/** * 创建道具卡申请订单 * @param unknown_type $cd_CAFormName * @param unknown_type $cd_CAFormRemark * @param unknown_type $CardStr * @param unknown_type $EmailBody */ public function CreatCardApplyInfo($cd_CAFormName, $cd_CAFormRemark, $CardStr, $EmailBody) { if (!isset($_SESSION)) { session_start(); } if (!isset($_SESSION['account_ID']) || !isset($_SESSION['user'])) { return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1"); } $AccountName = $_SESSION['user']; $Time = date("Y-m-d H:i:s"); $sql_apply = "insert into CD_CardApplyForm (cd_CAFormName,cd_CAFormRemark,cd_CardApplyer,cd_CardApplyTime,cd_CAFormState)"; $sql_apply .= " values ('{$cd_CAFormName}','{$cd_CAFormRemark}','{$AccountName}','{$Time}',-1)"; $r = sql_insert($sql_apply); if ($r != 0) { $applyID = $r; $arr = array("NULL" => $applyID); $addCardInfo = strtr($CardStr, $arr); $sql_apply_card = "insert into CD_CAFormCardInfo(cd_CAFormID,cd_CardTypeID,cd_CardNum) values " . $addCardInfo; $add_card = sql_query($sql_apply_card); if ($add_card != 0) { $sql_apply_update = "UPDATE CD_CardApplyForm set cd_CAFormState = 0 where cd_CAFormID = " . $applyID; $sql_update = sql_query($sql_apply_update); if ($r != 0) { return new ExcuteResult(ResultStateLevel::SUCCESS, "", NULL); } else { return new ExcuteResult(ResultStateLevel::SUCCESS, "卡更新状态失败!", NULL); } } else { return new ExcuteResult(ResultStateLevel::ERROR, "CD_CAFormCardInfo 新增失败", NULL); } } else { return new ExcuteResult(ResultStateLevel::ERROR, "CD_CardApplyForm 新增失败", NULL); } }
/** * функци¤ возвращет конкретное значение из полученного массива данных по ip * * @param string - ключ массива. ≈сли интересует конкретное значение. * люч может быть равным 'inetnum', 'country', 'city', 'region', 'district', 'lat', 'lng' * @param boolean - устанавливаем хранить данные в базе или нет * ≈сли true, то в таблицу ipgeobase будут записаны данные по ip и повторные запросы на ipgeobase происходить не будут. * ≈сли false, то данные посто¤нно будут запрашиватьс¤ с ipgeobase * * @return array OR string - дополнительно читайте комментарии внутри функции. */ function get_value($key = false, $from_db = true) { $key_array = array('inetnum', 'country', 'city', 'region', 'district', 'lat', 'lng'); if (!in_array($key, $key_array)) { $key = false; } $data = null; // если используем базу, то достаем данные if ($from_db) { $numeric_ip = $this->numeric_ip($this->ip); $data = sql_getRow("SELECT * FROM `{$this->dbname}`.`{$this->table}` WHERE (from_ip>={$numeric_ip} AND to_ip<={$numeric_ip}) LIMIT 1"); } if (!$data) { $data = $this->get_geobase_data(); $inetnum = explode('-', $data['inetnum']); if ($data && $data['country']) { sql_insert("`{$this->dbname}`.`{$this->table}`", array('from_ip' => $this->numeric_ip($inetnum[0]), 'to_ip' => $this->numeric_ip($inetnum[1]), 'country' => $data['country'], 'city' => $data['city'], 'region' => $data['region'], 'district' => $data['district'], 'lat' => $data['lat'], 'lng' => $data['lng'])); } } if ($key) { return $data[$key]; // если указан ключ, возвращаем строку с нужными данными } else { return $data; // иначе возвращаем массив со всеми данными } }
function insert($table, $vyber) { if ($_POST[submit]) { //var_dump($_POST); $meno = sec_sql(sec_input($_POST["meno"])); $email_meno = sec_sql(sec_input($_POST["email_meno"])); if (strlen($meno) > 50 or strlen($meno) < 2) { $error_msg[] = "Meno môže mať od 4 do 50 znakov"; } if (empty($error_msg)) { if ($table == "dodavatel") { $query = "INSERT INTO {$table} (meno)\r\n VALUES (\"{$meno}\")\r\n "; } if ($table == "do_produkt") { $query = "INSERT INTO {$table} (meno, email_meno)\r\n VALUES (\"{$meno}\", \"{$email_meno}\")\r\n "; } sql_insert($query); header("location: index.php?vyber={$vyber}&sub={$table}"); } else { echo "<div id=error_message>" . implode("<br>", $error_msg) . "</div>"; } $data = $_SESSION["posted_form_add_new_item_{$table}"]; } echo "<form method=\"POST\">"; echo textfield("meno", $meno, "Meno *", 50, 20); if ($table == "do_produkt") { echo textfield("email_meno", $email_meno, "Email meno", 50, 40); } echo submit("submit", "Odoslať"); echo "</form>"; }
public function _home() { global $config, $user, $cache; if (!_button()) { return; } $this->id = request_var('msg_id', 0); $sql = 'SELECT * FROM _forum_topics WHERE topic_id = ?'; if (!$this->object = sql_fieldrow(sql_filter($sql, $this->id))) { fatal_error(); } $this->object = (object) $this->object; $this->object->new_value = ($this->object->topic_featured) ? 0 : 1; topic_feature($this->id, $this->object->new_value); $sql_insert = array( 'bio' => $user->d('user_id'), 'time' => time(), 'ip' => $user->ip, 'action' => 'feature', 'old' => $this->object->topic_featured, 'new' => $this->object->new_value ); sql_insert('log_mod', $sql_insert); return redirect(s_link('topic', $this->id)); }
