From 04a7aa628739abad80a4fed0b3f6200173b93d82 Mon Sep 17 00:00:00 2001
From: "Igor Barkov [iwork]" <lopar.4ever@gmail.com>
Date: Mon, 28 Jan 2019 18:11:26 +0200
Subject: [PATCH] =?UTF-8?q?Final:=20=D0=94=D0=B5=D0=BB=D0=B0=D0=B5=D0=BC?=
 =?UTF-8?q?=20=D0=BF=D0=BE=D0=B4=D0=B0=D1=80=D0=BA=D0=B8.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 presents.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/presents.php b/presents.php
index 7618065..fb0b9f9 100644
--- a/presents.php
+++ b/presents.php
@@ -25,12 +25,16 @@ WHERE u.`id` = ?i', $_SESSION['uid'])->fetch_assoc();
 $dirname = "i/presents/";
 $images = glob($dirname . "*.png");
 
-if (!empty($_POST['present'])) {
+if (!empty($_POST['sendAction'])) {
+    if (empty($_POST['present'])) {
+        $status = "Подарок не выбран!";
+        return;
+    }
     if (empty($_POST['receiver'])) {
         $status = "Поле «Получатель» не заполнено!";
         return;
     }
-    $receiver = db::c()->query('SELECT `id` FROM `users` WHERE `login` = ?i', $_POST['receiver'])->fetch_assoc();
+    $receiver = db::c()->query('SELECT `id` FROM `users` WHERE `login` = "?s"', $_POST['receiver'])->fetch_assoc();
     if (empty($receiver)) {
         $status = "Получатель {$receiver} не найден в базе!";
         return;
@@ -81,7 +85,7 @@ if (!empty($_POST['present'])) {
 </head>
 <body>
 <h1>Магазин подарков</h1>
-<div><?php if (!empty($status)) echo $status; ?></div>
+<div><?php if (!empty($status)) err($status); ?></div>
 Вы можете сделать подарок любому персонажу. Ваш подарок будет
 отображаться в информации о персонаже.<br><br>
 <div>
@@ -105,6 +109,7 @@ if (!empty($_POST['present'])) {
         <?php endif; ?>
         <br>Долговечность подарка (5кр в день):<br>
         <input name="days" placeholder="Количество дней"><br>
+        <input type="hidden" name="sendAction" value="1">
         <br>
         <input type="submit" value="Подарить">
     </form>