impetrator

File "index.php"
Full Path: /home/custbahd/tourismfraternity.com/admin/blogs/edit/index.php
File size: 3 KB
MIME-type: text/x-php
Charset: utf-8
Open Edit Advanced Editor Back
<?php
	session_start();
	include_once('../../db/saucerer.php');

	if(isset($_POST['submit'])){
		$id = mysqli_real_escape_string($mysqli, $_POST['id']);
		$code = mysqli_real_escape_string($mysqli, $_POST['code']);
		$title = mysqli_real_escape_string($mysqli, $_POST['title']);
		$sector = mysqli_real_escape_string($mysqli, $_POST['sector']);
		$cat = mysqli_real_escape_string($mysqli, $_POST['cat']);
		$topic = mysqli_real_escape_string($mysqli, $_POST['topic']);
		$author = mysqli_real_escape_string($mysqli, $_POST['author']);
		$paragraph1 = mysqli_real_escape_string($mysqli, $_POST['paragraph1']);
		$paragraph2 = mysqli_real_escape_string($mysqli, $_POST['paragraph2']);
		$paragraph3 = mysqli_real_escape_string($mysqli, $_POST['paragraph3']);
		$paragraph4 = mysqli_real_escape_string($mysqli, $_POST['paragraph4']);
		$paragraph5 = mysqli_real_escape_string($mysqli, $_POST['paragraph5']);
		$paragraph6 = mysqli_real_escape_string($mysqli, $_POST['paragraph6']);
		$web_link = mysqli_real_escape_string($mysqli, $_POST['web_link']);
		$summ1 = mysqli_real_escape_string($mysqli, $_POST['summ1']);
		$summ2 = mysqli_real_escape_string($mysqli, $_POST['summ2']);
		$summ3 = mysqli_real_escape_string($mysqli, $_POST['summ3']);

		if ($_FILES['image1']['name']=='') {
			$image1 = $_POST['image1'];
		} else {
		$ext1 = substr($_FILES['image1']['name'], strrpos($_FILES['image1']['name'], '.')+1);
			$image1 = $code.'_1.'.$ext1;
			if(is_file('../images/'. $image1))
				unlink('../images/'. $image1);
				move_uploaded_file($_FILES['image1']['tmp_name'],'../images/'. $image1);
		}

		if ($_FILES['image2']['name']=='') {
			$image2 = $_POST['image2'];
		} else {
		$ext2 = substr($_FILES['image2']['name'], strrpos($_FILES['image2']['name'], '.')+1);
			$image2 = $code.'_2.'.$ext2;
			if(is_file('../images/'. $image2))
				unlink('../images/'. $image2);
				move_uploaded_file($_FILES['image2']['tmp_name'],'../images/'. $image2);
		}

		if ($_FILES['image3']['name']=='') {
			$image3 = $_POST['image3'];
		} else {
		$ext3 = substr($_FILES['image3']['name'], strrpos($_FILES['image3']['name'], '.')+1);
			$image3 = $code.'_3.'.$ext3;
			if(is_file('../images/'. $image3))
				unlink('../images/'. $image3);
				move_uploaded_file($_FILES['image3']['tmp_name'],'../images/'. $image3);
		}
		
		$sql = "UPDATE blogs SET title = '$title', sector = '$sector', cat = '$cat', topic = '$topic', author = '$author', paragraph1 = '$paragraph1', paragraph2 = '$paragraph2', paragraph3 = '$paragraph3', paragraph4 = '$paragraph4', paragraph5 = '$paragraph5', paragraph6 = '$paragraph6', web_link = '$web_link', image1 = '$image1', image2 = '$image2', image3 = '$image3', summ1 = '$summ1', summ2 = '$summ2', summ3 = '$summ3' WHERE id = '$id'";

		//use for MySQLi OOP
		if(mysqli_query($mysqli, $sql)){
			$_SESSION['success'] = 'Blog updated successfully';
		}
		
		else{
			$_SESSION['error'] = 'Something went wrong while updating the blog!';
		}
	}

	header('location: ../#nav_'.$id.'');

?>