/** * 增加后台基本模块操作日志 * @param $Remark * @param $EventType=1 后台基础信息 2=卡库 10= */ function AddBMAccountEventLog($Remark, $EventType) { if (!isset($_SESSION)) { session_start(); } if (!isset($_SESSION['account_ID'])) { return; } else { $accountID = $_SESSION['account_ID']; $accountName = ""; if (isset($_SESSION['user'])) { $accountName = $_SESSION['user'] . "操作:"; } if (defined('TIMEZONE')) { $timezone = TIMEZONE; if (function_exists('date_default_timezone_set')) { date_default_timezone_set($timezone); } } $Time = date("Y-m-d H:i:s"); $OperateIP = Utils::get_client_ip(); $Remark = $accountName . $Remark; $sql = "INSERT INTO bm_event_log(event_type, account_id, operate_ip, event_desc, add_time) \r\n\t\t\tVALUES ({$EventType}, {$accountID}, '{$OperateIP}', '{$Remark}', '{$Time}')"; sql_insert($sql); } }
public function _home() { global $config, $user, $cache; sql_truncate('_smilies'); $emoticon_path = $config['assets_path'] . 'emoticon/'; $process = 0; $fp = @opendir($emoticon_path); while ($file = @readdir($fp)) { if (preg_match('#([a-z0-9]+)\.(gif|png)#is', $file, $part)) { $insert = array( 'code' => ':' . $part[1] . ':', 'smile_url' => $part[0] ); sql_insert('smilies', $insert); $process++; } } @closedir($fp); $cache->delete('smilies'); return _pre($process . ' emoticons.'); }
function MyCommit($row) { // Переносим изображение if ($row['image'] && getimagesize('..' . $row['image']) && strpos($row['image'], 'plans') === false) { $object_id = sql_getValue('SELECT pid FROM obj_elem_plans WHERE id=' . $row['pid']); $dir = '../files/objects/' . $object_id; if (!is_dir($dir)) { mkdir($dir); mkdir($dir, 0770); } $dir .= '/plans'; if (!is_dir($dir)) { mkdir($dir); mkdir($dir, 0770); } $new_name = $dir . '/' . basename($row['image']); rename('..' . $row['image'], $new_name); $row['image'] = substr($new_name, 2); } if ($_POST['id']) { sql_update($this->elem_table, $row, 'id = ' . $_POST['id']); } else { sql_insert($this->elem_table, $row); } $err = sql_getError(); if (empty($err)) { return 1; } return $err; }
function formulaires_ecatalogue_prices_group_traiter_dist() { $result = array(); $is_active = _request('is_active'); $prices_group = _request('price'); $elements_insert = _request('elements_insert'); $isset_price_group = sql_select('*', 'spip_ecatalogue_prices_group'); if ($isset_price_group) { while ($row = sql_fetch($isset_price_group)) { $id_price_group = $row['id_group']; if (isset($prices_group[$id_price_group])) { $name = $prices_group[$id_price_group]; $status = isset($is_active[$id_price_group]) ? 1 : 0; sql_update('spip_ecatalogue_prices_group', array('titre' => '"' . $name . '"', 'is_active' => $status), 'id_group = ' . (int) $id_price_group); } else { sql_delete('spip_ecatalogue_prices_group', 'id_group = ' . $id_price_group); // Delete price group } } } if (is_array($elements_insert) && !empty($elements_insert)) { foreach ($elements_insert as $key => $value) { $name = $value['titre']; $is_active = isset($value['is_active']) ? 1 : 0; sql_insert('spip_ecatalogue_prices_group', '(titre,is_active)', '("' . $name . '",' . $is_active . ')'); } } return $result; }
private function create() { $v = _request(array('username' => '')); if (_empty($v)) return; $v->username = get_username_base($v->username); $sql = 'SELECT * FROM _members WHERE username_base = ?'; if (!$result = sql_fieldrow(sql_filter($sql, $v->username))) { return; } $sql = 'SELECT * FROM _banlist WHERE ban_userid = ?'; if (!$ban = sql_fieldrow(sql_filter($sql, $result['user_id']))) { $insert = array( 'ban_userid' => $result['user_id'] ); sql_insert('banlist', $insert); $sql = 'DELETE FROM _sessions WHERE session_user_id = ?'; sql_query(sql_filter($sql, $result['user_id'])); echo 'El usuario ' . $result['username'] . ' fue bloqueado.'; } return true; }
public function _home() { global $config, $user, $cache; if ($submit) { return false; } $bot_name = request_var('bot_name', ''); $bot_agent = request_var('bot_agent', ''); $bot_ip = request_var('bot_ip', ''); $bot_base = get_username_base($bot_name); $sql = 'SELECT * FROM _bots WHERE bot_name = ?'; $insert = true; if ($row = sql_fieldrow(sql_filter($sql, $bot_name))) { $insert = false; if ($row['bot_ip'] != $bot_ip) { $sql = 'UPDATE _bots SET bot_ip = ? WHERE bot_id = ?'; sql_query(sql_filter($sql, $row['bot_ip'] . ',' . $bot_ip, $row['bot_id'])); } } if ($insert) { $insert_member = array( 'user_type' => 2, 'user_active' => 1, 'username' => $bot_name, 'username_base' => $bot_base, 'user_timezone' => -6.00, 'user_lang' => 'spanish' ); $bot_id = sql_insert('members', $insert_member); $insert_bot = array( 'bot_active' => 1, 'bot_name' => $bot_name, 'user_id' => $bot_id, 'bot_agent' => $bot_agent, 'bot_ip' => $bot_ip, ); sql_insert('bots', $insert_bot); } $sql = "DELETE FROM _sessions WHERE session_browser LIKE '%??%'"; sql_query(sql_filter($sql, $bot_name)); $cache->delete('bots'); return; }
