From 3b9f8889470d5d3c96dff49e08f84934589cab6e Mon Sep 17 00:00:00 2001
From: lopar <lopar.4ever@gmail.com>
Date: Wed, 12 Dec 2018 01:00:19 +0200
Subject: [PATCH] =?UTF-8?q?=D0=9E=D0=B1=D0=BD=D0=BE=D0=B2=D0=BB=D0=B5?=
 =?UTF-8?q?=D0=BD=D0=B8=D0=B5=20=D0=BA=D0=BE=D0=B4=D0=B0.=20=D0=97=D0=B0?=
 =?UTF-8?q?=D0=BC=D0=B5=D0=BD=D0=B0=20mysql=5Fconnect()=20=D0=B2=20=D0=B3?=
 =?UTF-8?q?=D1=80=D0=B0=D0=B2=D0=B8=D1=80=D0=BE=D0=B2=D0=BA=D0=B0=D1=85.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 repair.php | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/repair.php b/repair.php
index 1752987..1313d5d 100644
--- a/repair.php
+++ b/repair.php
@@ -1,17 +1,15 @@
 <?php
 session_start();
 if(!isset($_SESSION['uid'])) { header("Location: index.php"); }
-include("config.php");
-include("functions.php");
-$d = mysql_fetch_array(mysql_query("SELECT SUM(`massa`) FROM `inventory` WHERE `owner` = '{$user['id']}' AND `dressed` = 0"));
+require_once("functions.php");
+$d = db::c()->query('SELECT SUM(`massa`) FROM `inventory` WHERE `dressed` = 0 AND `owner` = ?i',$_SESSION['uid'])->fetch_assoc();
 if($user['room'] != 23)  { header("Location: main.php"); die(); }
 if($user['battle'] != 0) { header('location: fbattle.php'); die(); }
 
-if($_POST['set'] && $_POST['count'] && ($user['money'] >= 30)) {
-  if(mysql_query("UPDATE `inventory` SET `text` = '".mysql_real_escape_string($_POST['count'])."' WHERE `owner` = '{$user['id']}' AND `dressed` = 0 AND `id` = '".(int)$_POST['set']."' AND `setsale` = 0 LIMIT 1")) {
-	$user['money'] -= 30;
-    mysql_query("UPDATE `users` SET `money` = '".$user['money']."' WHERE id = {$user['id']} LIMIT 1");
-  }
+// Гравировка
+if(input::post('set') && input::post('count') && ($user['money'] >= 30)) {
+  if(db::c()->query('UPDATE `inventory` SET `text` = "?s" WHERE `dressed` = 0 AND `setsale` = 0 AND `owner` = ?i AND `id` = ?i',input::post('count'),$_SESSION['uid'],input::post('set')))
+	db::c()->query('UPDATE `users` SET `money` = `money` - 30 WHERE `id` = ?i',$_SESSION['uid']);
 }
 
 if($_GET['rep'] && ($_GET['sid'] == 2)) {