/** * @param $id * @param $field * @param $value * @param $table * @return array */ public function update_field($id, $field, $value, $table) { check_int($id, 'id'); check_string($field, 'field'); check_string($value, 'value'); check_string($table, 'table'); $sql = "UPDATE `{$table}` SET `{$field}` = " . $this->db->escape($value) . " WHERE id = " . $this->db->escape($id) . ";"; return $this->common($sql); }
public function city($id = 0) { //Y tuong: search tat ca city dua theo area $id = check_int($id); $list_city = $this->mguide_area->get_city($id); if (isset($list_city) && !empty($list_city)) { $data = array('list_city' => $list_city, 'count_work' => $this->mguide_area->count_work($id)); } else { $data['message'] = 'Data not found'; } $data['tempplate'] = 'city'; $this->load->view('home_page/frontend/layouts/home_page', isset($data) ? $data : NULL); }
$sql = mysql_query("SELECT count(c.card_id) FROM " . TABLE_CARD . " c {$extra_table} WHERE {$where}") or Error(1, __FILE__, __LINE__); $arr = mysql_fetch_array($sql); $replace['all'] = $arr[0]; list($limit, $replace['pages']) = pages($replace['all'], ADMIN_URL . "?p={$part}&cycle&"); $sql = mysql_query("SELECT c.*, {$extra_fields} FROM " . TABLE_CARD . " c\n\t\t\t\t{$extra_table}\n\t\t\tWHERE {$where} \n\t\t\tGROUP BY c.card_id\n\t\t\tORDER BY {$ord} LIMIT {$limit}") or Error(1, __FILE__, __LINE__); $cards = array(); $card_name = ""; while ($info = @mysql_fetch_array($sql)) { $info['fio'] = htmlspecialchars($info['fio'], ENT_COMPAT, 'cp1251'); $info['o_count'] = (int) @$info['o_count']; $info['o_summa'] = separ_float($info['o_summa']); $info['order_link'] = "?p={$part}&searchorder=1&card_id={$info['card_id']}&vip={$info['vip']}"; $info['edit_link'] = ADMIN_URL . "?p={$part}&card_id={$info['card_id']}&vip={$info['vip']}"; $info['minzdate'] = sql_to_text_date($info['minzdate']); $info['maxzdate'] = sql_to_text_date($info['maxzdate']); $info['yearcount'] = check_int($info['yearcount']) ? $info['yearcount'] : number_format($info['yearcount'], 1); $info['yearcount'] = str_replace(".0", '', $info['yearcount']); $cards[] = $info; } $replace['cards'] = $cards; $replace['card_id'] = $card_id; $replace['admin_cardid'] = $admin_config['cardid']; $content = get_template('templ/card1_list.htm', $replace); } else { $left_menu = ''; $data = @unserialize($_SESSION['card_data']); foreach ($card_arr as $v) { ${$v} = @$data[$v]; } $replace = array(); $sort = isset($sort_arr[$sort]) ? $sort : 'card_id';
/** * @param $files_id */ public function read_file_by_id($files_id) { check_int($files_id); $sql = "SELECT * FROM files WHERE id = {$files_id}"; return $this->common($sql); }
/** * @param $users_id * @param $data * @return array */ public function create_company($users_id, $data) { check_int($users_id, 'user_id'); $sql = "CALL sp_company_create(\n " . $this->db->escape($users_id) . ",\n " . $this->db->escape($data['name']) . ",\n " . $this->db->escape($data['description']) . ",\n " . $this->db->escape($data['job_categories_id']) . ",\n " . $this->db->escape($data['cities_id']) . ",\n " . $this->db->escape($data['address']) . ",\n " . $this->db->escape($data['contact_number']) . ",\n @message,\n @return_id\n );"; $this->common($sql); $this->check_sp_result(); }
<?php require_once "inc/function.php"; if (!(isset($_GET["id"]) && check_int($_GET["id"])) || !(isset($_GET["fid"]) && check_int($_GET["fid"]))) { header("Content-type: text/html; charset=utf-8"); msg("Invalid Argument!"); jump("index.php"); } require_once "inc/config.php"; require_once "inc/conn.php"; $sql = "select * from hy_article where id=" . $_GET["id"]; $rs = mysql_query($sql, $conn); $row = mysql_fetch_assoc($rs); $topid = intval($_GET["fid"]); $sql = "select * from hy_category where id=" . $_GET["fid"]; $rs = mysql_query($sql, $conn); $crow = mysql_fetch_assoc($rs); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title><?php echo $row['title']; ?> --- <?php echo $crow['name']; ?> --- 后羿科技</title> <link rel="stylesheet" type="text/css" href="css/reset.css"> <link rel="stylesheet" type="text/css" href="css/base.css"> <link rel="stylesheet" type="text/css" href="css/tipTip.css">
