//include("../cfg/var.cfg");
require "../alex/partner_banner.php";
$n = str_replace('.html', '', $n);
$n = str_replace('.htm', '', $n);
/////////////////////////SQL Injection
$n=(int)$n;
/////////////////////////SQL Injection END
if($auth_comment[2]==1){
$login=$auth_comment[0];
$password=$auth_comment[1];
$check_box="checked";
}
////////connect database
$host="localhost";
$db="football_profoot6";
$user="football_profoot";
$pass="gf56RDF12";
function connectdatabase($host,$db,$user, $pass) {
mysql_connect($host,$user,$pass);
mysql_select_db($db);
}
///////////////////////////
connectdatabase($host,$db,$user, $pass);
$sql='SELECT MAX(num) as maxnum FROM news';
//echo mysql_errno().": ".mysql_error()."
";
$result=mysql_query($sql);
while($row=mysql_fetch_array($result))
{
$maxnum=$row["maxnum"];
}
$minnum=$maxnum-200;
$sql='SELECT * FROM news WHERE num="'.$n.'"';
//echo mysql_errno().": ".mysql_error()."
";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$title_zag = strip_tags($row["title"]);
$shapka=file("../cgi-bin/shablon/top1");
$new_title = '
'; ?> echo ' |
'; $beg=0; $sql='SELECT * FROM news WHERE num > '.$minnum.' AND num != '.$n.''; if($country1 != 'no'){ $sql_add=" AND (country1 = '".$country1."' OR country2 = '".$country1."'"; $beg=1; } if($country2 != 'no' AND $beg==0){ $sql_add=" AND (country1 = '".$country2."' OR country2 = '".$country2."'"; $beg=1; }elseif($country2 != 'no' AND $beg==1){ $sql_add=$sql_add." OR country1 = '".$country2."' OR country2 = '".$country2."'"; } if($turnir != 'no' AND $beg==0){ $sql_add=" AND (turnir = '".$turnir."'"; $beg=1; }elseif($turnir != 'no' AND $beg==1){ $sql_add=$sql_add." OR turnir = '".$turnir."'"; } $sql_add=$sql_add.') ORDER BY num DESC LIMIT 5'; $sql=$sql.$sql_add; //echo $sql; if($beg==1){ echo'
';
$result=mysql_query($sql);
while($row=mysql_fetch_array($result))
{
$num1=$row["num"];
$title1=$row["title"];
echo '
'; ///////////////////// ?>
'; $sql="SELECT * FROM comments WHERE news_type = 1 AND news_id = '$n' ORDER BY id DESC"; $result=mysql_query($sql); while($row=mysql_fetch_array($result)) { $user_name=$row["user_name"]; $message=$row["message"]; $date_mess=$row["date_mess"]; $country=$row["country"]; $message = str_replace("\n", " ", $message); echo "
$message
";
}
echo'
Добавить свой комментарий
Регистрация Вы можете пользоваться своим логином, если Вы зарегистрированы в тотализаторе или викторине |
'; ?> '); // --> echo ' |