public function index()
{
if ($_POST['id']) {
$id = mysql_escape_String($_POST['id']);
$keyword = $this->db->escape($_POST['keyword']);
$meta_keyword = $this->db->escape($_POST['meta_keyword']);
$meta_description = $this->db->escape($_POST['meta_description']);
$tags = $this->db->escape($_POST['tags']);
$language_id = $this->db->escape($_POST['lang']);
if (strpos('x' . $id, 'Product') != false) {
$id = str_replace('Product', '', $id);
$id = (int) $id;
$query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'product_id={$id}';");
if ($keyword != '') {
$query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('product_id={$id}','{$keyword}');");
}
$query = $this->db->query("update " . DB_PREFIX . "product_description set meta_keyword = '{$meta_keyword}' where product_id = {$id} and language_id = {$language_id};");
$query = $this->db->query("update " . DB_PREFIX . "product_description set meta_description = '{$meta_description}' where product_id = {$id} and language_id = {$language_id};");
$query = $this->db->query("update " . DB_PREFIX . "product_description set tag = '{$tags}' where product_id = {$id} and language_id = {$language_id};");
}
if (strpos('x' . $id, 'Category') != false) {
$id = str_replace('Category', '', $id);
$id = (int) $id;
$query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'category_id={$id}';");
if ($keyword != '') {
$query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('category_id={$id}','{$keyword}');");
}
$query = $this->db->query("update " . DB_PREFIX . "category_description set meta_keyword = '{$meta_keyword}' where category_id = {$id} and language_id = {$language_id};");
$query = $this->db->query("update " . DB_PREFIX . "category_description set meta_description = '{$meta_description}' where category_id = {$id} and language_id = {$language_id};");
}
if (strpos('x' . $id, 'Information') != false) {
$id = str_replace('Information', '', $id);
$id = (int) $id;
$query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'information_id={$id}';");
if ($keyword != '') {
$query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('information_id={$id}','{$keyword}');");
}
}
if (strpos('x' . $id, 'Manufacturer') != false) {
$id = str_replace('Manufacturer', '', $id);
$id = (int) $id;
$query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'manufacturer_id={$id}';");
if ($keyword != '') {
$query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('manufacturer_id={$id}','{$keyword}');");
}
}
}
}
<?php
include "config.php";
$ip = 'none';
if (isset($_GET['ip'])) {
$ip = $_GET['ip'];
} elseif (isset($_SERVER['REMOTE_ADDR']) and $_SERVER['REMOTE_ADDR'] != '') {
$ip = $_SERVER['REMOTE_ADDR'];
}
if ($_POST['id'] or $_GET['id']) {
if (isset($_POST['id'])) {
$id = $_POST['id'];
} elseif (isset($_GET['id'])) {
$id = $_GET['id'];
}
$id = mysql_escape_String($id);
$ip_sql = mysql_query("select ip_add from al_editors_voting_ip where mes_id_fk='{$id}' and ip_add='{$ip}'");
$count = mysql_num_rows($ip_sql);
if ($count == 0) {
$sql = "update al_editors_votes set up=up+1 where image_id='{$id}'";
mysql_query($sql);
$sql_in = "insert into al_editors_voting_ip (mes_id_fk,ip_add) values ('{$id}','{$ip}')";
mysql_query($sql_in);
}
$result = mysql_query("select up from al_editors_votes where image_id='{$id}'");
$row = mysql_fetch_array($result);
$up_value = $row['up'];
//fw("\n\r up_value=".$up_value);
if ($up_value == $limit_plus) {
// approve it to the main collection
$sql = "update wp_product_list set approved=1 where id='{$id}'";
if ($choix == '5') {
if ($_POST['id']) {
$id = mysql_escape_String($_POST['id']);
$sql = "delete from transformation where Nt='{$id}'";
mysql_query($sql);
}
}
//****update line after modifs******************************************************
if ($choix == '6') {
if ($_POST['id']) {
$id = mysql_escape_String($_POST['id']);
$name = mysql_escape_String($_POST['name']);