} else { echo '删除失败'; exit(mysql_error()); } } else { mysql_close($conn); msg('参数不正确!'); jump($_SERVER['HTTP_REFERER']); } } if (!empty($_GET["type"]) && $_GET["type"] == 11) { //参数 if (empty($_GET["id"]) || empty($_GET["fid"])) { exit('Require Parameter:Id & Fid'); } if (!check_int($_GET["id"]) || !check_int($_GET["fid"])) { exit('Invalid Parameter'); } $delParameterSelf = false; $delParameterMatch = false; $sql = "delete from hy_product_parameter where parameter_id=" . $_GET["id"]; if (mysql_query($sql, $conn)) { $delParameterMatch = true; } else { exit(mysql_error()); } $sql = "delete from hy_product_category_parameter where id=" . $_GET["id"]; if (mysql_query($sql, $conn)) { $delParameterSelf = true; } else { exit(mysql_error());
/** * @param $users_id * @return array */ public function read_vacancies_by_applicant($users_id) { check_int($users_id); $sql = "SELECT\n vacancies.id vacancies_id,\n vacancies.address,\n vacancies.company,\n vacancies.title,\n job_categories.name category,\n job_industries.name industry,\n vacancy_applicant_states.name application_status\n\n FROM vacancy_applicants\n INNER JOIN users ON users.id = vacancy_applicants.users_id\n INNER JOIN vacancy_applicant_states ON vacancy_applicant_states.id = vacancy_applicants.vacancy_applicant_states_id\n INNER JOIN vacancies ON vacancies.id = vacancy_applicants.vacancies_id\n INNER JOIN job_categories ON job_categories.id = vacancies.job_categories_id\n INNER JOIN job_industries ON job_industries.id = job_categories.job_industries_id\n WHERE users.id = {$users_id}\n "; return $this->common($sql); }
public function read($users_id) { check_int($users_id, 'users_id'); $sql = "SELECT\n educations.*,\n education_types.name AS education_type,\n educations.cities_id AS city,\n provinces.id AS province\n\n FROM educations\n LEFT JOIN education_types ON education_types.id = educations.education_types_id\n LEFT JOIN cities ON cities.id = educations.cities_id\n LEFT JOIN provinces ON provinces.id = cities.provinces_id\n WHERE users_id = {$users_id}"; return $this->common($sql); }
function gz_month($hotel_id, $year, $month, $print = 0) { $reserv = array(); for ($days = 31; $days > 0; $days--) { if (checkdate($month, $days, $year)) { break; } } $suite_count = array(); $reservation = array(); $sql = mysql_query("SELECT suite_id, date, freesuite FROM " . TABLE_BRON . " where hotel_id={$hotel_id} AND YEAR(date)={$year} AND MONTH(date)={$month}") or Error(1, __FILE__, __LINE__); while ($info = @mysql_fetch_array($sql)) { list($y, $m, $d) = explode("-", $info['date']); $y = (int) $y; $m = (int) $m; $d = (int) $d; $reservation["{$info['suite_id']}-{$y}-{$m}-{$d}"] = $info['freesuite']; if (check_int($info['freesuite']) && $info['freesuite'] > @$suite_count[$info['suite_id']]) { $suite_count[$info['suite_id']] = $info['freesuite']; } } $sql = mysql_query("SELECT suite_id, name FROM " . TABLE_SUITE . " where hotel_id={$hotel_id} AND public='1' ORDER BY ord") or Error(1, __FILE__, __LINE__); $nomera = array(); while ($info = @mysql_fetch_array($sql)) { $suite_name = htmlspecialchars($info['name'], ENT_COMPAT, 'cp1251'); if (!$suite_name) { $suite_name = NONAME; } $max_scount = (int) @$suite_count[$info['suite_id']] > 0 ? $suite_count[$info['suite_id']] : 1; $data = array(); for ($d = 1; $d <= $days; $d++) { $data[$d] = @$reservation["{$info['suite_id']}-{$year}-{$month}-{$d}"] ? $reservation["{$info['suite_id']}-{$year}-{$month}-{$d}"] : 0; } for ($i = 1; $i <= $max_scount; $i++) { $info['name'] = $suite_name; if ($max_scount > 1) { $info['name'] .= " [{$i}]"; } $bron = array(); for ($d = 1; $d <= $days; $d++) { if (check_int($data[$d])) { $bron[$d] = $i + $data[$d] > $max_scount ? 1 : 0; } elseif ($i == $max_scount) { $bron[$d] = $data[$d]; } else { $bron[$d] = 0; } } $info['bron'] = $bron; $reserv[] = $info; } } return array($reserv, $days); }