예제 #1
0
}
//connection
$config_arr = config();
$ads_db = dbconnect($config_arr);
//filling arrays
$categories = categories_load($ads_db);
$cities = cities_load($ads_db);
$showform_params = array('return_private' => "0", 'namereturn' => "", 'email_return' => "", 'return_send_email' => "1", 'phonereturn' => "", 'city' => "", 'returncategory' => "", 'returntitle' => "", 'returndescription' => "", 'returnprice' => "0", 'notice_field_is_empty' => "", 'return_id' => "");
//button controller
if (isset($_POST['main_form_submit'])) {
    //send button
    if ($_POST['title'] && ($_POST['seller_name'] && $_POST['email'] || $_POST['saved_email'])) {
        //если есть (название и (имя+мыло или указано сохраненное)
        $sent_entry = escape_2dim_arr($ads_db, $_POST);
        $_POST['author_id'] = author_controller($ads_db, $_POST);
        adsSQLSave($_POST, $ads_db);
    } else {
        $showform_params['notice_title_is_empty'] = 'You must fill Name, Email and Title(or choose email+name from selector) fields to proceed ';
    }
} elseif (isset($_GET['delentry']) && is_numeric($_GET['delentry'])) {
    //delete button
    adsSQLDelete($_GET['delentry'], $ads_db);
} elseif (isset($_GET['formreturn']) && is_numeric($_GET['formreturn'])) {
    //достаточно ли is_numeric для предотвращения инъекций? или нужно прогнать еще через intval? Или лучше привести тип к int?
    $showform_params = adsReturn($ads_db, $showform_params, $_GET['formreturn']);
}
//loading all ads for table
$cols = array('id', 'seller_name', 'title', 'price');
$query = 'SELECT ads.id, ads.title, ads.price, auth.seller_name FROM `ads_container`as `ads` INNER JOIN `ads_authors` as `auth` on ads.author_id=auth.id ORDER by ads.id';
$ads_container = adsLoad($ads_db, $query, $cols);
$emails = emails_load($ads_db);
예제 #2
0
    }
    mysql_free_result($dropbox_res);
    return $categories;
}
//создаем подключение
$config_arr = config();
$ads_db = dbconnect($config_arr);
//массивы
$showform_params = array('return_private' => "0", 'namereturn' => "", 'email_return' => "", 'return_send_email' => "1", 'phonereturn' => "", 'city' => "", 'returncategory' => "", 'returntitle' => "", 'returndescription' => "", 'returnprice' => "0", 'notice_field_is_empty' => "", 'return_id' => "");
$cities = cities_load();
$categories = categories_load();
//button processing
if (isset($_POST['main_form_submit'])) {
    //send button
    if ($_POST['title']) {
        adsSQLSave($_POST);
    } else {
        $showform_params['notice_title_is_empty'] = 'Введите название';
    }
} elseif (isset($_GET['delentry']) && is_numeric($_GET['delentry'])) {
    //delete button
    adsSQLDelete($_GET['delentry']);
} elseif (isset($_GET['formreturn']) && is_numeric($_GET['formreturn'])) {
    $showform_params = adsReturn($showform_params, $_GET['formreturn']);
}
//loading ads
$cols = array('id', 'seller_name', 'title', 'price');
$query = 'SELECT ' . implode(',', $cols) . ' FROM `ads_container`';
$ads_container = adsLoad($query, $cols);
//smarty block+display
$project_root = $_SERVER['DOCUMENT_ROOT'];