$vowels = array("'", '"'); $string = str_replace($vowels, '"', $string); return $string; } $_POST['kvadrat'] = rusDoubleQuotes(trim($_POST['kvadrat'])); $_POST['price'] = rusDoubleQuotes(trim($_POST['price'])); $_POST['name_company'] = rusDoubleQuotes($_POST['name_company']); $_POST['firma'] = rusDoubleQuotes(trim($_POST['firma'])); $description = rusDoubleQuotes(trim($description)); $_POST['act'] = rusDoubleQuotes(trim($_POST['act'])); $_POST['email'] = rusDoubleQuotes(trim($_POST['email'])); $_POST['contacts_face'] = rusDoubleQuotes(trim($_POST['contacts_face'])); $_POST['phone_contacts_face'] = rusDoubleQuotes(trim($_POST['phone_contacts_face'])); $_POST['phone3'] = rusDoubleQuotes(trim($_POST['phone3'])); $_POST['discount'] = rusDoubleQuotes(trim($_POST['discount'])); $comment = rusDoubleQuotes(trim($comment)); $sql_select_ = 'UPDATE floors SET color=' . $_POST['color'] . ', kvadrat="' . trim($_POST['kvadrat']) . '", price="' . trim($_POST['price']) . '", site="' . $site . '", name_company="' . trim($_POST['name_company']) . '", firma="' . trim($_POST['firma']) . '", phone1="' . trim($_POST['phone1']) . '", phone2="' . trim($_POST['phone2']) . '", description="' . trim($description) . '", act="' . trim($_POST['act']) . '", email="' . trim($_POST['email']) . '", contacts_face="' . trim($_POST['contacts_face']) . '", phone_contacts_face="' . trim($_POST['phone_contacts_face']) . '", phone3="' . trim($_POST['phone3']) . '",
$vowels = array("'", '"'); $string = str_replace($vowels, '"', $string); return $string; } if (isset($_POST['name'])) { if (!($name = $editorClass->replaceToInsert($_POST['name']))) { unset($name); } } if (isset($_POST['description'])) { if (!($description = $editorClass->replaceToInsert($_POST['description']))) { unset($description); } } $name = rusDoubleQuotes($name); $description = rusDoubleQuotes($description); if (!empty($name) and $_POST['type'] != 0) { $show_on_site = $_POST['invisible'] ? 0 : 1; if (preg_match('/\\d+/', $_POST['price'], $matches)) { $price = $matches[0]; } else { $price = 0; } if (preg_match('/\\d+/', $_POST['priority'], $matches)) { $priority = $matches[0]; } else { $priority = 0; } if (!$_POST['id']) { $qwery = "INSERT INTO services (id,name,description,invisible,price,priority,type) VALUES (NULL,'" . $name . "','" . $description . "'," . $show_on_site . "," . $price . "," . $priority . "," . $_POST['type'] . ")"; } else {
$handle->process($root . '/img/stock'); //$handle->clean(); if (!$_POST['id']) { $next_group = $db->getai('events'); $sql_banner = 'UPDATE banners SET event_id=' . $next_group . ' WHERE md5_mictotime="' . $_POST['temp'] . '"'; $sql_preview_photo = 'UPDATE preview_photo SET event_id=' . $next_group . ' WHERE md5_mictotime="' . $_POST['temp'] . '"'; $title = rusDoubleQuotes($_POST['title']); $description = rusDoubleQuotes($description); $description_star = rusDoubleQuotes($description_star); $qwery = "INSERT INTO events (id,title,description,description_star,start_date,time_start,time_start_zero,end_date,time_end,time_end_zero,photo,visible) VALUES (NULL,'" . $title . "','" . $description . "','" . $description_star . "','" . $_POST['datepicker'] . "', '" . $time_start . "', " . $time_start_zero . ", '" . $data_end . "', '" . $time_end . "', " . $time_end_zero . ", '" . $_POST['temp'] . "'," . $show_on_site . ")"; } else { $sql_banner = 'UPDATE banners SET event_id=' . $_POST['id'] . ' WHERE md5_mictotime="' . $_POST['temp'] . '"'; $sql_preview_photo = 'UPDATE preview_photo SET event_id=' . $_POST['id'] . ' WHERE md5_mictotime="' . $_POST['temp'] . '"'; $title = rusDoubleQuotes($_POST['title']); $description = rusDoubleQuotes($description); $description_star = rusDoubleQuotes($description_star); $qwery = "UPDATE events SET title='" . $title . "',description='" . $description . "',description_star='" . $description_star . "',start_date='" . $_POST['datepicker'] . "',time_start='" . $time_start . "',time_start_zero=" . $time_start_zero . ",end_date='" . $data_end . "',time_end='" . $time_end . "',time_end_zero=" . $time_end_zero . ", visible=" . $show_on_site . " WHERE id=" . $_POST['id']; } } //вывод echo $qwery; if ($all_err == '') { $db->query($sql_banner); $db->query($sql_preview_photo); $db->query($qwery); } else { $all_err = 'Обязательные поля: ' . $all_err; print $all_err; } ?>