<?phpinclude('mysql.php');include('functions.php');if ($_POST['winne

1. <?php
2.  
3.  
4. include('mysql.php');
5. include('functions.php');
6.  
7. if ($_POST['winner'] == $_POST['first'])
8. {
9.     $looserId = $_POST['second'];
10.     $winnerId = $_POST['first'];
11. }
12. else
13. {
14.     $looserId = $_POST['first'];
15.     $winnerId = $_POST['second'];
16. }
17.  
18.     // POST the winner
19.     // Так делать не стоит, есть потенциальная SQL INJECTION.
20.     $result = mysql_query("SELECT * FROM images WHERE image_id = ".$winnerId." ");
21.     $winner = mysql_fetch_object($result);
22.  
23.  
24.     // POST the looser
25.     // Опятьже SQL INJECTION. Все полседующие запросы в базу также не безопастны.
26.     $result = mysql_query("SELECT * FROM images WHERE image_id = ".$looserId." ");
27.     $looser = mysql_fetch_object($result);
28.  
29.  
30.     // Update the winner score
31.     $winner_expected = expected($looser->score, $winner->score);
32.     $winner_new_score = win($winner->score, $winner_expected);
33.         //test print "Winner: ".$winner->score." - ".$winner_new_score." - ".$winner_expected."<br>";
34.     mysql_query("UPDATE images SET score = ".$winner_new_score.", wins = wins+1 WHERE image_id = ".$winnerId);
35.  
36.  
37.     // Update the looser score
38.     $looser_expected = expected($winner->score, $looser->score);
39.     $looser_new_score = loss($looser->score, $looser_expected);
40.         //test print "looser: ".$looser->score." - ".$looser_new_score." - ".$looser_expected."<br>";
41.     mysql_query("UPDATE images SET score = ".$looser_new_score.", losses = losses+1  WHERE image_id = ".$looserId);
42.  
43.  
44.     // Insert battle
45.     mysql_query("INSERT INTO battles SET winner = ".$winnerId.", looser = ".$looserId." ");
46.  
47.  
48.     // Back to the frontpage
49.     header('location: /');
50.  
51.  
52. ?>