header('Location: index.php?action=newpost');
// Validate file name (for our purposes we’ll just remove invalid characters)
$file_name = preg_replace('/[^' . $valid_chars_regex . ']|\\.+$/i', ”, strtolower(basename($_FILES[$upload_name]['name'])));
if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) {
$_SESSION['success'] = " Invalid file name";
}
header('Location: index.php?action=newpost');
// Validate that we won’t over-write an existing file
if (file_exists($save_path . $file_name)) {
$_SESSION['success'] = " File with this name already exists";
}
header('Location: index.php?action=newpost');
move_uploaded_file($tmp_name, "/home/u956652776/public_html/uploads/{$name}");
$sql = "INSERT INTO article (posttitle,postdescription,postcategory,postmetatag,apic,username)\n VALUES ('{$posttitle}','{$postdescription}','{$postcategory}','{$postmetatag}','{$name}','{$userdata}')";
$article = new Article();
$result = $article->newarticle($sql);
if (!empty($result)) {
header('Location: index.php?action=newpost');
$_SESSION['success'] = "The post has been sucessfully inserted";
} else {
$_SESSION['error'] = "There was an error:";
}
} else {
if (isset($_POST['editabout'])) {
$title = $_POST['title'];
$description = $_POST['descriptions'];
//$postid = isset($_GET['id'])? $_GET['id'] : '';
//var_dump($posttitle,$postid);die;
$query = "UPDATE about SET title='{$title}', descriptions ='{$description}' ";
$article = new Article();
$result = $article->editabout($query);
