Exemplo n.º 1
0
 public function index()
 {
     if ($_POST['id']) {
         $id = mysql_escape_String($_POST['id']);
         $keyword = $this->db->escape($_POST['keyword']);
         $meta_keyword = $this->db->escape($_POST['meta_keyword']);
         $meta_description = $this->db->escape($_POST['meta_description']);
         $tags = $this->db->escape($_POST['tags']);
         $language_id = $this->db->escape($_POST['lang']);
         if (strpos('x' . $id, 'Product') != false) {
             $id = str_replace('Product', '', $id);
             $id = (int) $id;
             $query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'product_id={$id}';");
             if ($keyword != '') {
                 $query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('product_id={$id}','{$keyword}');");
             }
             $query = $this->db->query("update " . DB_PREFIX . "product_description set meta_keyword = '{$meta_keyword}' where product_id = {$id} and language_id = {$language_id};");
             $query = $this->db->query("update " . DB_PREFIX . "product_description set meta_description = '{$meta_description}' where product_id = {$id} and language_id = {$language_id};");
             $query = $this->db->query("update " . DB_PREFIX . "product_description set tag = '{$tags}' where product_id = {$id} and language_id = {$language_id};");
         }
         if (strpos('x' . $id, 'Category') != false) {
             $id = str_replace('Category', '', $id);
             $id = (int) $id;
             $query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'category_id={$id}';");
             if ($keyword != '') {
                 $query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('category_id={$id}','{$keyword}');");
             }
             $query = $this->db->query("update " . DB_PREFIX . "category_description set meta_keyword = '{$meta_keyword}' where category_id = {$id} and language_id = {$language_id};");
             $query = $this->db->query("update " . DB_PREFIX . "category_description set meta_description = '{$meta_description}' where category_id = {$id} and language_id = {$language_id};");
         }
         if (strpos('x' . $id, 'Information') != false) {
             $id = str_replace('Information', '', $id);
             $id = (int) $id;
             $query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'information_id={$id}';");
             if ($keyword != '') {
                 $query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('information_id={$id}','{$keyword}');");
             }
         }
         if (strpos('x' . $id, 'Manufacturer') != false) {
             $id = str_replace('Manufacturer', '', $id);
             $id = (int) $id;
             $query = $this->db->query("delete from " . DB_PREFIX . "url_alias where query = 'manufacturer_id={$id}';");
             if ($keyword != '') {
                 $query = $this->db->query("insert into " . DB_PREFIX . "url_alias(query, keyword) values('manufacturer_id={$id}','{$keyword}');");
             }
         }
     }
 }
Exemplo n.º 2
0
<?php