$category = mysql_escape_String($_POST['category']);
$price = mysql_escape_String($_POST['price']);
$discount = mysql_escape_String($_POST['discount']);
$add = mysql_escape_String($_POST['add']);
$sql = "update transformation set ts='{$name}',td='{$category}',Nom_op='{$price}',Nom_par='{$discount}',Add_par='{$add}' where Nt='{$id}'";
mysql_query($sql);
}
}
//*************load grid*********************************************
if ($choix == '7') {
if ($_POST['page']) {
$page = $_POST['page'];
$cur_page = $page;
$page -= 1;
$per_page = 1000;
// Per page
$previous_btn = true;
$next_btn = true;
$first_btn = true;
$_SITEURL = get_option('siteurl');
$Current_ID = $current_user->id;
// get comment
$comment = '';
if (isset($_POST['comment'])) {
$comment = mysql_escape_String($_POST['comment']);
}
if ($comment != '') {
if (isset($_POST['cartoon_id'])) {
$cartoon_id = mysql_escape_String($_POST['cartoon_id']);
}
if (isset($_POST['author_id'])) {
$author_id = mysql_escape_String($_POST['author_id']);
}
if (isset($_POST['comment_author'])) {
$cartoon_id = mysql_escape_String($_POST['comment_author']);
}
// save comment:
$sql_insert = "insert into wp_comments (comment_post_ID, comment_content, comment_date, comment_author) values('{$cartoon_id}', '{$comment}', '" . date("Y-m-d H:i:s") . "','{$author_id}')";
$result = mysql_query($sql_insert);
//read comments:
$result = mysql_query("select C.comment_id, C.comment_content, C.comment_date, U.display_name as author from wp_comments as C, wp_users as U where U.id = C.comment_author order by C.comment_date DESC LIMIT 50");
$result = mysql_query("select C.comment_id, C.comment_content, C.comment_date, U.display_name as author from wp_comments as C, wp_users as U where U.id = C.comment_author order by C.comment_date DESC LIMIT 50");
$comments_output = "";
while ($r = mysql_fetch_array($result)) {
$_date = $r['comment_date'];
$_comment = nl2br(stripslashes($r['comment_content']));
$_author = $r['author'];
$_id = $r['comment_id'];
$comments_output .= "<div style='margin-top:4px;'><span class='gr' title='" . $_date . "'>" . $_author . ": </span><span class='c_body'>" . $_comment . "</span> [<a title='стереть комментарий' href='#' onclick='deletecomment(" . $_id . ");'>x</a>]</div>";
}
<?php
include "db.php";
if ($_POST['id']) {
$id = mysql_escape_String($_POST['id']);
$titulo = mysql_escape_String($_POST['titulo']);
$link = mysql_escape_String($_POST['link']);
$comment = mysql_escape_String($_POST['comment']);
$sql = "update enlaces set titulo='{$titulo}',link='{$link}',comment='{$comment}' where id='{$id}'";
mysql_query($sql);
}
function database_touch($sql_obj, $table, $columns, $row_id, $id_col = false)
{
$now = time();
$table = str_replace('`', '', $table);
if (!is_array($columns)) {
$columns = array($columns);
}
foreach ($columns as $index => $value) {
$columns[$index] = '`' . mysql_escape_String($value) . '`=' . $now;
}
$id_col = empty($id_col) ? '`' . mysql_real_escape_string($table, $sql_obj->resource()) . '_id`' : '`' . mysql_real_escape_string($id_col, $sql_obj->resource()) . '`';
// Make sure table name is `table`
$table = '`' . mysql_real_escape_string($table, $sql_obj->resource()) . '`';
$sql_obj->query('UPDATE ' . $table . ' SET ' . implode(',', $columns) . ' WHERE ' . $id_col . '=' . (int) $row_id, ERROR_DATABASE_UPDATE);
}
<?php
include "connect_database.php";
if ($_POST['id']) {
$id = mysql_escape_String($_POST['user_id']);
$firstname = mysql_escape_String($_POST['firstname']);
$lastname = mysql_escape_String($_POST['lastname']);
$sql = "update user_details set fname='{$firstname}',lname='{$lastname}' where user_id='{$id}'";
mysql_query($sql);
}
function post_to_lj($id)
{
$id = mysql_escape_String($id);
// get text for posting
/*
$result=mysql_query("select l.name, l.description, l.additional_description, l.image, b.name as artist from wp_product_list as l, wp_product_brands as b where l.id='$id' and l.brand = b.id");
