33 lines
1.0 KiB
PHP
33 lines
1.0 KiB
PHP
|
|
<?php
|
||
|
|
require_once($_SERVER['DOCUMENT_ROOT']."/config.php");
|
||
|
|
|
||
|
|
if($_SESSION['id'] && $_GET['id'] && $_POST['opis']) {
|
||
|
|
|
||
|
|
//$opis = str_replace("\n", "<br>", $_POST['opis']);
|
||
|
|
$opis = mysql_real_escape_string($_POST['opis']);
|
||
|
|
|
||
|
|
$sql = "UPDATE objects SET opis='$opis' WHERE id=$_GET[id]";
|
||
|
|
mysql_query($sql);
|
||
|
|
}
|
||
|
|
if($_SESSION['id'] && $_GET['id_personal'] && $_POST['opis']) {
|
||
|
|
|
||
|
|
$id = $_GET['id_personal'];
|
||
|
|
|
||
|
|
//$opis = str_replace("\n", "<br>", $_POST['opis']);
|
||
|
|
|
||
|
|
$opis = cleanHtml($_POST['opis'], '<p><br><strong><em><ul><ol><li>');
|
||
|
|
|
||
|
|
$opis = mysql_real_escape_string($opis);
|
||
|
|
|
||
|
|
$sql = "SELECT * FROM user_object_comments WHERE user_id = '$_SESSION[id]' AND object_id='$id'";
|
||
|
|
$rez = mysql_query($sql);
|
||
|
|
|
||
|
|
if (mysql_num_rows($rez) > 0) {
|
||
|
|
$sql = "UPDATE user_object_comments SET comment='$opis' WHERE user_id = '$_SESSION[id]' AND object_id='$id'";
|
||
|
|
mysql_query($sql);
|
||
|
|
} else {
|
||
|
|
$sql = "INSERT INTO user_object_comments (comment, user_id, object_id) VALUES ('$opis', '$_SESSION[id]', '$id')";
|
||
|
|
mysql_query($sql);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
?>
|