include "config.php";
$ip = 'none';
if (isset($_GET['ip'])) {
    $ip = $_GET['ip'];
} elseif (isset($_SERVER['REMOTE_ADDR']) and $_SERVER['REMOTE_ADDR'] != '') {
    $ip = $_SERVER['REMOTE_ADDR'];
}
if ($_POST['id'] or $_GET['id']) {
    if (isset($_POST['id'])) {
        $id = $_POST['id'];
    } elseif (isset($_GET['id'])) {
        $id = $_GET['id'];
    }
    $id = mysql_escape_String($id);
    $ip_sql = mysql_query("select ip_add from al_editors_voting_ip where mes_id_fk='{$id}' and ip_add='{$ip}'");
    $count = mysql_num_rows($ip_sql);
    if ($count == 0) {
        $sql = "update al_editors_votes set up=up+1  where image_id='{$id}'";
        mysql_query($sql);
        $sql_in = "insert into al_editors_voting_ip (mes_id_fk,ip_add) values ('{$id}','{$ip}')";
        mysql_query($sql_in);
    }
    $result = mysql_query("select up from al_editors_votes where image_id='{$id}'");
    $row = mysql_fetch_array($result);
    $up_value = $row['up'];
    //fw("\n\r up_value=".$up_value);
    if ($up_value == $limit_plus) {
        // approve it to the main collection
        $sql = "update wp_product_list set approved=1 where id='{$id}'";
Exemplo n.º 3
0
if ($choix == '5') {
    if ($_POST['id']) {
        $id = mysql_escape_String($_POST['id']);
        $sql = "delete from transformation where Nt='{$id}'";
        mysql_query($sql);
    }
}
//****update line after modifs******************************************************
if ($choix == '6') {
    if ($_POST['id']) {
        $id = mysql_escape_String($_POST['id']);
        $name = mysql_escape_String($_POST['name']);
        $category = mysql_escape_String($_POST['category']);
        $price = mysql_escape_String($_POST['price']);
        $discount = mysql_escape_String($_POST['discount']);
        $add = mysql_escape_String($_POST['add']);
        $sql = "update transformation set ts='{$name}',td='{$category}',Nom_op='{$price}',Nom_par='{$discount}',Add_par='{$add}' where Nt='{$id}'";
        mysql_query($sql);
    }
}
//*************load grid*********************************************
if ($choix == '7') {
    if ($_POST['page']) {
        $page = $_POST['page'];
        $cur_page = $page;
        $page -= 1;
        $per_page = 1000;
        // Per page
        $previous_btn = true;
        $next_btn = true;
        $first_btn = true;
Exemplo n.º 4
0
$_SITEURL = get_option('siteurl');
$Current_ID = $current_user->id;
// get comment
$comment = '';
if (isset($_POST['comment'])) {
    $comment = mysql_escape_String($_POST['comment']);
}
if ($comment != '') {
    if (isset($_POST['cartoon_id'])) {
        $cartoon_id = mysql_escape_String($_POST['cartoon_id']);
    }
    if (isset($_POST['author_id'])) {
        $author_id = mysql_escape_String($_POST['author_id']);
    }
    if (isset($_POST['comment_author'])) {
        $cartoon_id = mysql_escape_String($_POST['comment_author']);
    }
    // save comment:
    $sql_insert = "insert into wp_comments (comment_post_ID, comment_content, comment_date, comment_author) values('{$cartoon_id}', '{$comment}', '" . date("Y-m-d H:i:s") . "','{$author_id}')";
    $result = mysql_query($sql_insert);
    //read comments:
    $result = mysql_query("select C.comment_id, C.comment_content, C.comment_date, U.display_name as author from wp_comments as C, wp_users as U where U.id = C.comment_author order by C.comment_date DESC LIMIT 50");
    $result = mysql_query("select C.comment_id, C.comment_content, C.comment_date, U.display_name as author from wp_comments as C, wp_users as U where U.id = C.comment_author order by C.comment_date DESC LIMIT 50");
    $comments_output = "";
    while ($r = mysql_fetch_array($result)) {
        $_date = $r['comment_date'];
        $_comment = nl2br(stripslashes($r['comment_content']));
        $_author = $r['author'];
        $_id = $r['comment_id'];
        $comments_output .= "<div style='margin-top:4px;'><span class='gr' title='" . $_date . "'>" . $_author . ":&nbsp; </span><span class='c_body'>" . $_comment . "</span> [<a title='стереть комментарий' href='#' onclick='deletecomment(" . $_id . ");'>x</a>]</div>";
    }
Exemplo n.º 5
0
<?php

