header('Location: index.php?action=newpost'); // Validate file name (for our purposes we’ll just remove invalid characters) $file_name = preg_replace('/[^' . $valid_chars_regex . ']|\\.+$/i', ”, strtolower(basename($_FILES[$upload_name]['name']))); if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) { $_SESSION['success'] = " Invalid file name"; } header('Location: index.php?action=newpost'); // Validate that we won’t over-write an existing file if (file_exists($save_path . $file_name)) { $_SESSION['success'] = " File with this name already exists"; } header('Location: index.php?action=newpost'); move_uploaded_file($tmp_name, "/home/u956652776/public_html/uploads/{$name}"); $sql = "INSERT INTO article (posttitle,postdescription,postcategory,postmetatag,apic,username)\n VALUES ('{$posttitle}','{$postdescription}','{$postcategory}','{$postmetatag}','{$name}','{$userdata}')"; $article = new Article(); $result = $article->newarticle($sql); if (!empty($result)) { header('Location: index.php?action=newpost'); $_SESSION['success'] = "The post has been sucessfully inserted"; } else { $_SESSION['error'] = "There was an error:"; } } else { if (isset($_POST['editabout'])) { $title = $_POST['title']; $description = $_POST['descriptions']; //$postid = isset($_GET['id'])? $_GET['id'] : ''; //var_dump($posttitle,$postid);die; $query = "UPDATE about SET title='{$title}', descriptions ='{$description}' "; $article = new Article(); $result = $article->editabout($query);