public function addMessageToArchive($message) { // there are no some fields in cb_mail_archive table unset($message['smtp_server_id']); $message['sended_from'] = $message['from_mail']; $message['sended_time'] = date("Y-m-d H:i:s"); $message['error_type'] = 0; $message['error_text'] = ''; $result = sql_insert('cb_mail_archive', $message); //using internal clientbase.ru function to avoid problems with quotes return $result; }
/** * * System Log Entry * * Dev Future: add auto creation of bugs for certain categories * * severity options based on bootstrap color swatches * default (grey), primary (dk blue), success (green), info (light blue), warning (yellow), danger (red) * * action options: * AUTH CREATE - New user created * AUTH SUCCESS - Login attempt successful * AUTH FAILURE - Login attempt failed * AUTH PASSSWD - Password reset or changed * AUTH TERMINATE - Session expired or logged out * SQL INSERT - Database record inserted * SQL UPDATE - Database record updated * SQL DELETE - Database record deleted * FORM VALIDATION - Validation error in a form post * PAGE VIEW - User viewed page * */ function sdk_log($severity, $action, $message, $ref_key = '', $ref_value = '0') { // Define Global Variables global $ses_sdk_act_usr; global $ses_sdk_act_ses; // Create array of columns/values for database $sql_insert_values = array('sdk_act_usr' => $ses_sdk_act_usr, 'sdk_act_ses' => $ses_sdk_act_ses, 'sdk_sys_log_ref_key' => $ref_key, 'sdk_sys_log_ref_value' => $ref_value, 'sdk_sys_log_severity' => $severity, 'sdk_sys_log_action' => $action, 'sdk_sys_log_message' => $message); // Execute SQL Query to Insert New Row $sql_insert_exec = sql_insert('sdk_sys_log', $sql_insert_values); // Return the Log UID return $sql_insert_exec; }
public function AddStore($name, $province, $city, $district, $addr, $contacts, $phone) { if (!isset($_SESSION['account_ID'])) { return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1"); } $account_id = $_SESSION['account_ID']; $sql = "INSERT INTO bm_store_info(account_id,shop_name,shop_province,shop_city,shop_district,shop_addr,shop_contacts,shop_phone,shop_state)" . "VALUE('{$account_id}','{$name}','{$province}','{$city}','{$district}','{$addr}','{$contacts}','{$phone}',0);"; $r = sql_insert($sql); if ($r != 0) { return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]); } else { return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", $sql); } }
/** * 添加到购物车 */ public function AddShoppingCart($_GoodsId, $_GoodsNum) { if (!isset($_SESSION['account_ID'])) { return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1"); } $account_id = $_SESSION['account_ID']; $sql = "insert into bm_shopping_cart(account_id,goods_id,goods_num,add_time) values('{$account_id}','{$_GoodsId}','{$_GoodsNum}',now())"; $r = sql_insert($sql); if ($r != 0) { return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]); } else { return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", $sql); } }
/** * 新增邮件申请 * @param unknown_type $serverID * @param unknown_type $users * @param unknown_type $title * @param unknown_type $desc * @param unknown_type $remark * @param unknown_type $delTime * @param unknown_type $ApplyDesc */ public function AddMailApplay($gameID, $serverID, $users, $title, $desc, $delTime, $ApplyDesc, $sendType, $attchID, $attNum) { if (!isset($_SESSION['account_ID'])) { return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1"); } $sql_check = "SELECT bm_AreaID, bm_ServerConnString, bm_ServerName FROM bm_gameserver WHERE bm_ServerID = " . $serverID; $r_check = sql_fetch_one($sql_check); if ($r_check == "") { return new ExcuteResult(ResultStateLevel::ERROR, "此游戏服务器不存在或已被删除!", NULL); } $AreaID = $r_check[0]; $ServerName = $r_check[2]; $AccessoriesFlag = 1; $GameMailTarget = '全服发送'; $GameMailNickName = '全服发送'; $now = date("Y-m-d H:i:s"); if ($attchID == 0 && $attNum == 0) { $AccessoriesFlag = 0; } $markAry['mailExpired'] = $delTime; $markAry['attachID'] = $attchID; $markAry['attachNum'] = $attNum; $markAry['type'] = $sendType; $markAry['note'] = $ApplyDesc; $mailApplyRemark = json_encode($markAry); $currentUser = $_SESSION['user']; if (!empty($users)) { $usernames = str_replace(array("\r", "\n"), array("", ","), trim($users)); if ($sendType == 0) { //passport $GameMailTarget = $usernames; $GameMailNickName = ''; } else { $GameMailTarget = ''; $GameMailNickName = $usernames; } } $sql = "INSERT INTO bm_gamemail( bm_GameID, bm_AreaID, bm_ServerID, bm_ServerName, bm_GameMailTitle, bm_GameMailDesc,\r\n \t\t\t\tbm_GameMailTarget, bm_GameMailNickName, bm_MailApplyRemark, bm_MailApplyFlag, bm_AccessoriesFlag, \r\n \t\t\t\tbm_GameMailSendState, bm_ApplyState, bm_Account, bm_CreatTime) VALUES( {$gameID}, {$AreaID}, {$serverID}, \r\n \t\t\t\t'{$ServerName}', '{$title}', '{$desc}', '{$GameMailTarget}', '{$GameMailNickName}', \r\n \t\t\t\t'{$mailApplyRemark}', 1, {$AccessoriesFlag}, 0, 0, '{$currentUser}', '{$now}')"; $insertID = sql_insert($sql); if ($insertID && $attchID != 0 && $attNum != 0) { $sqladd = "INSERT INTO bm_gamemailaffixitem(bm_GameMailID, bm_ItemID, bm_ItemNum) VALUES({$insertID}, {$attchID},{$attNum})"; $r_add = sql_query($sqladd); if ($r_add == 0) { return new ExcuteResult(ResultStateLevel::ERROR, "订单生成,道具信息插入失败!", NULL); } else { return new ExcuteResult(ResultStateLevel::SUCCESS, "", NULL); } } return new ExcuteResult(ResultStateLevel::ERROR, "生成订单失败", $sql); }
/** * 新增分组 * @param $name * @param $remark */ public function AddGroup($name, $remark) { AddBMAccountEventLog("新增分组:" . $name, EventLogTypeEnum::BASEMANGE); if (!isset($_SESSION['account_ID'])) { return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1"); } $sql = "insert into BM_Group (bm_GroupName,bm_RankRemark)"; $sql .= " values ('{$name}','{$remark}')"; $r = sql_insert($sql); if ($r != 0) { return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]); } else { return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", NULL); } }
/** * 新增品牌 * @param $name * @param $order */ public function AddGoodsBrand($name, $order) { AddBMAccountEventLog("新增品牌:" . $name, EventLogTypeEnum::BASEMANGE); if (!isset($_SESSION['account_ID'])) { return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1"); } $sql = "insert into bm_goods_brand(brand_name, brand_order)"; $sql .= " values ('{$name}','{$order}')"; $r = sql_insert($sql); if ($r != 0) { return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]); } else { return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", NULL); } }
/** * Вызывается после сохранения в БД * @param array() $fld * @param integer $id * @return array() */ function ElemRedactAfter($fld, $id) { $tree = sql_getValue("SELECT * FROM tree WHERE root_id='" . $fld['root_id'] . "' AND id=pid LIMIT 1"); if (!$tree) { // сделать в дереве раздел (только один раздел с type=home) $tree_row = sql_getRow("SELECT * FROM tree WHERE id=pid LIMIT 1"); if ($tree_row) { $tree_row['id'] = $tree_row['pid'] = $tree_row['root_id'] = $fld['root_id']; $tree_row['pids'] = '/' . $fld['root_id'] . '/'; $tree_row['next'] = 0; $tree_row['priority'] = (int) sql_getValue("SELECT MAX(priority) FROM tree WHERE id=pid") + 1; sql_insert('tree', $tree_row); } } return $fld; }
public function _home() { global $config, $user, $cache; if (!_button()) { return false; } $msg_id = request_var('msg_id', 0); $sql = 'SELECT * FROM _members_posts WHERE post_id = ?'; if (!$d = sql_fieldrow(sql_filter($sql, $msg_id))) { fatal_error(); } $sql = 'DELETE FROM _members_posts WHERE post_id = ?'; sql_query(sql_filter($sql, $msg_id)); $sql = 'UPDATE _members SET userpage_posts = userpage_posts - 1 WHERE user_id = ?'; sql_query(sql_filter($sql, $d['userpage_id'])); if (_button('user')) { $sql = 'SELECT ban_id FROM _banlist WHERE ban_userid = ?'; if (!$row = sql_fieldrow(sql_filter($sql, $d['poster_id']))) { sql_insert('banlist', array('ban_userid' => $d['poster_id'])); } } if (_button('ip')) { $sql = 'SELECT ban_id FROM _banlist WHERE ban_ip = ?'; if (!$row = sql_fieldrow(sql_filter($sql, $d['post_ip']))) { $sql_insert = array( 'ban_ip' => $d['post_ip'] ); sql_insert('banlist', $sql_insert); } } return _pre($d, true); }
function editCreate() { $name = str_replace("&", "=+=+=+=", $_POST['fld']['name']); $name = htmlspecialchars($name); $name = str_replace("=+=+=+=", "&", $name); $id = sql_insert($this->table, array('name' => $name, 'date' => date('Y-m-d H:i:s'))); # Обновляем src $ret = sql_query("UPDATE " . $this->table . " SET pid=" . $this->pid . " WHERE id=" . $id); if (!$ret) { die('"UPDATE error: ' . addslashes(sql_getError()) . '"'); } if (is_int($id)) { HeaderExit("/admin/editor.php?page={$this->name}&id=" . $id); } else { die($id); } }
/** * 新增游戏道具 * @param unknown_type $gameID * @param unknown_type $itemName * @param unknown_type $itemGID * @param unknown_type $itemRank * @param unknown_type $itemRemark */ public function AddNewGameItem($gameID, $itemName, $itemGID, $itemRank, $itemRemark) { AddBMAccountEventLog("新增游戏道具物品名称:" . $itemName . ",游戏:" . $gameID . ",游戏GID:" . $itemGID, 2); if (!isset($_SESSION['account_ID'])) { return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1"); } $check = "SELECT bm_ItemName FROM bm_item WHERE bm_ItemName = '" . $itemName . "' AND bm_GameID = " . $gameID; if (sql_check($check)) { return new ExcuteResult(ResultStateLevel::EXCEPTION, "物品名称已存在", $itemName); } $sql = "insert into bm_item (bm_GameID,bm_ItemName,bm_ItemGID,bm_ItemRank,bm_ItemRemark)"; $sql .= "values ({$gameID},'{$itemName}','{$itemGID}','{$itemRank}','{$itemRemark}')"; $r = sql_insert($sql); if ($r != 0) { return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]); } else { return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", NULL); } }
private function create() { $v = _request(array('title' => '', 'author' => '', 'text' => '')); if (_empty($v)) { return; } $sql = 'SELECT * FROM _artists WHERE ub = ?'; if (!$ad = sql_fieldrow(sql_filter($sql, $this->object['ub']))) { return; } $v->ub = $this->object['ub']; sql_insert('artists_lyrics', $v); $sql = 'UPDATE _artists SET lirics = lirics + 1 WHERE ub = ?'; sql_query(sql_filter($sql, $this->object['ub'])); return redirect(s_link('a', $ad['subdomain'])); }
/** * 新增卡种类 * @param unknown_type $name * @param unknown_type $restrict * @param unknown_type $point * @param unknown_type $price * @param unknown_type $unique * @param unknown_type $remark * @param unknown_type $gameStr */ public function AddCardType($name, $restrict, $point, $price, $unique, $remark, $gameStr) { AddBMAccountEventLog("新增卡种类名称:" . $name . ",限制:" . $restrict, EventLogTypeEnum::CARDMANAGE); if (!isset($_SESSION['account_ID'])) { return new ExcuteResult(ResultStateLevel::ERROR, "账号已登出,请重新登录", "-1"); } $sql = "insert into CD_CardType (cd_CardTypeName,cd_GameRestrict,cd_CardPoint,cd_CardPrice,cd_CardTypeUnique,cd_CardTypeState,cd_Remark)"; $sql .= " values ('{$name}','{$restrict}','{$point}','{$price}','{$unique}',0,'{$remark}')"; $r = sql_insert($sql); if ($r != 0) { $msg = "卡种类新增成功"; $cardTypeID = $r[0]; $arr = array("NULL" => $cardTypeID); $addStr = strtr($gameStr, $arr); $sqladd = "insert into CD_CardGameType (cd_CardTypeID,bm_GameID,bm_AreaID,bm_ServerID) values " . $addStr; $add = sql_query($sqladd); if ($add == 0) { $msg .= ",卡限制新增失败"; } return new ExcuteResult(ResultStateLevel::SUCCESS, $msg, $sqladd); } else { return new ExcuteResult(ResultStateLevel::ERROR, "执行出错", NULL); } }
$th = $_SESSION['xth']; extract($_POST); $xusername_sess = $_SESSION['xusername']; $xmenu_p = xmenu_id($p); $p_next = $xmenu_p->parent; if (isset($form)) { if ($err != true) { $lastmodified = now(); $modifiedby = $xusername_sess; $id = $q; foreach ($field as $k => $val) { $value[$k] = ${$val}; } if ($q == "") { //ADD NEW $sql = sql_insert($table, $field, $value); $rs = mysql_query($sql); if ($rs) { update_log($sql, $table, 1); $_SESSION['errmsg'] = "Input data berhasil!"; } else { update_log($sql, $table, 0); $_SESSION['errmsg'] = "Input data gagal!"; } ?> <meta http-equiv="refresh" content="0;URL=index.php?p=<?php echo $p_next; ?> &pagess=<?php echo $pagess;
//echo $i. "<br>"; $query = "SELECT max(id) id from revizia WHERE id_obj IN (\r\n SELECT id FROM `objednavka` where vymaz=0 AND\r\n status<>" . def_value("default_obj_status_rozpracovana", "hodnota") . " AND \r\n status<>" . def_value("default_obj_status_cp", "hodnota") . " AND\r\n (datum between \"{$rok}-{$ij}-01 00:00:00\" AND \"{$rok}-{$ij}-31 23:59:59\")\r\n AND id_zakaznik={$uzivatel_item[id]}\r\n )\r\n GROUP BY id_obj\r\n "; //die(); $last_revision = sql_query($query); //var_dump($last_revision); //echo $i ."-".$uzivatel_item[id]. " - ". $last_revision[id] ."<br>"; // ====== statistiky pre stvoraky ============= //============================================= foreach ($last_revision as $rev_id) { $query = "SELECT all_sum dlzka from cp \r\n WHERE id_revizia=\"{$rev_id["id"]}\" ORDER BY id DESC LIMIT 1"; $all_sum = sql_query($query); //var_dump($all_sum); $cp_sum_all = $cp_sum_all + $all_sum[0][dlzka]; //var_dump($stvorak_sum); //$hrana_sum[$ij][$hrana["id"]] = $hrana_sum[$ij][$hrana["id"]] / 1000; $cp_sum_all = round($cp_sum_all, 2); $stats_exists = sql_query("SELECT id from stats_uzivatel_cp\r\n WHERE rok={$rok} AND mesiac={$ij} AND id_uzivatel=\"{$uzivatel_item[id]}\" LIMIT 1"); //var_dump($cp_sum_all); if (count($stats_exists) == 1) { //echo "existuje<br>"; sql_update("UPDATE stats_uzivatel_cp SET\r\n hodnota={$cp_sum_all} WHERE rok=\"{$rok}\" AND mesiac=\"{$ij}\" AND id_uzivatel=\"{$uzivatel_item["id"]}\" "); } else { //echo "neexistuje<br>"; sql_insert("INSERT into stats_uzivatel_cp (rok, mesiac, id_uzivatel, hodnota)\r\n VALUES ({$rok}, {$ij}, {$uzivatel_item[id]}, {$cp_sum_all})"); } } } } mysql_query("COMMIT"); //var_dump($uzivatel); header("location: index.php?vyber=stats_users");