include "db.php";
if ($_POST['id']) {
    $id = mysql_escape_String($_POST['id']);
    $titulo = mysql_escape_String($_POST['titulo']);
    $link = mysql_escape_String($_POST['link']);
    $comment = mysql_escape_String($_POST['comment']);
    $sql = "update enlaces set titulo='{$titulo}',link='{$link}',comment='{$comment}' where id='{$id}'";
    mysql_query($sql);
}
Exemplo n.º 6
0
function database_touch($sql_obj, $table, $columns, $row_id, $id_col = false)
{
    $now = time();
    $table = str_replace('`', '', $table);
    if (!is_array($columns)) {
        $columns = array($columns);
    }
    foreach ($columns as $index => $value) {
        $columns[$index] = '`' . mysql_escape_String($value) . '`=' . $now;
    }
    $id_col = empty($id_col) ? '`' . mysql_real_escape_string($table, $sql_obj->resource()) . '_id`' : '`' . mysql_real_escape_string($id_col, $sql_obj->resource()) . '`';
    // Make sure table name is `table`
    $table = '`' . mysql_real_escape_string($table, $sql_obj->resource()) . '`';
    $sql_obj->query('UPDATE ' . $table . ' SET ' . implode(',', $columns) . ' WHERE ' . $id_col . '=' . (int) $row_id, ERROR_DATABASE_UPDATE);
}
Exemplo n.º 7
0
<?php

include "connect_database.php";
if ($_POST['id']) {
    $id = mysql_escape_String($_POST['user_id']);
    $firstname = mysql_escape_String($_POST['firstname']);
    $lastname = mysql_escape_String($_POST['lastname']);
    $sql = "update user_details set fname='{$firstname}',lname='{$lastname}' where user_id='{$id}'";
    mysql_query($sql);
}
Exemplo n.º 8
0
function post_to_lj($id)
{
    $id = mysql_escape_String($id);
    // get text for posting
    /*
    $result=mysql_query("select l.name, l.description, l.additional_description, l.image, b.name as artist from wp_product_list as l, wp_product_brands as b where l.id='$id' and l.brand = b.id");
    
    	$row=mysql_fetch_array($result);
    	$_artist=$row['artist'];
    	$_title=$row['name'];
    	$_description=$row['description'];
    	$_additional_description=$row['additional_description'];
    	$_image=$row['image'];
    
    
    $subj = $_title;
    $text = $_artist.': «'.$_title.'» '.' http://cartoonbank.ru/?page_id=29&cartoonid='.$id.' '.$_description."<br />Тэги: ".$_additional_description;
    */
    /* ваш ник в ЖЖ */
    $name = "cartunbank";
    /* ваш пароль в ЖЖ */
    $password = "******";
    /* текст который вы хотите опубликовать */
    $text = "test";
    /* заголовок для текста */
    $subj = "test";
    /* комьюнити */
    $usejournal = "cartunbank";
    /* включаем библиотеку XML-RPC */
    include "lib/xmlrpc.inc";
    /* (!!!) Все данные в ЖЖ хранятся в кодировке Unicode,
    	используем и в нашем случае такую же кодировку */
    $xmlrpc_internalencoding = 'UTF-8';
    /* Получаем текущее время */
    $date = time();
    $year = date("Y", $date);
    $mon = date("m", $date);
    $day = date("d", $date);
    $hour = date("G", $date);
    $min = date("i", $date);
    /* (!!!) Конвертируем текст из одной кодировки в UTF-8 
    	в данном случае файл хранится в кодировке CP1251 */
    $text = iconv("CP1251", "UTF-8", html_entity_decode($text));
    $subj = iconv("CP1251", "UTF-8", html_entity_decode($subj));
    /* заполняем массив с необходимыми переменными */
    $post = array("username" => new xmlrpcval($name, "string"), "usejournal" => new xmlrpcval($usejournal, "string"), "password" => new xmlrpcval($password, "string"), "event" => new xmlrpcval($text, "string"), "subject" => new xmlrpcval($subj, "string"), "lineendings" => new xmlrpcval("unix", "string"), "year" => new xmlrpcval($year, "int"), "mon" => new xmlrpcval($mon, "int"), "day" => new xmlrpcval($day, "int"), "hour" => new xmlrpcval($hour, "int"), "min" => new xmlrpcval($min, "int"), "ver" => new xmlrpcval(2, "int"));
    /* на основе массива создаем структуру */
    $post2 = array(new xmlrpcval($post, "struct"));
    /* создаем XML сообщение для сервера */
    $f = new xmlrpcmsg('LJ.XMLRPC.postevent', $post2);
    /* описываем сервер */
    $c = new xmlrpc_client("/interface/xmlrpc", "www.livejournal.com", 80);
    $c->request_charset_encoding = "UTF-8";
    /* по желанию смотрим на XML-код того что отправится на сервер */
    echo nl2br(htmlentities($f->serialize()));
    /* отправляем XML сообщение на сервер */
    $r = $c->send($f);
    /* анализируем результат */
    if (!$r->faultCode()) {
        /* сообщение принято успешно и вернулся XML-результат */
        $v = php_xmlrpc_decode($r->value());
        print_r($v);
    } else {
        /* сервер вернул ошибку */
        print "An error occurred: ";
        print "Code: " . htmlspecialchars($r->faultCode());
        print "Reason: '" . htmlspecialchars($r->faultString()) . "'\n";
    }
}
<?php

