", $_POST['opis']);
$opis = mysql_real_escape_string($_POST['opis']);
$sql = "UPDATE objects SET opis='$opis' WHERE id=$_GET[id]";
mysql_query($sql);
}
if($_SESSION['id'] && $_GET['id_personal'] && $_POST['opis']) {
$id = $_GET['id_personal'];
//$opis = str_replace("\n", "
", $_POST['opis']);
$opis = cleanHtml($_POST['opis'], '
- ');
$opis = mysql_real_escape_string($opis);
$sql = "SELECT * FROM user_object_comments WHERE user_id = '$_SESSION[id]' AND object_id='$id'";
$rez = mysql_query($sql);
if (mysql_num_rows($rez) > 0) {
$sql = "UPDATE user_object_comments SET comment='$opis' WHERE user_id = '$_SESSION[id]' AND object_id='$id'";
mysql_query($sql);
} else {
$sql = "INSERT INTO user_object_comments (comment, user_id, object_id) VALUES ('$opis', '$_SESSION[id]', '$id')";
mysql_query($sql);
}
}
?>