<?phpsession_start();include "sql.php";$login = $_SESSION['login']

1. <?php
2. session_start();
3. include "sql.php";
4.  
5.  
6.  
7.  
8. $login = $_SESSION['login'];
9. $isservice = mysql_real_escape_string($_POST['cardtype']);
10. $type = mysql_real_escape_string($_POST['type']);
11. $name = mysql_real_escape_string($_POST['name']);
12. $descr = mysql_real_escape_string($_POST['descr']);
13. $comm = mysql_real_escape_string($_POST['comm']);
14. $price = mysql_real_escape_string($_POST['price']);
15. $perc = mysql_real_escape_string($_POST['perc']);
16. $loc = mysql_real_escape_string($_POST['loc']);
17. $photos = mysql_real_escape_string($_POST['photos']);
18. $files = mysql_real_escape_string($_POST['files']);
19. $img = $_FILES['img'];
20.  
21. if ( !$name || !$price || !$perc ) {
22. echo "Все поля со звездочкой должны быть заполнены";
23. return 1;
24. }
25.  
26. if ( isset ( $_FILES ) && $_FILES ['img'] ['error'] == 0) {
27. $card_img_dir = "img/compCards";
28. $plus = 0;
29. do {
30. $file_name = hash ( 'md5', $_FILE ['img'] ['tmp_name'] . $plus ) . "." . end ( explode ( ".", $_FILES ['img'] ['name'] ) );
31. $destiation_dir = dirname (__FILE__) . '/' . $card_img_dir . '/' . $file_name;
32. $plus++;
33. } while ( file_exists ( $destiation_dir ) );
34. $file_name = "img/compCards/" . $file_name;
35. if ( $_FILES ['img'] ['name'] != '' ) move_uploaded_file( $_FILES ['img'] ['tmp_name'], $destiation_dir );
36. else $file_name = '';
37. }
38.  
39.  
40. mysqli_query( $db, "INSERT INTO `cards`(`login`, `img`, `isService`, `type`, `name`, `descr`, `comm`, `price`, `perc`, `loc`, `photos`, `files`) VALUES ('".$login."','$file_name','".$isservice."','".$type."','".$name."','".$descr."','".$comm."','".$price."','".$perc."','".$loc."','".$photos."','".$files."')" );
41. $usercards = sql2arr("SELECT cards FROM `users` WHERE login = '" . $login . "'") [0] ['cards'];
42. $lastcardid = sql2arr("SELECT id FROM `cards` WHERE login = '" . $login . "' ORDER BY id DESC") [0] ["id"];
43. $usercards .= " " . $lastcardid;
44. mysqli_query( $db, "UPDATE `users` SET `cards` = '" . $usercards . "' WHERE `users`.`login` = '" . $login . "'" );
45. echo "Успешно";
46. function sql2arr( $sql ) { // преобразование таблицы из sql запроса в двумерный массив
47. $data = mysql_query ( $sql );
48. $i = 0;
49. while ( $tmp = mysql_fetch_assoc( $data ) ) {
50. $arr [$i++] = $tmp;
51. }
52. return $arr;
53. }
54. ?>