if (isset($_GET['id']) && is_numeric($_GET['id_shop']) && isset($_GET['summ']) && is_numeric($_GET['summ']) && isset($_GET['hash'])) { $sql=mysql_query("SELECT * FROM `table` WHERE `id` = '".$_GET['id']."'"); if (mysql_num_rows($sql)>0) { $data=mysql_fetch_assoc($sql); $act = 1; if ($_GET['summ']<=0) { echo "Bad summ"; } elseif($_GET['hash']!=$data['hash']) { echo "Bad hash"; } else { mysql_query("INSERT INTO `table2` (`shop`, `time`, `summ`) values('".$_GET['id']."', '".time()."', '".$_GET['summ']."')"); $id_pay=mysql_insert_id(); echo intval($id_pay); } }else echo "Bad id_shop"; }