Файл: test.masteram.us/mnenia/reply.php
Строк: 40
<?
include '../Core.php';
$set['title']='Ответ на сообщение';
include_once '../sys/inc/thead.php';
title();
if (isset($_GET['ok']))
{
$id_razd=(int)abs((int)$_GET['ok']);
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mnenia` WHERE `id`='".$id_razd."' LIMIT 1"));
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`=$post[id_user] LIMIT 1"));
$g_adm = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`=$post[id_user_adm] LIMIT 1"));
$reply = $_POST['reply'];
$reply=mysql_escape_string($reply);
$msg2="[b]$user[nick][/b] ответил на ваше [url=/mnenia/?id=$g_adm[id]]мнение[/url]";
mysql_query("INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values('0', '$ank[id]', '$msg2', '$time')");
mysql_query("UPDATE `mnenia` SET `reply` = '$reply' WHERE `id` = '$post[id]' LIMIT 1");
header("Location: index.php?id=$post[id_user_adm]");
exit;
}
$id_razd=(int)abs((int)$_GET['id']);
$post = mysql_fetch_array(mysql_query("SELECT * FROM `mnenia` WHERE `id`='".$id_razd."' LIMIT 1"));
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`=$post[id_user] LIMIT 1"));
echo "<div class='textmes'>";
echo '<form method="post" action="reply.php?ok='.$id_razd.'">';
echo '<a href="/smiles/index.php">Смайлы</a> | <a href="/bb-codes.php">Теги</a><br/><textarea name="reply"></textarea><br/>';
echo '<input type="submit" value="Ответить"/>';
echo '</form>';
echo "</div>n";
echo "<div class='rekl_main'>";
echo "<img src='/style/back.gif' alt='' class='icon'/>n";
echo "<a href='index.php?id=$post[id_user_adm]'>Моя гостевая книга</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
?>