$linktype = intval($_POST['linktype']); $show = intval($_POST['show']); if ($linktype == 1) { $ankor = PHP_slashes(htmlspecialchars(strip_tags($_POST['ankor']))); } if ($linktype == 1 or $linktype == 2) { $url = PHP_slashes(htmlspecialchars(strip_tags($_POST['url']))); $noindex = intval($_POST['noindex']); $nofollow = intval($_POST['nofollow']); } if ($linktype == 3) { $ankor = PHP_slashes($_POST['html']); } if ($linktype == 2) { if ($_FILES["photo"]["size"] > 0) { $imgpath = save_image_on_server($_FILES["photo"], '../img/uploads/banner/', $registry['img']); if (!empty($imgpath[1])) { $path = $imgpath[1]; //str_replace('../','',$imgpath[1]).'|'; if ($_POST['update'] == 1) { $SQL_PHOTO = " `photo` = '{$path}', "; } if ($_POST['add'] == 1) { $SQL_PHOTO = $path; } } } } if ($_POST['update'] == 1) { $sql = "UPDATE `#__links`\tSET \r\n\t\t\t`url` = '{$url}', \r\n\t\t\t`ankor` = '{$ankor}', \r\n\t\t\t`noindex` = '{$noindex}', \r\n\t\t\t`nofollow` = '{$nofollow}', \r\n\t\t\t{$SQL_PHOTO} \r\n\t\t\t`show` = '{$show}',\r\n\t\t\t`block`='{$block}'\r\n\t\t\tWHERE `id`='{$id}' \r\n\t\t\tLIMIT 1; "; }
$tags_en = ''; foreach ($tags as $tag) { $t_en = generate_chpu($tag); if (empty($tags_en)) { $tags_en = $t_en; } else { $tags_en = $tags_en . ', ' . $t_en; } $DB->show_err = FALSE; $sql = "\tINSERT INTO `#__tags` (`name_rus`, `name_eng`, `count`) \r\n\t\t\t\t\tVALUES ('" . strtolower($tag) . "', '" . $t_en . "','0')"; $DB->execute($sql); $sql = "\tUPDATE `#__tags` SET `count`=`count`+1\r\n\t\t\t\t\tWHERE `name_rus`='" . strtolower($tag) . "'"; $DB->execute($sql); } if ($_FILES["photo"]["size"] > 0) { $imgpath = save_image_on_server($_FILES["photo"], 'img/uploads/news/prev/', $registry['img']); if (!empty($imgpath[1])) { $path = $imgpath[1]; //str_replace('../','',$imgpath[1]).'|'; if ($_POST['update'] == 1) { $SQL_PHOTO = " `thumbs` = '{$path}', "; } if ($_POST['add'] == 1) { $SQL_PHOTO = $path; } } } if ($_POST['update'] == 1) { $sql = "UPDATE `#__news` SET \r\n\t\t\t\t`cat` = '{$cat}', \r\n\t\t\t\t`title` = '{$title}',\r\n\t\t\t\t`text` = '{$text}',\r\n\t\t\t\t`chpu` = '{$chpu}',\r\n\t\t\t\t`show_date` = '{$show_date}',\r\n\t\t\t\t`tags_ru` = '{$tags_ru}',\r\n\t\t\t\t`tags_en` = '{$tags_en}',\r\n\t\t\t\t{$SQL_PHOTO}\r\n\t\t\t\t`original_url` = '{$original_url}',\r\n\t\t\t\t`comments` = '{$comments}'\r\n\t\t\t\tWHERE `id`='" . intval($_POST['id']) . "' LIMIT 1; "; $DB->execute($sql); $message[0] = 'valid';
<?php /** * * CMS It-Solutions 0.1 * Author: Vati Child * E-mail: vatia0@gmail.com * URL: www.it-solutions.ge * */ defined('_JEXEC') or die('Restricted access'); if ($_POST['submit']) { $name = PHP_slashes(htmlspecialchars(strip_tags($_POST['name']))); if ($_FILES['img']['size'] > 0) { $filename = time(); $path = save_image_on_server($_FILES['img'], '../img/uploads/styles/', $registry['img']); $DB->execute('INSERT INTO #__news_style (name,img) VALUES ("' . $name . '","' . $path[1] . '")'); } }