if (!isset($license2) || $license2 == '0') { $l2_price = '0'; } if (!isset($license3) || $license3 == '0') { $l3_price = '0'; } // if (isset($_POST['brand']) && is_numeric($_POST['brand'])) { $_brand = $_POST['brand']; } else { $_brand = $user_brand; } if (isset($current_user->wp_capabilities['author']) && $current_user->wp_capabilities['author'] == 1) { $updatesql = "UPDATE `wp_product_list` SET `name` = '" . $wpdb->escape(removeCrLf(htmlspecialchars($_POST['title']))) . "', `description` = '" . $wpdb->escape(removeCrLf(htmlspecialchars($_POST['description']))) . "', `additional_description` = '" . $wpdb->escape(correct_comma(removeCrLf(htmlspecialchars($_POST['additional_description'])))) . "', `category` = '" . $wpdb->escape($_POST['category'][0]) . "', `brand` = '" . $_brand . "', `display_frontpage`='{$display_frontpage}', `visible`='{$visible}',`color`='{$colored}', `not_for_sale`='{$not_for_sale}', `l1_price`='{$l1_price}', `l2_price`='{$l2_price}', `l3_price`='{$l3_price}' WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1"; } else { $updatesql = "UPDATE `wp_product_list` SET `name` = '" . $wpdb->escape(removeCrLf(htmlspecialchars($_POST['title']))) . "', `description` = '" . $wpdb->escape(removeCrLf(htmlspecialchars($_POST['description']))) . "', `additional_description` = '" . $wpdb->escape(correct_comma(removeCrLf(htmlspecialchars($_POST['additional_description'])))) . "', `category` = '" . $wpdb->escape($_POST['category'][0]) . "', `brand` = '" . $_brand . "', `display_frontpage`='{$display_frontpage}', `visible`='{$visible}', `approved`='{$approved}', `color`='{$colored}', `not_for_sale`='{$not_for_sale}', `l1_price`='{$l1_price}', `l2_price`='{$l2_price}', `l3_price`='{$l3_price}' WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1"; } $wpdb->query($updatesql); // update temadnya if ($temadnya == '1') { $sql_temadnya = "insert into `wp_item_category_associations` (product_id, category_id) values ('" . $_POST['prodid'] . "','777')"; $wpdb->query($sql_temadnya); } elseif ($temadnya == '0') { $sql_temadnya = "delete from `wp_item_category_associations` where product_id=" . $_POST['prodid'] . " and category_id='777'"; $wpdb->query($sql_temadnya); } if ($image != null) { $updatesql2 = "UPDATE `wp_product_list` SET `image` = '" . $image . "' WHERE `id`='" . $_POST['prodid'] . "' LIMIT 1"; $wpdb->query($updatesql2); } if (isset($_POST['deleteimage']) && $_POST['deleteimage'] == 1) {
function fill_product_list($fileid) { $l1_price = 250; $l2_price = 500; $l3_price = 2500; $not_for_sale = 0; $display_frontpage = 1; $visible = 1; $user_brand = 8; //todo $image = ''; if (isset($_POST['colored']) && $_POST['colored'] == 'on') { $colored = 1; } else { $colored = 0; } if (isset($_POST['carcategory']) && is_numeric($_POST['carcategory'])) { $category_id = $_POST['carcategory']; } else { $category_id = 5; //cartoon } if (isset($_POST['brand']) && is_numeric($_POST['brand'])) { $_brand = mysql_real_escape_string($_POST['brand']); } else { $_brand = trim($user_brand); } $insertsql = "INSERT INTO `wp_product_list` ( `id`, `name`, `description`, `additional_description`, `file` , `image` , `category`, `brand`, `display_frontpage`, `visible`, `approved`, `color`, `not_for_sale`, `l1_price`, `l2_price`, `l3_price`) VALUES ('', '" . removeCrLf(htmlspecialchars($_POST['carname'])) . "', '" . removeCrLf(htmlspecialchars($_POST['cardescription'])) . "', '" . correct_comma(removeCrLf(htmlspecialchars($_POST['cartags']))) . "','" . $fileid . "', '" . $image . "', '" . $category_id . "', '" . $_brand . "', '{$display_frontpage}', '{$visible}', NULL, '{$colored}', '{$not_for_sale}', {$l1_price}, {$l2_price}, {$l3_price});"; if (!($result = mysql_query($insertsql))) { die('Invalid query: ' . mysql_error()); } $new_id = mysql_insert_id(); $sql_purgery = "insert into al_editors_votes (image_id, up, down) values ('" . $new_id . "','0','0')"; if (!($result = mysql_query($sql_purgery))) { die('Invalid query: ' . mysql_error()); } }