Bad Request (Invalid URL)"; exit; } } } url_xss($_SERVER['QUERY_STRING']); ///////////////////url hack////////////////////// $menu_id=$_REQUEST['menu_id']; $module=$_REQUEST['module']; $cat_id=$_REQUEST['cat_id']; $cat2_id=$_REQUEST['cat2_id']; $eshop_cat_id=$_REQUEST['eshop_cat_id']; $search_word=$_REQUEST['search']; $sql_ticker="SELECT * FROM `news` ORDER BY `date` DESC, `id` DESC"; $result_ticker=mysql_query($sql_ticker, $conn) or die(mysql_error()); $sql_menu="SELECT * FROM `menu` where `pub`='1' ORDER BY `order` ASC "; $result_menu=mysql_query($sql_menu, $conn) or die(mysql_error()); $menu_rows=mysql_num_rows($result_menu); //////////////////banners///////////////////// if($menu_id!=NULL) { $sql_top="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|$menu_id|%' and `position`='image1'"; $result_top=mysql_query($sql_top, $conn) or die(mysql_error()); $newArray_top=mysql_fetch_array($result_top); $sql_left1="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|$menu_id|%' and `position`='image2'"; $result_left1=mysql_query($sql_left1, $conn) or die(mysql_error()); $newArray_left1=mysql_fetch_array($result_left1); $sql_left2="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|$menu_id|%' and `position`='image3'"; $result_left2=mysql_query($sql_left2, $conn) or die(mysql_error()); $newArray_left2=mysql_fetch_array($result_left2); /*$sql_right2="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|$menu_id|%' and `position`='image4'"; $result_right2=mysql_query($sql_right2, $conn) or die(mysql_error()); $newArray_right2=mysql_fetch_array($result_right2); $sql_right3="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|$menu_id|%' and `position`='image5'"; $result_right3=mysql_query($sql_right3, $conn) or die(mysql_error()); $newArray_right3=mysql_fetch_array($result_right3);*/ } if($_REQUEST['product_cat_id']!=NULL) { $product_cat_id =$_REQUEST['product_cat_id']; $sql_top="SELECT * FROM `banners` WHERE `product_cat_id` LIKE '%|$product_cat_id|%' and `position`='image1'"; $result_top=mysql_query($sql_top, $conn) or die(mysql_error()); $newArray_top=mysql_fetch_array($result_top); $sql_left1="SELECT * FROM `banners` WHERE `product_cat_id` LIKE '%|$product_cat_id|%' and `position`='image2'"; $result_left1=mysql_query($sql_left1, $conn) or die(mysql_error()); $newArray_left1=mysql_fetch_array($result_left1); $sql_left2="SELECT * FROM `banners` WHERE `product_cat_id` LIKE '%|$product_cat_id|%' and `position`='image3'"; $result_left2=mysql_query($sql_left2, $conn) or die(mysql_error()); $newArray_left2=mysql_fetch_array($result_left2); /*$sql_right2="SELECT * FROM `banners` WHERE `product_cat_id` LIKE '%|$product_cat_id|%' and `position`='image4'"; $result_right2=mysql_query($sql_right2, $conn) or die(mysql_error()); $newArray_right2=mysql_fetch_array($result_right2); $sql_right3="SELECT * FROM `banners` WHERE `product_cat_id` LIKE '%|$product_cat_id|%' and `position`='image5'"; $result_right3=mysql_query($sql_right3, $conn) or die(mysql_error()); $newArray_right3=mysql_fetch_array($result_right3);*/ } ///////////default///// $sql_top_def="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|48|%' and `position`='image1'"; $result_top_def=mysql_query($sql_top_def, $conn) or die(mysql_error()); $newArray_top_def=mysql_fetch_array($result_top_def); $sql_left1_def="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|48|%' and `position`='image2'"; $result_left1_def=mysql_query($sql_left1_def, $conn) or die(mysql_error()); $newArray_left1_def=mysql_fetch_array($result_left1_def); $sql_left2_def="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|48|%' and `position`='image3'"; $result_left2_def=mysql_query($sql_left2_def, $conn) or die(mysql_error()); $newArray_left2_def=mysql_fetch_array($result_left2_def); /*$sql_right2_def="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|23|%' and `position`='image4'"; $result_right2_def=mysql_query($sql_right2_def, $conn) or die(mysql_error()); $newArray_right2_def=mysql_fetch_array($result_right2_def); $sql_right3_def="SELECT * FROM `banners` WHERE `menu_id` LIKE '%|23|%' and `position`='image5'"; $result_right3_def=mysql_query($sql_right3_def, $conn) or die(mysql_error()); $newArray_right3_def=mysql_fetch_array($result_right3_def);*/ //////////////////banners///////////////////// if($_REQUEST['logout']==1) { if($module!="profile") $_SESSION['giannoulakis_member_id']=NULL; if(($module=="profile")||($module=="history")) { $_SESSION['giannoulakis_member_id']=NULL; header("Location:index.php"); } } if($_REQUEST['login']==1) { $email_login=$_REQUEST['email_login']; $pass_login=$_REQUEST['pass_login']; if(($email_login)&&($pass_login)) { if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email_login)!=1) $wrong_mail=1; if($wrong_mail!=1) { $sql_exists="SELECT * FROM `members` WHERE `username`='$email_login' and `password`='$pass_login' and `active`='1'"; $result_exists=mysql_query($sql_exists, $conn) or die(mysql_error()); $newArray_exists=mysql_fetch_array($result_exists); $num_exists=mysql_num_rows($result_exists); if($num_exists>0) { $exists=1; $_SESSION['giannoulakis_member_id']=$newArray_exists['id']; } if($num_exists==0) { $wrong_login=1; } } } } $member_id=$_SESSION['giannoulakis_member_id']; if($member_id) { $sql_member="SELECT * FROM `members` WHERE `id`='$member_id' and `active`='1'"; $result_member=mysql_query($sql_member, $conn) or die(mysql_error()); $newArray_member=mysql_fetch_array($result_member); } if(($member_id)&&($module=="register")) header("Location:index.php"); //////////////////getURL///////////////////////// function curPageURL() { $pageURL = 'http'; if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";} $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } $this_page = basename($_SERVER['REQUEST_URI']); if (strpos($this_page, "?") !== false) $this_page = explode("?", $this_page); if($this_page[1]!="n") $k="&"; if($this_page[1]=="n") $k="?"; //////////////////getURL///////////////////////// /////////////////newsletter insert/////////// if($_REQUEST['newsletter']) { $ms = eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_REQUEST['newsletter']); $sql_nls="SELECT * FROM `newsletter` WHERE `email`='$_REQUEST[newsletter]'"; $result_nls=mysql_query($sql_nls, $conn) or die(mysql_error()); $num_nls=mysql_num_rows($result_nls); if(($ms==1)&&($num_nls!=1)) { $sql1="INSERT INTO `newsletter` (`email`) VALUES ('$_REQUEST[newsletter]')"; mysql_query($sql1); } } /////////////////newsletter insert/////////// ?> Γιαννουλάκης Α.Ε. υδραυλικός και μηχανολογικός εξοπλισμός, ύδρευση, άρδευση, θέρμανση, πλακίδια, είδη υγιεινής, Ηράκλειο, Κρήτη
ΣΥΝΟΠΤΙΚΑ ΝΕΑ:
Εταιρικό Προφίλ | Εκθεσιακός χώρος | Εταιρικά Νέα | Επικοινωνία