<?php
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '" . $_SESSION['id']."'"));
$stat = mysql_query("SELECT * FROM `stat` ORDER BY `prosm` DESC LIMIT 3");//SELECT * FROM `stat` ORDER BY `id` LIMIT 3
if (isset($_POST['log_ap'])) {
mysql_query("UPDATE `users` SET `login` = ".$_POST['login']." WHERE `id` = ".$user['id']."");
$_SESSION['msg'] = 'Логин изменен!';
header('location: /prof_con.php');
exit();
}
if (isset($_POST['name_ap'])) {
mysql_query("UPDATE `users` SET `name` = ".$_POST['name']." WHERE `id` = ".$user['id']."");
$_SESSION['msg'] = 'Имя изминено!';
header('location: /prof_con.php');
exit();
}
if (isset($_POST['em_ap'])) {
mysql_query("UPDATE `users` SET `email` = ".$_POST['email']." WHERE `id` = ".$user['id']."");
$_SESSION['msg'] = 'E-mail изменен!';
header('location: /prof_con.php');
exit();
}
if (isset($_POST['pol_ap'])) {
if (isset($_POST['m'])) {
mysql_query("UPDATE `users` SET `m_w` = 'm' WHERE `id` = ".$user['id']." ");
$_SESSION['msg'] = 'Пол изменен!';
header('location: /prof_con.php');
exit();
}
if (isset($_POST['w'])) {
mysql_query("UPDATE `users` SET `m_w` = 'w' WHERE `id` = ".$user['id']." ");
$_SESSION['msg'] = 'Пол изменен!';
header('location: /prof_con.php');
exit();
}
}
if (isset($_POST['ab_ap'])) {
mysql_query("UPDATE `users` SET `about_me` = ".$_POST['about_me']." WHERE `id` = ".$user['id']." ");
$_SESSION['msg'] = 'Вы написали информацию о себе!';
header('location: /prof_con.php');
exit();
}
echo '<div class="content">
<div class="tmenu"><img src="/images/menu.png" alt="."></div>
<div class="post2">
<form action="" method="POST">
<strong>Изминение логина:</strong><br/>
<input type="login" name="login"><br/>
<input type="submit" name="log_ap" value="Сохранить"><br/>
</form>
<form action="" method="POST">
<strong>Изминенить Имя:</strong><br/>
<input type="text" name="name"><br/>
<input type="submit" name="name_ap" value="Сохранить"><br/>
</form>
<form action="" method="POST">
<strong>Изминеть E-mail:</strong><br/>
<input type="email" name="email"><br/>
<input type="submit" name="em_ap" value="Сохранить"><br/>
</form>
<form action="" method="POST">
<strong>Укажите пол:</strong><br/>
<select>
<option disabled>Выберите пол:</option>
<option name="m" selected>Мужской</option>
<option name="w">Женский</option>
</select><br/>
<input type="submit" name="pol_ap" value="Сохранить"><br/>
</form>
<form action="" method="POST">
<strong>Напишите что-нибудь о себе:</strong><br/>
<textarea type="text">Здесь текст...</textarea><br/>
<input type="submit" name="ab_ap" value="Сохранить"><br/>
</form>
</div>
</div>';
<?php
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '" . $_SESSION['id']."'"));
$stat = mysql_query("SELECT * FROM `stat` ORDER BY `prosm` DESC LIMIT 3");//SELECT * FROM `stat` ORDER BY `id` LIMIT 3
if (isset($_POST['log_ap'])) {
mysql_query("UPDATE `users` SET `login` = '".$_POST['login']."' WHERE `id` = '".$user['id']."'");
$_SESSION['msg'] = 'Логин изменен!';
header('location: /prof_con.php');
exit();э
}
if (isset($_POST['name_ap'])) {
mysql_query("UPDATE `users` SET `name` = '".$_POST['name']."' WHERE `id` = '".$user['id']."'");
$_SESSION['msg'] = 'Имя изминено!';
header('location: /prof_con.php');
exit();
}
if (isset($_POST['em_ap'])) {
mysql_query("UPDATE `users` SET `email` = '".$_POST['email']."' WHERE `id` = '".$user['id']."'");
$_SESSION['msg'] = 'E-mail изменен!';
header('location: /prof_con.php');
exit();
}
if (isset($_POST['pol_ap'])) {
if (isset($_POST['m'])) {
mysql_query("UPDATE `users` SET `m_w` = 'm' WHERE `id` = '".$user['id']."' ");
$_SESSION['msg'] = 'Пол изменен!';
header('location: /prof_con.php');
exit();
}
if (isset($_POST['w'])) {
mysql_query("UPDATE `users` SET `m_w` = 'w' WHERE `id` = '".$user['id']."' ");
$_SESSION['msg'] = 'Пол изменен!';
header('location: /prof_con.php');
exit();
}
}
if (isset($_POST['ab_ap'])) {
mysql_query("UPDATE `users` SET `about_me` = '".$_POST['about_me']."' WHERE `id` = '".$user['id']."' ");
$_SESSION['msg'] = 'Вы написали информацию о себе!';
header('location: /prof_con.php');
exit();
}
echo '<div class="content">
<div class="tmenu"><img src="/images/menu.png" alt="."></div>
<div class="post2">
<form action="" method="POST">
<strong>Изминение логина:</strong><br/>
<input type="login" name="login"><br/>
<input type="submit" name="log_ap" value="Сохранить"><br/>
</form>
<form action="" method="POST">
<strong>Изминенить Имя:</strong><br/>
<input type="text" name="name"><br/>
<input type="submit" name="name_ap" value="Сохранить"><br/>
</form>
<form action="" method="POST">
<strong>Изминеть E-mail:</strong><br/>
<input type="email" name="email"><br/>
<input type="submit" name="em_ap" value="Сохранить"><br/>
</form>
<form action="" method="POST">
<strong>Укажите пол:</strong><br/>
<select>
<option disabled>Выберите пол:</option>
<option name="m" selected>Мужской</option>
<option name="w">Женский</option>
</select><br/>
<input type="submit" name="pol_ap" value="Сохранить"><br/>
</form>
<form action="" method="POST">
<strong>Напишите что-нибудь о себе:</strong><br/>
<textarea type="text">Здесь текст...</textarea><br/>
<input type="submit" name="ab_ap" value="Сохранить"><br/>
</form>
</div>
</div>';
".$_POST['login']."
?'$_POST[login]
'
<?php
if (isset($_POST['name_ap'])) {
$name = htmlspecialchars(mysql_real_escape_string($_POST['name']));
mysql_query("UPDATE `users` SET `name` = ".$name." WHERE `id` = ".$user['id']."");
$_SESSION['msg'] = 'Имя изминено!';
header('location: /prof_con.php');
exit();
}
<?php
if (isset($_POST['name_ap'])) {
$name = htmlspecialchars(mysql_real_escape_string($_POST['name']));
mysql_query("UPDATE `users` SET `name` = ".$name." WHERE `id` = ".$user['id']."");
$_SESSION['msg'] = 'Имя изминено!';
header('location: /prof_con.php');
exit();
}
mysql_query("UPDATE `users` SET `name` = '".$name."' WHERE `id` = '".$user['id']."'");