include "db.php";
if ($_POST['id']) {
    $id = mysql_escape_String($_POST['id']);
    $qty_sold = mysql_escape_String($_POST['qty_sold']);
    $price = mysql_escape_String($_POST['price']);
    $da = date("Y-m-d");
    $sql = mysql_query("select * from inventory where id='{$id}'");
    while ($row = mysql_fetch_array($sql)) {
        $qtyleft = $row['qtyleft'];
        $price = $row['price'];
    }
    $ssss = $qtyleft - $qty_sold;
    $sale = $qty_sold * $price;
    $sales_sql = mysql_query("select * from sales where date='{$da}' and product_id='{$id}'");
    $count = mysql_num_rows($sales_sql);
    if ($count == 0) {
        mysql_query("INSERT INTO sales (product_id, qty, date, sales) VALUES ('{$id}','{$qty_sold}','{$da}','{$sale}')");
    }
    if ($count != 0) {
        mysql_query("UPDATE sales set qty=qty+'{$qty_sold}',sales='{$sale}' where date='{$da}' and product_id='{$id}'");
    }
    $sql = "update inventory set qtyleft='{$ssss}',price='{$price}',sales=sales+'{$sale}',qty_sold=qty_sold+'{$qty_sold}' where id='{$id}'";
    mysql_query($sql);
}
?>


Exemplo n.º 10
0
            $courseKey = $course['cid'] . $course['faculty_acronym'] . $course['course_number'];
            //ugly, but c'est la vie
            $courses[$courseKey] = $course;
        }
    }
    // We need to forcefully destruct this object to avoid memory growing forever.
    $html->__destruct();
    unset($html);
}
$courseKey = "";
// Prune dead courses.
$results = $db->query('SELECT * FROM courses;');
while ($row = mysql_fetch_assoc($results)) {
    $courseKey = $row['cid'] . $row['faculty_acronym'] . $row['course_number'];
    if (!isset($courses[$courseKey])) {
        $db->query('DELETE FROM courses WHERE cid = "' . mysql_escape_string($row['cid']) . ' AND faculty_acronym = \'' . mysql_escape_String($row['faculty_acronym']) . ' AND course_number = \'' . mysql_escape_string($row['course_number']) . '";');
    }
}
// And update existing ones/insert new ones.
foreach ($courses as $cid => $course) {
    //echo $course['faculty_acronym'] . ": " . $course['course_number'] . "\n";
    if (isset($course['extra_fields'])) {
        print_r($course['extra_fields']);
        unset($course['extra_fields']);
    }
    $escaped_values = array();
    foreach (array_values($course) as $value) {
        $escaped_values[] = '"' . mysql_escape_string($value) . '"';
    }
    $update_query_arr = array();
    foreach ($course as $key => $value) {
Exemplo n.º 11
0
<?php

