<?
include $_SERVER['DOCUMENT_ROOT']."/template/start.php";
include $_SERVER['DOCUMENT_ROOT']."/template/func.php";
include $_SERVER['DOCUMENT_ROOT']."/template/log.php";
if($_GET['st'] == "del")
{
$del=$_POST['del'];
if($mysqli->query("delete from `sten` where `id`='$del'")){echo $long[48];}
}
if($_GET['st'] == "add")
{
$text=mess(check($_POST['text']));
if(isset($id))
{
if($text != "")
{
echo "$long[49] <br/>";
$data = date("H:i d.m.Y");
$mysqli->query("insert into `sten` (`sten`, `id1`, `data`, `text`) values('$str[id]','$id','$data','$text');");
}
}
}
if($_GET['st'] == "soob")
{
$max_mess=30;
if($_GET['page'] == ""){$page=0;}
if($_GET['page'] !=""){$page=$_GET['page'];}
$result_sten = $mysqli->query("select * from `sten` where sten='$str[id]' ORDER BY `id` DESC LIMIT ".$page." ,".$max_mess."");
while ($mess_sten = $result_sten->fetch_array())
{
echo '<br/><table><tr><td valign="top" width="200" align="left">';
photo($mess_sten[id1]);
echo '<br/>';
on($mess_sten[id1]);
$result_sten_log = $mysqli->query("select * from `prof` where `id` = '$mess_sten[id1]'");
$sten_log = $result_sten_log->fetch_array();
echo'<a href="./?id='.$mess_sten[id1].'">'.$sten_log[name].' '.$sten_log[fam].'</a><br/>'.$mess_sten[data].'<br/>';
if(($id == $mess_sten['sten']) or ($id == $mess_sten['id1']) or ($user['level'] > 0))
{echo' <a href="javascript:del_mess_sten('.$mess_sten[id].')" title="'.$long[46].': '.$mess_sten[text].'">'.$long[46].'</a> ';}
echo'<br/> <a href="javascript:D oSmilie(\' [citat]'.$mess_sten[text].'[/citat] \')" title="'.$long[47].': '.$mess_sten[text].'">'.$long[47].'</a> ';
$text=smiles(bb($mess_sten['text']));
echo'</td><td>'.$text.'</td></tr></table><br/>';
}
}
?>
переменная $_GET['page'] не отфильтрована