if isset _GET id is_numeric _GET id_shop isset _GET summ is_numeric _G

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
if (isset($_GET['id']) && is_numeric($_GET['id_shop']) && isset($_GET['summ']) && is_numeric($_GET['summ']) && isset($_GET['hash']))
{
$sql=mysql_query("SELECT * FROM `table` WHERE `id` = '".$_GET['id']."'");
if (mysql_num_rows($sql)>0)
{
$data=mysql_fetch_assoc($sql);
$act = 1;
if ($_GET['summ']<=0)
{
echo "Bad summ"; }
elseif($_GET['hash']!=$data['hash'])
{
echo "Bad hash"; }
else
{
mysql_query("INSERT INTO `table2` (`shop`, `time`, `summ`) values('".$_GET['id']."', '".time()."', '".$_GET['summ']."')");
$id_pay=mysql_insert_id();
echo intval($id_pay);
}
}else echo "Bad id_shop";
}