/**include("db.php");*/
require_once '../../includes/mysql.php';
$db = new MySQL();
if ($_POST['id']) {
    $id = mysql_escape_String($_POST['id']);
    $titulo = mysql_escape_String($_POST['titulo']);
    $revision_num = mysql_escape_String($_POST['revision_num']);
    $modificacion = mysql_escape_String($_POST['modificacion']);
    $capapart = mysql_escape_String($_POST['capapart']);
    $fechamodificacion = mysql_escape_String($_POST['fechamodificacion']);
    $sql = "update modifdoc set titulo='{$titulo}', revision_num='{$revision_num}', modificacion='{$modificacion}', capapart='{$capapart}', fechamodificacion='{$fechamodificacion}' where id='{$id}'";
    mysql_query($sql);
    mysql_query("SET NAMES 'utf8'");
}
Exemplo n.º 12
0
<?php

include "dbcon.php";
if (isset($_POST['profile_id'])) {
    $id = $_POST['profile_id'];
    $sql_in = mysql_query("SELECT profile_name FROM profile where profile_id='{$id}'");
    $r = mysql_fetch_array($sql_in);
    $profile_delete_name = $r['profile_name'];
    $time1 = time();
    $sql1 = "INSERT INTO latest_delete\t(profile_delete_id,profile_delete_name,profile_delete_date) VALUES ('{$id}','{$profile_delete_name}','{$time1}')";
    mysql_query($sql1);
    $profile_id = mysql_escape_String($_POST['profile_id']);
    echo $sql_img = mysql_query("select * from profile where profile_id='" . $profile_id . "'");
    while ($row_img = mysql_fetch_array($sql_img)) {
        $img = $row_img['profile_logo'];
        $img2 = $row_img['profile_screenshots'];
        //echo $img;
        $files = glob('../img/uploads/' . $img . '');
        foreach ($files as $file) {
            unlink($file);
        }
        $files2 = glob('../img/uploads/' . $img2 . '');
        foreach ($files2 as $file2) {
            unlink($file2);
        }
    }
    $sql = "delete from profile where profile_id='{$profile_id}'";
    mysql_query($sql);
    $sql_pp = "delete from profile_people where profile_id='{$profile_id}'";
    mysql_query($sql_pp);
    $sql_pcc = "delete from profile_competitors where profile_id='{$profile_id}'";
Exemplo n.º 13
0
<?php

session_start();
include "includes/db.php";
$uid = $_SESSION["id"];
if ($_POST['user_id']) {
    $user_id = $_POST['user_id'];
    $user_id = mysql_escape_String($user_id);
    $sql_in = mysql_query("DELETE from follow_user Where uid_fk='{$uid}' and following_uid='{$user_id}'");
}
Exemplo n.º 14
0
<?php

require_once "../../../wp-config.php";
include "config.php";
if (isset($_REQUEST['ip'])) {
    $ip = $_REQUEST['ip'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}
if ($_REQUEST['id'] and isset($_REQUEST['vote'])) {
    $id = $_REQUEST['id'];
    $vote = $_REQUEST['vote'];
    $id = mysql_escape_String($id);
    $vote = mysql_escape_String($vote);
    // проверить не голосовал ли ещё
    $ip_sql = mysql_query("select ip_add from al_editors_voting_ip where mes_id_fk='{$id}' and ip_add='{$ip}'");
    $count = mysql_num_rows($ip_sql);
    if ($count == 0) {
        // добавить новый голос в рейтинг
        $temp_rand = rand();
        $sql = "INSERT ignore INTO `wp_fsr_user` (`user`, `post`, `points`, `ip`) VALUES ({$temp_rand}, {$id}, {$vote}, '{$ip}');";
        $result = mysql_query($sql) or die(mysql_error());
        // посчитать количество голосов и средний балл
        $sql = "select count(post) as votescount, sum(points) as avgpoints from `wp_fsr_user` where post='{$id}'";
        $result = mysql_query($sql) or die(mysql_error());
        $row = mysql_fetch_array($result);
        $votescount = $row['votescount'];
        $avgpoints = $row['avgpoints'];
        // обновить средний балл и количество голосов
        $sql = "INSERT IGNORE INTO `wp_fsr_post` (`id`, `votes` ,`points`) VALUES ({$id}, {$votescount},  {$avgpoints})";
        mysql_query($sql);
Exemplo n.º 15
0
<?php

