Файл: module/blog/add_user.php
Строк: 41
<?
if(isset($_POST['name'])){
$name_b=mysql_real_escape_string($_POST['name']);
$name_b=htmlspecialchars($_POST['name']);
$city_b=mysql_real_escape_string($_POST['city']);
$city_b=htmlspecialchars($_POST['city']);
$about_b=mysql_real_escape_string($_POST['about']);
$about_b=htmlspecialchars($_POST['about']);
$inters_b=mysql_real_escape_string($_POST['inters']);
$inters_b=htmlspecialchars($_POST['inters']);
if($statis==1){
if(!isset($_POST['avatar'])){$_POST['avatar']=1;}
mysql_query("INSERT INTO `a36667_element`.`module_blog_user` (
`id` ,
`name` ,
`city` ,
`pol` ,
`osebe` ,
`inteles` ,
`avatar` ,
`old`,`nik`
)
VALUES (
'".$row['ID']."', '$name_b', '$city_b', '".$row['polmmg']."', '$about_b', '$inters_b', '".$_POST['avatar']."', '".(int)$_POST['old']."', '$opredelenie'
);
") ;
header("Location:88.php?go=blog");
;}
;}
?>
<p><? echo $lg['add_user_1'];?></p>
<p><? echo $lg['add_user_2'];?></p>
<form action="" method="post" name="add_user">
<input type="text" name="name" />
<p><? echo $lg['add_user_3'];?></p>
<input type="text" name="city" />
<p><? echo $lg['add_user_4'];?></p>
<input type="text" name="old" />
<p><? echo $lg['add_user_5'];?></p>
<textarea cols="25" rows="5" wrap="virtual" name="about" ></textarea>
<p><? echo $lg['add_user_6'];?></p>
<textarea cols="25" rows="5" wrap="virtual" name="inters" ></textarea>
<p><? echo $lg['add_user_7'];?></p>
<? $ava=mysql_query("SELECT *
FROM `module_blog_avatar` ");;$i=0;
while($avatar=mysql_fetch_array($ava))
{
if($i==0){$m='selected';}else{$m='';}
echo'<input type="radio" name="avatar" value="'.$avatar['id'].'" '.$m.' /><img src="./module/blog/images/'.$avatar['id'].'.gif" >'.$avatar['name']."<br>";
$i++;
;}
?>
<input type="submit" name="ok" class="button-chat"/>
</form>