</td> <td width="80%" valign="top"> <?php $conn = connect(); $showrecs = 20; $pagerange = 10; $a = @$_GET["a"]; $recid = @$_GET["recid"]; $page = @$_GET["page"]; if (!isset($page)) { $page = 1; } $sql = @$_POST["sql"]; switch ($sql) { case "insert": sql_insert(); break; case "update": sql_update(); break; case "delete": sql_delete(); break; } switch ($a) { case "add": addrec(); break; case "view": viewrec($recid); break;
<?php include "common.php"; include $Path_Include . "db.php"; include $Path_Include . "lib.php"; $sql = "insert into pages(page_title,template_id) values ('" . $_REQUEST["page_title"] . "','" . $_REQUEST["template"] . "')"; print $sql; $page_id = sql_insert($sql); header("location:add_page_step2.php?pageID=" . $page_id);
function formular_cp($order, $revision = 0, $fieldsets_c = 1, $form_data = "", $page = "") { if (isset($_GET["cp"])) { $cp = sec_input($_GET["cp"]); } if (!empty($form_data)) { foreach ($form_data as $key => $value) { ${$key} = $value; } } $data = sql_query("SELECT r.id, r.id_obj, r.meno, adresa, ico, telefon, email, komentar,\r\n DATE_FORMAT(datum, '%d. %m. %Y, %H:%i') AS datum\r\n FROM revizia r \r\n \r\n WHERE r.id={$revision} \r\n LIMIT 1"); $data = $data[0]; //var_dump($data); $data_obj = sql_query("SELECT DATE_FORMAT(datum, '%d. %m. %Y, %H:%i') AS datum, c_obj, id_zakaznik\r\n FROM objednavka \r\n WHERE id=" . $data["id_obj"] . " LIMIT 1"); $data_obj = $data_obj[0]; //var_dump($data); $message = ""; $message .= "<h1>Cenová ponuka pre objednávku č. " . $data_obj["c_obj"] . " / " . $data["id"] . "</h1>"; $message .= "<h5>Objednávka zo dňa: " . $data_obj["datum"] . "</h5>"; $message .= "<div class=\"print_hlavicka\">"; if ($data_obj[id_zakaznik] > 0) { $meno_zakaznika = sql_query("SELECT meno, adresa, mesto, psc, ico, dic, telefon, email \r\n \r\n FROM uzivatel WHERE id={$data_obj['id_zakaznik']} LIMIT 1"); $meno_zakaznika = $meno_zakaznika[0]; $data[meno] = $meno_zakaznika[meno]; $data[adresa] = $meno_zakaznika[adresa]; $data[mesto] = $meno_zakaznika[mesto]; $data[psc] = $meno_zakaznika[psc]; $data[ico] = $meno_zakaznika[ico]; $data[dic] = $meno_zakaznika[dic]; $data[telefon] = $meno_zakaznika[telefon]; $data[email] = $meno_zakaznika[email]; //$cenova_hladina = sql_query("SELECT id_c_hladina FROM uzivatel WHERE id=$data_obj[id_zakaznik]"); //$cenova_hladina = $cenova_hladina[0][id_c_hladina]; } $message .= "<div class=\"print_odberatel\"><table class=\"print_odberatel\"><tr><td></td><td><strong>Objednávateľ:</strong></td></tr>"; $message .= "<tr><td></td><td class=\"print_bigger\">" . $data["meno"] . "</td></tr>"; $message .= "<tr><td></td><td>" . $data["adresa"] . "</td></tr>"; $message .= "<tr><td></td><td>" . $data["psc"] . " " . $data["mesto"] . "</td></tr>"; $message .= "<tr><td>IČO:</td><td>" . $data["ico"] . "</td></tr>"; $message .= "<tr><td>DIČ:</td><td>" . $data["dic"] . "</td></tr>"; $message .= "<tr><td>tel.:</td><td>" . $data["telefon"] . "</td></tr>"; $message .= "<tr><td>email:</td><td>" . $data["email"] . "</td></tr>"; $message .= "</table>"; $message .= "</div>"; //var_dump($dekor); echo "<div class=\"print\">"; echo $message; echo "</div>"; echo "</div>"; echo "<div id=\"content\" class=\"print_hlavicka4\">"; if (empty($page) or $page == 1) { if ($_POST["submit_page1"]) { $fieldsets_c = count($_POST["id"]); for ($i = 0; $i < $fieldsets_c; $i++) { $id_objednavka_row[] = sec_input(sec_sql($_POST["id"][$i])); $zlava[] = str_replace(',', '.', sec_input(sec_sql($_POST["zlava"][$i]))); $product_price[] = str_replace(',', '.', sec_input(sec_sql($_POST["product_price"][$i]))); $id_cp_product[] = sec_input(sec_sql($_POST["id_cp_product"][$i])); $ks[] = sec_input(sec_sql($_POST["ks"][$i])); } $form_data[id_objednavka_row] = $id_objednavka_row; $form_data[id_cp_product] = $id_cp_product; $form_data[ks] = $ks; $form_data[zlava] = $zlava; $form_data[product_price] = $product_price; //var_dump($order); //var_dump($revision); if (empty($error_msg)) { $query = "INSERT INTO cp ( id_objednavka, id_revizia, vytvoril )\r\n VALUES ( {$order}, {$revision}, {$_SESSION['username']} )\r\n "; //print_r($query); //die(); mysql_query("BEGIN"); $sql_cp = sql_insert($query); $cp_id = $sql_cp["inserted_id"]; for ($i = 0; $i < count($form_data[id_objednavka_row]); $i++) { if (empty($form_data[product_price][$i])) { $product_price = sql_query("SELECT cena FROM cp_product WHERE id=" . $form_data[id_cp_product][$i] . " ORDER BY id DESC LIMIT 1")[0]["cena"]; } else { $product_price = $form_data[product_price][$i]; } //echo $product_price."