$row=mysql_fetch_array($result);
$_artist=$row['artist'];
$_title=$row['name'];
$_description=$row['description'];
$_additional_description=$row['additional_description'];
$_image=$row['image'];
$subj = $_title;
$text = $_artist.': «'.$_title.'» '.' http://cartoonbank.ru/?page_id=29&cartoonid='.$id.' '.$_description."<br />Тэги: ".$_additional_description;
*/
/* ваш ник в ЖЖ */
$name = "cartunbank";
/* ваш пароль в ЖЖ */
$password = "******";
/* текст который вы хотите опубликовать */
$text = "test";
/* заголовок для текста */
$subj = "test";
/* комьюнити */
$usejournal = "cartunbank";
/* включаем библиотеку XML-RPC */
include "lib/xmlrpc.inc";
/* (!!!) Все данные в ЖЖ хранятся в кодировке Unicode,
используем и в нашем случае такую же кодировку */
$xmlrpc_internalencoding = 'UTF-8';
/* Получаем текущее время */
$date = time();
$year = date("Y", $date);
$mon = date("m", $date);
$day = date("d", $date);
$hour = date("G", $date);
$min = date("i", $date);
/* (!!!) Конвертируем текст из одной кодировки в UTF-8
в данном случае файл хранится в кодировке CP1251 */
$text = iconv("CP1251", "UTF-8", html_entity_decode($text));
$subj = iconv("CP1251", "UTF-8", html_entity_decode($subj));
/* заполняем массив с необходимыми переменными */
$post = array("username" => new xmlrpcval($name, "string"), "usejournal" => new xmlrpcval($usejournal, "string"), "password" => new xmlrpcval($password, "string"), "event" => new xmlrpcval($text, "string"), "subject" => new xmlrpcval($subj, "string"), "lineendings" => new xmlrpcval("unix", "string"), "year" => new xmlrpcval($year, "int"), "mon" => new xmlrpcval($mon, "int"), "day" => new xmlrpcval($day, "int"), "hour" => new xmlrpcval($hour, "int"), "min" => new xmlrpcval($min, "int"), "ver" => new xmlrpcval(2, "int"));
/* на основе массива создаем структуру */
$post2 = array(new xmlrpcval($post, "struct"));
/* создаем XML сообщение для сервера */
$f = new xmlrpcmsg('LJ.XMLRPC.postevent', $post2);
/* описываем сервер */
$c = new xmlrpc_client("/interface/xmlrpc", "www.livejournal.com", 80);
$c->request_charset_encoding = "UTF-8";
/* по желанию смотрим на XML-код того что отправится на сервер */
echo nl2br(htmlentities($f->serialize()));
/* отправляем XML сообщение на сервер */
$r = $c->send($f);
/* анализируем результат */
if (!$r->faultCode()) {
/* сообщение принято успешно и вернулся XML-результат */
$v = php_xmlrpc_decode($r->value());
print_r($v);
} else {
/* сервер вернул ошибку */
print "An error occurred: ";
print "Code: " . htmlspecialchars($r->faultCode());
print "Reason: '" . htmlspecialchars($r->faultString()) . "'\n";
}
}
<?php
include "db.php";
if ($_POST['id']) {
$id = mysql_escape_String($_POST['id']);
$qty_sold = mysql_escape_String($_POST['qty_sold']);
$price = mysql_escape_String($_POST['price']);
$da = date("Y-m-d");
$sql = mysql_query("select * from inventory where id='{$id}'");
while ($row = mysql_fetch_array($sql)) {
$qtyleft = $row['qtyleft'];
$price = $row['price'];
}
$ssss = $qtyleft - $qty_sold;
$sale = $qty_sold * $price;
$sales_sql = mysql_query("select * from sales where date='{$da}' and product_id='{$id}'");
$count = mysql_num_rows($sales_sql);
if ($count == 0) {
mysql_query("INSERT INTO sales (product_id, qty, date, sales) VALUES ('{$id}','{$qty_sold}','{$da}','{$sale}')");
}
if ($count != 0) {
mysql_query("UPDATE sales set qty=qty+'{$qty_sold}',sales='{$sale}' where date='{$da}' and product_id='{$id}'");
}
$sql = "update inventory set qtyleft='{$ssss}',price='{$price}',sales=sales+'{$sale}',qty_sold=qty_sold+'{$qty_sold}' where id='{$id}'";
mysql_query($sql);
}
?>
$courseKey = $course['cid'] . $course['faculty_acronym'] . $course['course_number'];
//ugly, but c'est la vie
$courses[$courseKey] = $course;
}
}
// We need to forcefully destruct this object to avoid memory growing forever.