/*connect to database */
$user_name = "root";
$pass_word = "csc309";
$database = "startit";
$server = "104.236.231.174:3306";
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($_POST['id']) {
    $id = mysql_escape_String($_POST['id']);
    // Vote update
    mysql_query("update projects set dislikes=dislikes+1 where pID='{$id}'");
}
Exemplo n.º 16
0
<?php

/**include("db.php");*/
require_once '../../includes/mysql.php';
$db = new MySQL();
if ($_POST['id']) {
    $id = mysql_escape_String($_POST['id']);
    $titulo = mysql_escape_String($_POST['titulo']);
    $link = mysql_escape_String($_POST['link']);
    $comment = mysql_escape_String($_POST['comment']);
    $clave1 = mysql_escape_String($_POST['clave1']);
    $sql = "update enlaces set titulo='{$titulo}',link='{$link}',comment='{$comment}',clave1='{$clave1}' where id='{$id}'";
    mysql_query($sql);
    mysql_query("SET NAMES 'utf8'");
}
Exemplo n.º 17
0
<?php

include "dbcon.php";
if (isset($_POST['id'])) {
    $id = $_POST['id'];
    $sql_in = mysql_query("SELECT profile_person_name FROM profile_person where profile_person_id='{$id}'");
    $r = mysql_fetch_array($sql_in);
    $profile_person_delete_name = $r['profile_person_name'];
    $time1 = time();
    $sql1 = "INSERT INTO latest_delete_person\t(profile_person_delete_id,profile_person_delete_name,profile_person_delete_date) VALUES ('{$id}','{$profile_person_delete_name}','{$time1}')";
    mysql_query($sql1);
    $profile_person_id = mysql_escape_String($_POST['id']);
    $sql_img = mysql_query("select * from profile_person where profile_person_id='{$profile_person_id}'");
    while ($row_img = mysql_fetch_array($sql_img)) {
        $img = $row_img['profile_person_image'];
        //echo $img;
        $files = glob('../img/uploads/' . $img . '');
        foreach ($files as $file) {
            unlink($file);
        }
    }
    $sql = "delete from profile_person where profile_person_id='{$profile_person_id}'";
    mysql_query($sql);
    $sql_pc = "delete from profile_person_companies where profile_person_id='{$profile_person_id}'";
    mysql_query($sql_pc);
    $sql_pfo = "delete from profile_person_fo where profile_person_id='{$profile_person_id}'";
    mysql_query($sql_pfo);
}
Exemplo n.º 18
0
</style>

<?php 
require 'core/init.php';
$user = $users->teamdata($_SESSION['id']);
$admin_id = $_SESSION['id'];
if ($_SESSION['id'] == 0) {
    header('Location: hpage.php');
}
$username = $user['Team'];
if (isset($_POST['buttonsave'])) {
    $membername = mysql_escape_String($_POST['member_name']);
    $dept = mysql_escape_String($_POST['department']);
    $age = mysql_escape_String($_POST['age']);
    $rollno = mysql_escape_String($_POST['rollno']);
    $postion = mysql_escape_String($_POST['position']);
    $aboutme = mysql_escape_string($_POST['aboutme']);
    $data = $users->addmember($admin_id, $membername, $age, $rollno, $dept, $postion, $aboutme);
    exit;
}
if (isset($_POST['editvalue'])) {
    $ide1 = $_POST['id'];
    $data = $users->memberedit($admin_id, $ide1);
    header("Content-type: text/x-json");
    echo json_encode($data);
    exit;
}
//code update
if (isset($_POST['Update'])) {
    $name = $_POST['upname'];
    $rollno = $_POST['uprollno'];