<br>"; //$product_ks_sum = $product_ks_sum + sec_input($form_data["ks"][$i]); $product_price_sum = $product_price * sec_input($form_data["ks"][$i]); $products_prices_sums = $products_prices_sums + $product_price_sum; $zlava_E = $product_price_sum * $form_data["zlava"][$i] / 100; $po_zlave = $product_price_sum - $zlava_E; $po_zlave_sum = $po_zlave_sum + $po_zlave; $query_cp_row = "INSERT into cp_row (id_cp, id_objednavka_row, id_cp_product, \r\n ks, cena, zlava, sum)\r\n VALUES ({$cp_id},\r\n {$form_data[id_objednavka_row][$i]}, \r\n \"{$form_data[id_cp_product][$i]}\", \r\n {$form_data[ks][$i]},\r\n \"{$form_data[product_price][$i]}\",\r\n \"{$form_data[zlava][$i]}\",\r\n \"{$po_zlave}\"\r\n )"; //echo $query_cp_row."<br>"; sql_insert($query_cp_row); //var_dump($query_poznamka); } sql_update("UPDATE cp SET all_sum={$po_zlave_sum} WHERE id={$cp_id}"); mysql_query("COMMIT"); //dd($form_data); //$_SESSION["posted_form_from_cp"]=$form_data; header("location: ?vyber=cp&order={$order}&revision={$revision}&action=display_all"); } else { echo "<div id=error_message>" . implode("<br>", $error_msg) . "</div>"; } } echo "<form method=\"POST\" id=\"formular\" enctype=\"multipart/form-data\">"; echo "<fieldset id=\"cp_rows\">"; // pre editaciu cenovej ponuky.... //========================================= $data_row = sql_query("SELECT * \r\n FROM objednavka_row\r\n WHERE id_revizia = " . $revision . "\r\n "); //var_dump($data_row); $fieldsets_c = count($data_row); for ($i = 0; $i < $fieldsets_c; $i++) { $ks[$i] = $data_row[$i][ks]; $id[$i] = $data_row[$i][id]; $product_type[$i] = $data_row[$i][id_product_type]; $product[$i] = $data_row[$i][id_product]; $product_delivery[$i] = $data_row[$i][id_product_delivery]; $atyp_text[$i] = $data_row[$i][atyp_text]; $data_row_option = sql_query("SELECT id_product_atribute, id_product_atribute_option \r\n FROM objednavka_row_atribute \r\n WHERE id_revizia=\"{$revision}\" AND id_objednavka_row=\"{$data_row[$i][id]}\""); //dd($form_data_row_option); foreach ($data_row_option as $option) { $data_rows[$i][$option["id_product_atribute"]] = $option["id_product_atribute_option"]; } if (isset($_GET["cp"]) and !empty($_GET["cp"])) { $query = "SELECT * from cp_row WHERE id_cp=" . sec_input(sec_sql($_GET["cp"])) . " AND id_objednavka_row=" . $data_row[$i][id] . ""; $cp_row = sql_query($query)[0]; $cena[$i] = $cp_row[cena]; $zlava[$i] = $cp_row[zlava]; //var_dump($cp_row); } } $data[id_all] = $id; $data[ks_all] = $ks; $data[product_type_all] = $product_type; $data[product_all] = $product; $data[product_delivery_all] = $product_delivery; $data[atyp_text_all] = $atyp_text; $data[product_atribute_options_all] = $data_rows; $data[product_price_all] = $cena; $data[zlava_all] = $zlava; $message = "<div class=\"print_hlavicka3\">\r\n <table>\r\n <tr>\r\n <th></th> \r\n <th style=\"width: 380px;\">produkt</th>\r\n <th style=\"width: 40px;\">množstvo</th>\r\n <th style=\"width: 70px;\">doprava</th> \r\n <th style=\"width: 50px;\">j.cena</th>\r\n <th style=\"width: 50px;\">Spolu</th>\r\n <th style=\"width: 90px;\">zľava %</th>\r\n <th style=\"width: 50px;\">po zľave</th>\r\n </tr>"; //echo hidden("name", "value"); //var_dump($data); $fieldsets_c = count($data["ks_all"]); for ($i = 0; $i < $fieldsets_c; $i++) { $poradie = 0; $poradie = $i + 1; $message .= "<tr>\r\n <td class=\"form_poradie\">{$poradie}. </td>\r\n "; $product_type = sql_query("SELECT meno FROM product_type WHERE id=" . sec_sql(sec_input($data["product_type_all"][$i])) . " LIMIT 1"); $product_type = $product_type[0]; $product = sql_query("SELECT id, meno FROM product WHERE id=" . sec_sql(sec_input($data["product_all"][$i])) . " LIMIT 1")[0]; $message .