$vowels = array("'", '"');
$string = str_replace($vowels, '"', $string);
return $string;
}
$_POST['kvadrat'] = rusDoubleQuotes(trim($_POST['kvadrat']));
$_POST['price'] = rusDoubleQuotes(trim($_POST['price']));
$_POST['name_company'] = rusDoubleQuotes($_POST['name_company']);
$_POST['firma'] = rusDoubleQuotes(trim($_POST['firma']));
$description = rusDoubleQuotes(trim($description));
$_POST['act'] = rusDoubleQuotes(trim($_POST['act']));
$_POST['email'] = rusDoubleQuotes(trim($_POST['email']));
$_POST['contacts_face'] = rusDoubleQuotes(trim($_POST['contacts_face']));
$_POST['phone_contacts_face'] = rusDoubleQuotes(trim($_POST['phone_contacts_face']));
$_POST['phone3'] = rusDoubleQuotes(trim($_POST['phone3']));
$_POST['discount'] = rusDoubleQuotes(trim($_POST['discount']));
$comment = rusDoubleQuotes(trim($comment));
$sql_select_ = 'UPDATE floors SET
color=' . $_POST['color'] . ',
kvadrat="' . trim($_POST['kvadrat']) . '",
price="' . trim($_POST['price']) . '",
site="' . $site . '",
name_company="' . trim($_POST['name_company']) . '",
firma="' . trim($_POST['firma']) . '",
phone1="' . trim($_POST['phone1']) . '",
phone2="' . trim($_POST['phone2']) . '",
description="' . trim($description) . '",
act="' . trim($_POST['act']) . '",
email="' . trim($_POST['email']) . '",
contacts_face="' . trim($_POST['contacts_face']) . '",
phone_contacts_face="' . trim($_POST['phone_contacts_face']) . '",
phone3="' . trim($_POST['phone3']) . '",
$vowels = array("'", '"');
$string = str_replace($vowels, '"', $string);
return $string;
}
if (isset($_POST['name'])) {
if (!($name = $editorClass->replaceToInsert($_POST['name']))) {
unset($name);
}
}
if (isset($_POST['description'])) {
if (!($description = $editorClass->replaceToInsert($_POST['description']))) {
unset($description);
}
}
$name = rusDoubleQuotes($name);
$description = rusDoubleQuotes($description);
if (!empty($name) and $_POST['type'] != 0) {
$show_on_site = $_POST['invisible'] ? 0 : 1;
if (preg_match('/\\d+/', $_POST['price'], $matches)) {
$price = $matches[0];
} else {
$price = 0;
}
if (preg_match('/\\d+/', $_POST['priority'], $matches)) {
$priority = $matches[0];
} else {
$priority = 0;
}
if (!$_POST['id']) {
$qwery = "INSERT INTO services (id,name,description,invisible,price,priority,type) VALUES (NULL,'" . $name . "','" . $description . "'," . $show_on_site . "," . $price . "," . $priority . "," . $_POST['type'] . ")";
} else {
$handle->process($root . '/img/stock');
//$handle->clean();
if (!$_POST['id']) {
$next_group = $db->getai('events');
$sql_banner = 'UPDATE banners SET event_id=' . $next_group . ' WHERE md5_mictotime="' . $_POST['temp'] . '"';
$sql_preview_photo = 'UPDATE preview_photo SET event_id=' . $next_group . ' WHERE md5_mictotime="' . $_POST['temp'] . '"';
$title = rusDoubleQuotes($_POST['title']);
$description = rusDoubleQuotes($description);
$description_star = rusDoubleQuotes($description_star);
$qwery = "INSERT INTO events (id,title,description,description_star,start_date,time_start,time_start_zero,end_date,time_end,time_end_zero,photo,visible) VALUES (NULL,'" . $title . "','" . $description . "','" . $description_star . "','" . $_POST['datepicker'] . "', '" . $time_start . "', " . $time_start_zero . ", '" . $data_end . "', '" . $time_end . "', " . $time_end_zero . ", '" . $_POST['temp'] . "'," . $show_on_site . ")";
} else {
$sql_banner = 'UPDATE banners SET event_id=' . $_POST['id'] . ' WHERE md5_mictotime="' . $_POST['temp'] . '"';
$sql_preview_photo = 'UPDATE preview_photo SET event_id=' . $_POST['id'] . ' WHERE md5_mictotime="' . $_POST['temp'] . '"';
$title = rusDoubleQuotes($_POST['title']);
$description = rusDoubleQuotes($description);
$description_star = rusDoubleQuotes($description_star);
$qwery = "UPDATE events SET title='" . $title . "',description='" . $description . "',description_star='" . $description_star . "',start_date='" . $_POST['datepicker'] . "',time_start='" . $time_start . "',time_start_zero=" . $time_start_zero . ",end_date='" . $data_end . "',time_end='" . $time_end . "',time_end_zero=" . $time_end_zero . ", visible=" . $show_on_site . " WHERE id=" . $_POST['id'];
}
}
//вывод
echo $qwery;
if ($all_err == '') {
$db->query($sql_banner);
$db->query($sql_preview_photo);
$db->query($qwery);
} else {
$all_err = 'Обязательные поля: ' . $all_err;
print $all_err;
}
?>
