1) { unset($func_get_args[0]); $fields = '`'. implode('`, `', $func_get_args) .'`'; $data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `accounts` WHERE `id` = $user_id;")); return $data; } } // Since only paygol.com is able to communicate with this script, we will blindly trust them until proven othervise. if ($service_id == $paygol['serviceID']) { $new_points = (int)$paygol['points']; $data = user_data($custom, 'name'); if ($data['name']) { // Sanitize all data: (ok, we do not completely trust them blindly. D:) $message_id = sanitize($message_id); $service_id = sanitize($service_id); $shortcode = sanitize($shortcode); $keyword = sanitize($keyword); $message = sanitize($message); $sender = sanitize($sender); $operator = sanitize($operator); $country = sanitize($country); $custom = sanitize($custom); $points = sanitize($points); $price = sanitize($price); $currency = sanitize($currency); // Update logs: $log_query = mysql_query("INSERT INTO `znote_paygol` VALUES ('', '$custom', '$price', '$new_points', '$message_id', '$service_id', '$shortcode', '$keyword', '$message', '$sender', '$operator', '$country', '$currency')")or die("Log paygol SQL ERROR"); // Give points to user $old_points = mysql_result(mysql_query("SELECT `points` FROM `znote_accounts` WHERE `account_id`='$custom';"), 0, 'points'); echo 'Custom: '. $custom .'
'; echo "Query: SELECT `points` FROM `znote_accounts` WHERE `account_id`='$custom';
"; echo 'Old points: '. $old_points .'
'; $new_points += $old_points; echo 'New points: '. $new_points .'
'; $update_account = mysql_query("UPDATE `znote_accounts` SET `points`='$new_points' WHERE `account_id`='$custom'")or die(mysql_error()); echo 'Account id 2 shold be updated now!'; } else echo ' character data false'; } else echo 'service id wrong'; ?>