Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include "sql.php";
- $login = $_SESSION['login'];
- $isservice = mysql_real_escape_string($_POST['cardtype']);
- $type = mysql_real_escape_string($_POST['type']);
- $name = mysql_real_escape_string($_POST['name']);
- $descr = mysql_real_escape_string($_POST['descr']);
- $comm = mysql_real_escape_string($_POST['comm']);
- $price = mysql_real_escape_string($_POST['price']);
- $perc = mysql_real_escape_string($_POST['perc']);
- $loc = mysql_real_escape_string($_POST['loc']);
- $photos = mysql_real_escape_string($_POST['photos']);
- $files = mysql_real_escape_string($_POST['files']);
- $img = $_FILES['img'];
- if ( !$name || !$price || !$perc ) {
- echo "Все поля со звездочкой должны быть заполнены";
- return 1;
- }
- if ( isset ( $_FILES ) && $_FILES ['img'] ['error'] == 0) {
- $card_img_dir = "img/compCards";
- $plus = 0;
- do {
- $file_name = hash ( 'md5', $_FILE ['img'] ['tmp_name'] . $plus ) . "." . end ( explode ( ".", $_FILES ['img'] ['name'] ) );
- $destiation_dir = dirname (__FILE__) . '/' . $card_img_dir . '/' . $file_name;
- $plus++;
- } while ( file_exists ( $destiation_dir ) );
- $file_name = "img/compCards/" . $file_name;
- if ( $_FILES ['img'] ['name'] != '' ) move_uploaded_file( $_FILES ['img'] ['tmp_name'], $destiation_dir );
- else $file_name = '';
- }
- mysqli_query( $db, "INSERT INTO `cards`(`login`, `img`, `isService`, `type`, `name`, `descr`, `comm`, `price`, `perc`, `loc`, `photos`, `files`) VALUES ('".$login."','$file_name','".$isservice."','".$type."','".$name."','".$descr."','".$comm."','".$price."','".$perc."','".$loc."','".$photos."','".$files."')" );
- $usercards = sql2arr("SELECT cards FROM `users` WHERE login = '" . $login . "'") [0] ['cards'];
- $lastcardid = sql2arr("SELECT id FROM `cards` WHERE login = '" . $login . "' ORDER BY id DESC") [0] ["id"];
- $usercards .= " " . $lastcardid;
- mysqli_query( $db, "UPDATE `users` SET `cards` = '" . $usercards . "' WHERE `users`.`login` = '" . $login . "'" );
- echo "Успешно";
- function sql2arr( $sql ) { // преобразование таблицы из sql запроса в двумерный массив
- $data = mysql_query ( $sql );
- $i = 0;
- while ( $tmp = mysql_fetch_assoc( $data ) ) {
- $arr [$i++] = $tmp;
- }
- return $arr;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement