diff options
| author | Bot <bot@myigel.name> | 2017-01-02 15:43:36 +0100 |
|---|---|---|
| committer | Igor Scheller <igor.scheller@igorshp.de> | 2017-01-02 15:49:53 +0100 |
| commit | d71e7bbfad2f07f82df0c515608996d250fd4182 (patch) | |
| tree | 5083a17b218c08b3a699a0bf15bec926cc2dd185 /includes/model/Message_model.php | |
| parent | 7313e15ce8236e19331fb6639a3a5b97c8f06ecd (diff) | |
Formatting
Diffstat (limited to 'includes/model/Message_model.php')
| -rw-r--r-- | includes/model/Message_model.php | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php index 6ee19792..39eada71 100644 --- a/includes/model/Message_model.php +++ b/includes/model/Message_model.php @@ -12,7 +12,7 @@ function Message_ids() * Returns message by id. * * @param $message_id message - * ID + * ID */ function Message($message_id) { @@ -32,21 +32,36 @@ function Message($message_id) * send message * * @param $receiver_user_id User - * ID of Reciever - * @param $text Text - * of Message + * ID of Reciever + * @param $text Text + * of Message */ function Message_send($receiver_user_id, $text) { global $user; - + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); $receiver_user_id = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($receiver_user_id)); - - if (($text != "" && is_numeric($receiver_user_id)) && (sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($receiver_user_id) . "' AND NOT `UID`='" . sql_escape($user['UID']) . "' LIMIT 1") > 0)) { - sql_query("INSERT INTO `Messages` SET `Datum`='" . sql_escape(time()) . "', `SUID`='" . sql_escape($user['UID']) . "', `RUID`='" . sql_escape($receiver_user_id) . "', `Text`='" . sql_escape($text) . "'"); + + if ( + ($text != "" && is_numeric($receiver_user_id)) + && (sql_num_query(" + SELECT * + FROM `User` + WHERE `UID`='" . sql_escape($receiver_user_id) . "' + AND NOT `UID`='" . sql_escape($user['UID']) . "' + LIMIT 1 + ") > 0) + ) { + sql_query(" + INSERT INTO `Messages` + SET `Datum`='" . sql_escape(time()) . "', + `SUID`='" . sql_escape($user['UID']) . "', + `RUID`='" . sql_escape($receiver_user_id) . "', + `Text`='" . sql_escape($text) . "' + "); return true; } - + return false; } |