Файл: snyat_item.php
Строк: 52
<?php
include 'inc/_conf.php';
include 'inc/header.php';
echo'<div class="menu">';
include ("inc/verh.php");
include ("inc/vuvod.php");
$g=mysql_query("SELECT * FROM `pers` WHERE `nick`='$nick' AND `pass`='$pass' LIMIT 1");
if(mysql_num_rows($g)==1){
if(empty($_GET[id])){
if($_GET[tip]!=weapon && $_GET[tip]!=golova && $_GET[tip]!=shit && $_GET[tip]!=ruki && $_GET[tip]!=nogi && $_GET[tip]!=body && $_GET[tip]!=maska){
echo'Ошибка!';
include ("l2_system/l2_niz.php");
exit;
}
$req = mysql_query("SELECT * FROM `l2_item` WHERE `usr` = '$nick' and `tip`='$_GET[tip]' and `image`='yes'");
}else{
$req = mysql_query("SELECT * FROM `l2_item` WHERE `usr` = '$nick' and `tip`='$_GET[tip]' and `image`='yes' and `id`='".mysql_real_escape_string($_GET['id'])."'");
}
$avto=mysql_num_rows($req);
if($avto==0){
echo'Ошибка, на вас ничего не одето!';
include ("l2_system/l2_niz.php");
exit;
}
$mag = mysql_fetch_array($req);
$numax=$fzah-$mag[zahit];
$numax2=$fatak-$mag[atak];
mysql_query("UPDATE `l2_user` SET
`fzah` = '$numax',
`fatak` = '$numax2'
WHERE nick = '$nick'");
if(empty($_GET[id])){
mysql_query("UPDATE l2_item SET image = 'not' WHERE `usr` = '$nick' and `tip`='$_GET[tip]' and `image`='yes'");
}else{
mysql_query("UPDATE l2_item SET image = 'not' WHERE `usr` = '$nick' and `tip`='$_GET[tip]' and `image`='yes' and `id`='".mysql_real_escape_string($_GET['id'])."'");
}
header ("Location: snarajenie.php");
}else{
echo'<div class="menu">';
echo "Пройдите авторизацию!";
echo "<hr><a href="index.php">На главную</a>";
}
include ("inc/foter.php");
?>