$html->__destruct();
unset($html);
}
$courseKey = "";
// Prune dead courses.
$results = $db->query('SELECT * FROM courses;');
while ($row = mysql_fetch_assoc($results)) {
$courseKey = $row['cid'] . $row['faculty_acronym'] . $row['course_number'];
if (!isset($courses[$courseKey])) {
$db->query('DELETE FROM courses WHERE cid = "' . mysql_escape_string($row['cid']) . ' AND faculty_acronym = \'' . mysql_escape_String($row['faculty_acronym']) . ' AND course_number = \'' . mysql_escape_string($row['course_number']) . '";');
}
}
// And update existing ones/insert new ones.
foreach ($courses as $cid => $course) {
//echo $course['faculty_acronym'] . ": " . $course['course_number'] . "\n";
if (isset($course['extra_fields'])) {
print_r($course['extra_fields']);
unset($course['extra_fields']);
}
$escaped_values = array();
foreach (array_values($course) as $value) {
$escaped_values[] = '"' . mysql_escape_string($value) . '"';
}
$update_query_arr = array();
foreach ($course as $key => $value) {
<?php
/**include("db.php");*/
require_once '../../includes/mysql.php';
$db = new MySQL();
if ($_POST['id']) {
$id = mysql_escape_String($_POST['id']);
$titulo = mysql_escape_String($_POST['titulo']);
$revision_num = mysql_escape_String($_POST['revision_num']);
$modificacion = mysql_escape_String($_POST['modificacion']);
$capapart = mysql_escape_String($_POST['capapart']);
$fechamodificacion = mysql_escape_String($_POST['fechamodificacion']);
$sql = "update modifdoc set titulo='{$titulo}', revision_num='{$revision_num}', modificacion='{$modificacion}', capapart='{$capapart}', fechamodificacion='{$fechamodificacion}' where id='{$id}'";
mysql_query($sql);
mysql_query("SET NAMES 'utf8'");
}
<?php
include "dbcon.php";
if (isset($_POST['profile_id'])) {
$id = $_POST['profile_id'];
$sql_in = mysql_query("SELECT profile_name FROM profile where profile_id='{$id}'");
$r = mysql_fetch_array($sql_in);
$profile_delete_name = $r['profile_name'];
$time1 = time();
$sql1 = "INSERT INTO latest_delete\t(profile_delete_id,profile_delete_name,profile_delete_date) VALUES ('{$id}','{$profile_delete_name}','{$time1}')";
mysql_query($sql1);
$profile_id = mysql_escape_String($_POST['profile_id']);
echo $sql_img = mysql_query("select * from profile where profile_id='" . $profile_id . "'");
while ($row_img = mysql_fetch_array($sql_img)) {
$img = $row_img['profile_logo'];
$img2 = $row_img['profile_screenshots'];
//echo $img;
$files = glob('../img/uploads/' . $img . '');
foreach ($files as $file) {
unlink($file);
}
$files2 = glob('../img/uploads/' . $img2 . '');
foreach ($files2 as $file2) {
unlink($file2);
}
}
$sql = "delete from profile where profile_id='{$profile_id}'";
mysql_query($sql);
$sql_pp = "delete from profile_people where profile_id='{$profile_id}'";
mysql_query($sql_pp);
$sql_pcc = "delete from profile_competitors where profile_id='{$profile_id}'";
<?php
session_start();
include "includes/db.php";
$uid = $_SESSION["id"];
if ($_POST['user_id']) {
$user_id = $_POST['user_id'];
$user_id = mysql_escape_String($user_id);
$sql_in = mysql_query("DELETE from follow_user Where uid_fk='{$uid}' and following_uid='{$user_id}'");
}
<?php
require_once "../../../wp-config.php";
include "config.php";
if (isset($_REQUEST['ip'])) {
$ip = $_REQUEST['ip'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
if ($_REQUEST['id'] and isset($_REQUEST['vote'])) {
$id = $_REQUEST['id'];
$vote = $_REQUEST['vote'];
$id = mysql_escape_String($id);
$vote = mysql_escape_String($vote);
// проверить не голосовал ли ещё
$ip_sql = mysql_query("select ip_add from al_editors_voting_ip where mes_id_fk='{$id}' and ip_add='{$ip}'");
$count = mysql_num_rows($ip_sql);
