal, 'tipo' => $tipo); $db->update('productos', $campos, 'id=' . $id_producto); // Eliminamos las imagenes seleccionadas if (is_array($a_archivos)) { foreach ($a_archivos as $key => $value) { if ($key != '') { $db->delete('productos_imagenes', 'id=' . $key); } } } // Imágenes relacionadas del producto $i = 0; foreach ($_FILES as $imagenesT) { $i++; if (is_array($_FILES['imagen' . $i]) && $_FILES['imagen' . $i]['name'] != '') {
include 'includes/meta.php'; $id_cliente = $_GET['id'] == '' ? $_POST['id_cliente'] : $_GET['id']; if (_IS_POST()) { $codigo = sanitize_sql_string($_POST['codigo']); $nombre = sanitize_sql_string($_POST['nombre']); $apellido = sanitize_sql_string($_POST['apellido']); $dni = sanitize_sql_string($_POST['dni']); $email = sanitize_sql_string($_POST['email']); $nacimiento = sanitize_sql_string($_POST['nacimiento']); $telefono = sanitize_sql_string($_POST['telefono']); $celular = sanitize_sql_string($_POST['celular']); $direccion = sanitize_sql_string($_POST['direccion']); $sexo = sanitize_sql_string($_POST['sexo']); $usuario = $email; $clave = sanitize_sql_string($_POST['clave']); $vendedor = sanitize_sql_string($_POST['vendedor']); if ($vendedor == '') { $vendedor = 0; } $campos = array('id_vendedor' => $vendedor, 'nombre' => $nombre, 'apellido' => $apellido, 'dni' => $dni, 'email' => $email, 'nacimiento' => $nacimiento, 'sexo' => $sexo, 'telefono' => $telefono, 'celular' => $celular, 'direccion' => $direccion, 'usuario' => $usuario, 'clave' => $clave); $db->update('clientes', $campos, 'id=' . $id_cliente); echo "<script>document.location.href='clientes_modificar.php?id=" . $id_cliente . "&err=2';</script>"; } $aLisReg = $db->select(getRow, 'clientes', array('where' => 'id=' . $id_cliente)); $codigo = $aLisReg['codigo']; $nombre = $aLisReg['nombre']; $apellido = $aLisReg['apellido']; $dni = $aLisReg['dni']; $email = $aLisReg['email']; $telefono = $aLisReg['telefono']; $celular = $aLisReg['celular'];
<?php include_once '../../includes/config.php'; include_once '../../includes/helpers.php'; include_once '../../includes/sanitize.php'; // recuperamos el criterio de la busqueda $criterio = $_GET["term"]; if (!$criterio) { return; } ?> [<?php $aLisPro = $db->select(getAll, 'productos p', array('select' => 'pa.id, p.titulo, pa.titulo as modelo', 'where' => 'p.titulo like "%' . sanitize_sql_string($criterio) . '%"', 'joins' => array('inner join productos_articulos pa on (pa.id_producto=p.id)'), 'order' => 'p.titulo')); // cada elemento debe tener la forma: // { label : "lo que quieras que aparezca escrito", value: { datos del producto... } } for ($i = 0; $i < count($aLisPro); $i++) { $codigo = $aLisPro[$i]['id']; $titulo = $aLisPro[$i]['titulo'] . ' - ' . $aLisPro[$i]['modelo']; $stock = 0; if ($i > 0) { print ", "; } // agregamos esta linea porque cada elemento debe estar separado por una coma print "{ \"label\" : \"{$titulo}\", \"value\" : { \"descripcion\" : \"{$codigo}\", \"stock\" : {$stock} } }"; } // siguiente producto ?> ]
include 'includes/valida-login.php'; include 'includes/meta.php'; $id_empresa = sanitize_int($_GET['id_emp']); if ($id_empresa == '') { $id_empresa = sanitize_int($_POST['hid_empresa']); } if ($id_empresa == '') { $id_empresa = $db->select(getOne, 'empresas', array('select' => 'id', 'where' => 'estado="1"', 'order' => 'orden', 'limit' => '0,1')); } if (_IS_POST()) { $sw = true; $i = 0; $db->delete('modulos_home', 'id_empresa=' . $id_empresa); while ($sw) { $i++; $titulo = sanitize_sql_string($_POST['modulo' . $i]); if ($titulo == '') { $sw = false; } else { $campos = array('id_empresa' => $id_empresa, 'titulo' => $titulo); $db->insert('modulos_home', $campos); } } echo "<script>document.location.href='home.php?err=2&id_emp={$id_empresa}&seccion=nosotros';</script>"; } $aLisSec = $db->select(getAll, 'modulos_home', array('where' => 'id_empresa=' . $id_empresa)); ?> <link href='http://fonts.googleapis.com/css?family=Ubuntu:300,400,700' rel='stylesheet' type='text/css'> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="js/jquery-1.8.3.min.js"></script> <script type="text/javascript" src="js/botonera.js"></script>
