Файл: world-faces.ru/world-faces.ru/us_guest/reply.php
Строк: 31
<?
include_once '../i.php';
only_reg();
$set['title']='Ответ на сообщение';
include_once '../sys/inc/thead.php';
title();
$ok = (isset($_GET['ok'])) ? intval(trim(mysql_real_escape_string($_GET['ok']))) : NULL;
if (isset($ok))
{
$id_razd=intval($_GET['ok']);
$post = mysql_fetch_array(mysql_query("SELECT * FROM `us_guest` WHERE `id`='".$id_razd."' LIMIT 1"));
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`=$post[id_user] LIMIT 1"));
$g_adm = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`=$post[id_user_adm] LIMIT 1"));
$reply=mysql_escape_string(htmlspecialchars($_POST['reply']));
$msg2="[b]$user[nick][/b] ответил на ваше сообщение в своей [url=/us_guest/?id=$g_adm[id]]гостевой книге[/url]";
mysql_query("INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values('0', '$ank[id]', '$msg2', '$time')");
mysql_query("UPDATE `us_guest` SET `reply` = '$reply' WHERE `id` = '$post[id]' LIMIT 1");
header("Location: index.php?id=$post[id_user_adm]");
exit;
}
$id_razd=intval($_GET['id']);
$post = mysql_fetch_array(mysql_query("SELECT * FROM `us_guest` WHERE `id`='".$id_razd."' LIMIT 1"));
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`=$post[id_user] LIMIT 1"));
echo "<div class='p_t'>";
echo '<form method="post" action="reply.php?ok='.$id_razd.'">';
echo 'Ответ:<br/><textarea name="reply">'.$ank['nick'].', </textarea><br/>';
echo '<input type="submit" value="Ответить"/>';
echo '</form>';
echo "</div>n";
echo "<a href='index.php?id=$post[id_user_adm]'>Назад</a><br />n";
include_once '../sys/inc/tfoot.php';
?>