Файл: phpfile/svalka_1.php
Строк: 63
<?php
$cel=0;
if (isset($_POST['him'])) //////блок самой алхимии
{
$count = sizeof($_POST) ;
$a = 0 ;
$g = time() ;
$r = array_values($_POST) ;
$ataka = 0 ; $ff=0;
while ($a <= $count)
{
if (isset($r[$a]))
{
if (is_numeric($r[$a]))
{
$query = "SELECT * FROM `rukzak` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"' AND `odeto`='0' and `idrukzak`='" . mysql_real_escape_string($r[$a]) .
"' " ;
$sql = mysql_query($query) or die(mysql_error()) ;
$row = mysql_fetch_assoc($sql) ;
$k = mysql_num_rows($sql) ;
if ($k == 0)
{
print "<div class="style_mess_no">Ошибка запроса!</div>" ;
exitt($row,$opredelenie) ;
}
if(($row['chit']=='or')||($row['chit']=='dos')||($row['chit']=='shit')
||($row['chit']=='plash')||($row['chit']=='sapogi')||($row['chit']=='perchi')
||($row['chit']=='shapka')){$ff=$row['lvl']*10;}else{$ff=50;}
$cel+=$ff;
mysql_query("DELETE FROM `rukzak` WHERE `idrukzak` = '" . mysql_real_escape_string($r[$a]) .
"' and `odeto`='0' and `name`='" . mysql_real_escape_string($opredelenie) .
"' LIMIT 1") or die(mysql_error()) ;
}
;
}
;
$a++ ;
$query = "SELECT * FROM `table1` WHERE `name`='$opredelenie'" ;
$sql1 = mysql_query($query) or die(mysql_error()) ;
$row = mysql_fetch_assoc($sql1);
}
$c=$cel;
$row['zoloto']+=$c;
mysql_query("update table1 set zoloto='".$row['zoloto']."' where name='$opredelenie'");
;
$_SESSION['statusis']= "Вы успешно продали ваши вещи на сумму $c золота!" ;
header("location:88.php?go=do") ;
exitt($row,$opredelenie) ;
}
else
{
$count = sizeof($_POST) ;
if (($count - 1) > 80)
{
print "<div class="style_mess_no">Вы выбрали 80 вещей!<br><a href=88.php?go=svalka1 style=color:#CC3333>Городская свалка</a></div>" ;
exitt($row,$opredelenie) ;
}
if ($count <= 1)
{
print "<div class="style_mess_no">Вы нечего не выбрали!<br><a href=88.php?go=svalka1 style=color:#CC3333>Городская свалка</a></div>" ;
exitt($row,$opredelenie) ;
}
print "<div class="chat_conteiner">Вы собираетесь продать:<br>" ;
//////////////////////////////////////////////////////////
$a = 0 ;
$r = array_values($_POST) ;
if(isset($_GET['tip'])){print "<form name=form1 action=88.php?go=svalka1&tip=1 method=post>" ;;}else{
print "<form name=form1 action=88.php?go=svalka1 method=post>" ;}
while ($a <= $count)
{
if (isset($r[$a]))
{
if (is_numeric($r[$a]))
{
$query8 = "SELECT * FROM `rukzak` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"' and `idrukzak`='" . mysql_real_escape_string($r[$a]) . "' and `odeto`='0' " ;
$sql8 = mysql_query($query8) or die(mysql_error()) ;
$row8 = mysql_fetch_assoc($sql8) ;
print "<input type=hidden name=$a value=" . htmlspecialchars($r[$a]) .
" /> <font color=red>" . htmlspecialchars($row8['nazvanie']) . "</font>," ;
}
;
}
;
$a++ ;
}
print "<br><input class=select name=him type=submit value=Продать?></div>" ;
;
}
exitt($row,$opredelenie);
?>