<?php error_reporting(0); header('Content-Type: text/html; charset=utf-8'); include_once '../includes/nocache.php'; include_once '../includes/config.php'; include_once '../includes/sanitize.php'; include_once '../includes/helpers.php'; include 'includes/valida-login.php'; include 'includes/meta.php'; $bErr = sanitize_sql_string($_GET['err']); if (_IS_POST()) { $aestados = $_POST['estado']; $aeliminar = $_POST['elimina']; $estado_gral = $_POST['estado_consulta']; if (count($aestados) > 0) { $campos = array('estado' => '0'); $db->update('clientes', $campos, 'id in (' . implode(",", $estado_gral) . ')'); foreach ($aestados as $key => $value) { if ($key != '') { $campos = array('estado' => '1'); $db->update('clientes', $campos, 'id=' . $key); } } } if (is_array($aeliminar)) { foreach ($aeliminar as $key => $value) { if ($key != '') { $db->delete('clientes', 'id=' . $key); } }
$oImgReg->allowed = array('image/*'); $oImgReg->Process('../productos/thumbs/'); if ($oImgReg->processed) { $imagen_thumbs = $oImgReg->file_dst_name; } $oImgReg->Clean(); $campos = array('id_producto' => sanitize_sql_string($id_producto), 'imagen' => sanitize_sql_string($imagen), 'imagen_thumbs' => sanitize_sql_string($imagen_thumbs), 'imagen_original' => sanitize_sql_string($imagen_original), 'orden' => $i, 'estado' => '1'); $db->insert('productos_imagenes', $campos); } } } // Conforts relacionados del producto $conforts = $_POST['conforts']; foreach ($conforts as $clave => $valor) { if ($clave > 0) { $campos = array('id_producto' => sanitize_sql_string($id_producto), 'id_confort' => sanitize_sql_string($clave), 'orden' => '0', 'estado' => '1'); $db->insert('productos_conforts', $campos); } } redirige_pagina("productos_registro.php?err=2"); } ?> <link href='http://fonts.googleapis.com/css?family=Ubuntu:300,400,700' rel='stylesheet' type='text/css'> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="js/jquery-1.8.3.min.js"></script> <script type="text/javascript" src="js/botonera.js"></script> <script type="text/javascript" src="js/validate/jquery.validate.js"></script> <script src="js/validate/jquery.metadata.js" type="text/javascript"></script> <link href="css/jquery-ui.css" rel="stylesheet" type="text/css"/>
<?php include_once '../includes/nocache.php'; include_once '../includes/config.php'; include_once '../includes/sanitize.php'; include_once '../includes/helpers.php'; require_once '../includes/class.upload.php'; include 'includes/valida-login.php'; include 'includes/meta.php'; $id_seccion = 'PUBLICIDAD_HOME_POPUP'; $bErr = 0; if (_IS_POST()) { $categoria = $_POST['categoria']; $titulo = sanitize_sql_string($_POST['titulo']); $fecha = sanitize_sql_string($_POST['fecha']); $descripcion = sanitize_sql_string($_POST['descripcion']); $target = $_POST['target']; $link = $_POST['link']; $imagen = $_POST['himagen']; $imagen_temp = $_POST['himagen_temp']; $url_ami = urls_amigables($titulo, 'publicidad'); $portada = $_POST['portada'] == '' ? '0' : '1'; if ($_POST['chkborrar'] == '1') { $imagen = ''; $imagen_temp = ''; } // IMAGENES DE publicidad $i = 1; if (is_array($_FILES['imagen' . $i]) && $_FILES['imagen' . $i]['name'] != '') { $oImgReg = new Upload($_FILES['imagen' . $i]); if ($oImgReg->uploaded) {
$id_vehiculo = sanitize_int($_GET['id_pub']); $aLisReg = $db->select(getRow,'productos p',array('select'=>'p.*,m.titulo as marca, md.titulo as modelo', 'joins'=>array('left join marcas m on (m.id=p.id_marca)','left join modelos md on (md.id=p.id_modelo)'), 'where'=>'p.id='.$id_vehiculo, 'order'=>'p.orden')); $aLisRegCli = $db->select(getRow,'clientes',array('where'=>'id='.$aLisReg['id_vendedor'],'order'=>'id')); if(_IS_POST()){ $publicacion = sanitize_sql_string($_GET['publicacion']); $nombre = sanitize_sql_string($_POST['nombre']); $email = sanitize_sql_string($_POST['email']); $telefono = sanitize_sql_string($_POST['telefono']); $comentario = sanitize_sql_string($_POST['comentario']); $campos = array( 'id_publicacion' => $aLisReg['id'], 'id_vendedor' => $aLisReg['id_vendedor'], 'nombre' => $nombre, 'telefono' => $telefono, 'email' => $email, 'comentario' => $comentario, 'estado' => '0', 'tipo' => '0', 'fecha' => date("d-m-Y H:i"), 'fecha_registro' => date("Y-m-d") ); $db->insert('consultas',$campos);