= hidden("id[]", $data["id_all"][$i]); $options_str = array(); //var_dump($data); if (!isset($data["product_atribute_options_all"][$i]) or empty($data["product_atribute_options_all"][$i])) { $data["product_atribute_options_all"][$i] = array(); } $option_c_hladina = 1; foreach ($data["product_atribute_options_all"][$i] as $option) { //var_dump($option); $options = sql_query("SELECT id, meno, id_c_hladina FROM product_atribute_option WHERE id=" . sec_sql(sec_input($option)) . " LIMIT 1"); $options_str[] = $options[0]["meno"]; if ($options[0]["id_c_hladina"] > $option_c_hladina) { $option_c_hladina = $options[0]["id_c_hladina"]; } //$options["price"] = sql_query("SELECT id, cena FROM product_atribute_option WHERE id=".sec_sql(sec_input($option))." LIMIT 1"); } $options_str = empty($options_str) ? "" : " (" . join(", ", $options_str) . ")"; $message .= "<td class=\"form_nazov_siroky\">" . $product_type["meno"] . " " . $product["meno"] . "" . $options_str . "" . (empty($data["atyp_text_all"][$i]) ? "" : "<br>Atyp: " . sec_input($data["atyp_text_all"][$i])) . "</td>"; $product_delivery = sql_query("SELECT meno FROM product_delivery WHERE id=" . sec_sql(sec_input($data["product_delivery_all"][$i])) . " LIMIT 1"); $product_delivery = $product_delivery[0]; $message .= "<td class=\"form_ks\">" . sec_input($data["ks_all"][$i]) . " ks</td>"; $message .= "<td class=\"form_hrana\">" . $product_delivery["meno"] . "</td>"; $message .= hidden("ks[]", $data["ks_all"][$i]); if (empty($data[product_price_all][$i])) { $product_prices = sql_query("SELECT id, cena FROM cp_product WHERE id_c_hladina=" . $option_c_hladina . " AND id_product=" . $product["id"] . " ORDER BY id DESC LIMIT 1")[0]; $product_price = $product_prices[cena]; } else { $product_price = $data[product_price_all][$i]; } $product_ks_sum = $product_ks_sum + sec_input($data["ks_all"][$i]); $product_price_sum = $product_price * sec_input($data["ks_all"][$i]); $message .= hidden("id_cp_product[]", $product_prices[id]); // spocitanie ceny spolu za vsetky produkty $products_prices_sums = $products_prices_sums + $product_price_sum; $zlava_E = $product_price_sum * $data[zlava_all][$i] / 100; $po_zlave = $product_price_sum - $zlava_E; $po_zlave_sum = $po_zlave_sum + $po_zlave; if (!empty($data["atyp_text_all"][$i])) { $product_price = textfield("product_price[{$i}]", $data[product_price_all][$i], "", 5, 3, "product_price"); } else { $product_price = $product_price . " €"; } $message .= "<td class=\"form_nazov ali-center product-price\">" . $product_price . "</td>"; $message .= "<td class=\"form_nazov ali-center bold\"><span class=\"cena-spolu-product\">" . $product_price_sum . "</span> €</td>"; $message .= "<td class=\"form_nazov\">" . textfield("zlava[]", $data[zlava_all][$i], "", 4, 2, "zlava") . "<span class=\"zlava-E bold\">" . ($zlava_E > 0 ? "-" . $zlava_E . " €" : "") . "</span></td>"; $message .= "<td class=\"form_nazov ali-center po-zlave-sum\">" . $po_zlave . "</td>"; $message .= "</tr>"; } $message .= "<tr class=\"cp_spolu bold\">\r\n <td></td>\r\n <td>Spolu:</td>\r\n <td class=\"ali-center\">" . $product_ks_sum . " ks</td>\r\n <td></td>\r\n <td></td>\r\n <td class=\"ali-center\">" . $products_prices_sums . " €</td>\r\n <td></td>\r\n <td class=\"ali-center po-zlave-sum-all\">" . $po_zlave_sum . " €</td>\r\n \r\n <tr>"; $message .= "</table></div>"; echo $message; echo "</fieldset>"; echo submit("submit_page1", "Pokračovať"); } echo "</form>"; }
/** * 新增 * @param $account * @param $name * @param $phone * @param $mail * @param $QQ * @param $adress * @param $type * @param $reamark */ public function AddNew($account, $name, $phone, $mail, $QQ, $adress, $type, $reamark) { AddBMAccountEventLog("新增账号:" . $account, EventLogTypeEnum::BASEMANGE); if (!isset($_SESSION['account_ID'])) { return new ExcuteResult(ResultStateLevel::ERROR, "The accounts have been logged out, please re-login account", "-1"); } $check = "SELECT bm_AccountID FROM bm_account WHERE bm_Account = '" . $account . "'"; if (sql_check($check)) { return new ExcuteResult(ResultStateLevel::EXCEPTION, "账号已存在", $account); } $password = md5("a00000"); $sql = "insert into bm_account (bm_Account,bm_Password,bm_AccountName,bm_Phone,bm_Email,bm_QQ,bm_Address,bm_AccountType,bm_AccountState,bm_ARemark)"; $sql .= "values ('{$account}','{$password}','{$name}','{$phone}','{$mail}','{$QQ}','{$adress}','{$type}',0,'{$reamark}')"; $r = sql_insert($sql); if ($r != 0) { return new ExcuteResult(ResultStateLevel::SUCCESS, "", $r[0]); } else { return new ExcuteResult(ResultStateLevel::EXCEPTION, "执行出错", NULL); } }
/** * REPLACE 一个对象p * @param $table * @param $obj * @return sql字符串 */ function sql_replace_object($table, $obj) { if (!$obj) { return 0; } $sql = "REPLACE INTO {$table} "; $keys = "("; $values = "("; $r = ""; foreach ($obj as $key => $value) { $keys .= $r . "`" . $key . "`"; $values .= $r . "'" . $value . "'"; $r = ","; } $keys .= ")"; $values .= ")"; $sql = $sql . $keys . " VALUES " . $values; return sql_insert($sql); }