if ($count == 0) {
// добавить новый голос в рейтинг
$temp_rand = rand();
$sql = "INSERT ignore INTO `wp_fsr_user` (`user`, `post`, `points`, `ip`) VALUES ({$temp_rand}, {$id}, {$vote}, '{$ip}');";
$result = mysql_query($sql) or die(mysql_error());
// посчитать количество голосов и средний балл
$sql = "select count(post) as votescount, sum(points) as avgpoints from `wp_fsr_user` where post='{$id}'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);
$votescount = $row['votescount'];
$avgpoints = $row['avgpoints'];
// обновить средний балл и количество голосов
$sql = "INSERT IGNORE INTO `wp_fsr_post` (`id`, `votes` ,`points`) VALUES ({$id}, {$votescount}, {$avgpoints})";
mysql_query($sql);
<?php
/*connect to database */
$user_name = "root";
$pass_word = "csc309";
$database = "startit";
$server = "104.236.231.174:3306";
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($_POST['id']) {
$id = mysql_escape_String($_POST['id']);
// Vote update
mysql_query("update projects set dislikes=dislikes+1 where pID='{$id}'");
}
<?php
/**include("db.php");*/
require_once '../../includes/mysql.php';
$db = new MySQL();
if ($_POST['id']) {
$id = mysql_escape_String($_POST['id']);
$titulo = mysql_escape_String($_POST['titulo']);
$link = mysql_escape_String($_POST['link']);
$comment = mysql_escape_String($_POST['comment']);
$clave1 = mysql_escape_String($_POST['clave1']);
$sql = "update enlaces set titulo='{$titulo}',link='{$link}',comment='{$comment}',clave1='{$clave1}' where id='{$id}'";
mysql_query($sql);
mysql_query("SET NAMES 'utf8'");
}
<?php
include "dbcon.php";
if (isset($_POST['id'])) {
$id = $_POST['id'];
$sql_in = mysql_query("SELECT profile_person_name FROM profile_person where profile_person_id='{$id}'");
$r = mysql_fetch_array($sql_in);
$profile_person_delete_name = $r['profile_person_name'];
$time1 = time();
$sql1 = "INSERT INTO latest_delete_person\t(profile_person_delete_id,profile_person_delete_name,profile_person_delete_date) VALUES ('{$id}','{$profile_person_delete_name}','{$time1}')";
mysql_query($sql1);
$profile_person_id = mysql_escape_String($_POST['id']);
$sql_img = mysql_query("select * from profile_person where profile_person_id='{$profile_person_id}'");
while ($row_img = mysql_fetch_array($sql_img)) {
$img = $row_img['profile_person_image'];
//echo $img;
$files = glob('../img/uploads/' . $img . '');
foreach ($files as $file) {
unlink($file);
}
}
$sql = "delete from profile_person where profile_person_id='{$profile_person_id}'";
mysql_query($sql);
$sql_pc = "delete from profile_person_companies where profile_person_id='{$profile_person_id}'";
mysql_query($sql_pc);
$sql_pfo = "delete from profile_person_fo where profile_person_id='{$profile_person_id}'";
mysql_query($sql_pfo);
}
</style>
<?php
require 'core/init.php';
$user = $users->teamdata($_SESSION['id']);
$admin_id = $_SESSION['id'];
if ($_SESSION['id'] == 0) {
header('Location: hpage.php');
}
$username = $user['Team'];
if (isset($_POST['buttonsave'])) {
$membername = mysql_escape_String($_POST['member_name']);
$dept = mysql_escape_String($_POST['department']);
$age = mysql_escape_String($_POST['age']);
$rollno = mysql_escape_String($_POST['rollno']);
$postion = mysql_escape_String($_POST['position']);
$aboutme = mysql_escape_string($_POST['aboutme']);
$data = $users->addmember($admin_id, $membername, $age, $rollno, $dept, $postion, $aboutme);
exit;
}
if (isset($_POST['editvalue'])) {
$ide1 = $_POST['id'];
$data = $users->memberedit($admin_id, $ide1);
header("Content-type: text/x-json");
echo json_encode($data);
exit;
}
//code update
if (isset($_POST['Update'])) {
$name = $_POST['upname'];
$rollno = $_POST['uprollno'];
