Файл: vsime.com/comm/inc/act_comm_cat.php
Строк: 38
<?
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'"))!=0)
{
$comm=mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'");
$comm=mysqli_fetch_array($comm);
$cat=mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '$comm[id_cat]'");
$cat=mysqli_fetch_array($cat);
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'"))==0)$comm['id_user']=0;
$ank=profile($comm['id_user']); // sozdak
if($ank['id']==$user['id'] && isset($user))
{
$title .= ' - '.hsc($comm['name']).' - Изменить категорию'; // Заголовок страницы
ex_head();
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '".intval($_POST['cat'])."'"))!=0)
{
mysqli_query($dbi, "UPDATE `comm` SET `id_cat` = '".intval($_POST['cat'])."' WHERE `id` = '$comm[id]'");
msg("Изменения сохранены");
$cat=mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '".intval($_POST['cat'])."'");
$cat=mysqli_fetch_array($cat);
}
else $error[]="Какегория не найдена.";
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "<select name='cat'>n";
$query=mysqli_query($dbi, "SELECT * FROM `comm_cat`");
while($post=mysqli_fetch_array($query))
{
echo "<option value='$post[id]'".($post['id']==$cat['id']?" selected='selected'":NULL).">".hsc($post['name'])."</option>n";
}
echo "</select><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Изменить'>";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=comm&id=$comm[id]'>Отмена</a>n";
echo "</div>n";
}
else{header("Location:/comm");exit;}
}
else{header("Location:/comm");exit;}
?>