File "index.php"

Full Path: /home/custbahd/tourismfraternity.com/admin/events/edit/index.php
File size: 2.6 KB
MIME-type: text/x-php
Charset: utf-8

 
Open Edit   Advanced Editor   Back 
<?php
	session_start();
	include_once('../../db/saucerer.php');

	if(isset($_POST['submit'])){
		$id = mysqli_real_escape_string($mysqli, $_POST['id']);
		$code = mysqli_real_escape_string($mysqli, $_POST['code']);
		$title = mysqli_real_escape_string($mysqli, $_POST['title']);
		$cat = mysqli_real_escape_string($mysqli, $_POST['cat']);
		$email = mysqli_real_escape_string($mysqli, $_POST['email']);
		$phone = mysqli_real_escape_string($mysqli, $_POST['phone']);
		$venue = mysqli_real_escape_string($mysqli, $_POST['venue']);
		$location = mysqli_real_escape_string($mysqli, $_POST['location']);
		$district = mysqli_real_escape_string($mysqli, $_POST['district']);
		$country = mysqli_real_escape_string($mysqli, $_POST['country']);
		$start_date = mysqli_real_escape_string($mysqli, $_POST['start_date']);
		$end_date = mysqli_real_escape_string($mysqli, $_POST['end_date']);
		$start_time = mysqli_real_escape_string($mysqli, $_POST['start_time']);
		$end_time = mysqli_real_escape_string($mysqli, $_POST['end_time']);
		$description = mysqli_real_escape_string($mysqli, $_POST['description']);
		$g_maps = mysqli_real_escape_string($mysqli, $_POST['g_maps']);
		$facebook = mysqli_real_escape_string($mysqli, $_POST['facebook']);
		$instagram = mysqli_real_escape_string($mysqli, $_POST['instagram']);
		$twitter = mysqli_real_escape_string($mysqli, $_POST['twitter']);
		$youtube = mysqli_real_escape_string($mysqli, $_POST['youtube']);
		$website = mysqli_real_escape_string($mysqli, $_POST['website']);

		if ($_FILES['image']['name']=='') {
			$image = $_POST['image'];
		} else {
		$ext1 = substr($_FILES['image']['name'], strrpos($_FILES['image']['name'], '.')+1);
			$image = $code.'.'.$ext1;
			if(is_file('../images/'. $image))
				unlink('../images/'. $image);
				move_uploaded_file($_FILES['image']['tmp_name'],'../images/'. $image);
		}
		
		$sql = "UPDATE events SET title = '$title', cat = '$cat', email = '$email', phone = '$phone', venue = '$venue', location = '$location', district = '$district', country = '$country', start_date = '$start_date', end_date = '$end_date', start_time = '$start_time', end_time = '$end_time', description = '$description', g_maps = '$g_maps', facebook = '$facebook', instagram = '$instagram', twitter = '$twitter', youtube = '$youtube', website = '$website', image = '$image' WHERE id = '$id'";

		//use for MySQLi OOP
		if(mysqli_query($mysqli, $sql)){
			$_SESSION['success'] = ''.$title.' updated successfully';
		}
		
		else{
			$_SESSION['error'] = 'Something went wrong while updating '.$title.'!';
		}
	}

	header('location: ../#nav_'.$id.'');

?>