<?php
if ($_POST) {
include_once 'config.inc.php';
include_once 'functions.php';
checkInputAndRewritePostArray();
login($link, 'users', $_POST['login'], $_POST['password']);
}
?>
<form action="" method="post">
<label for="login">Login</label>
<input type="text" name="login" id="login">
<label for="password">Password</label>
<input type="text" name="password" id="password">
<input type="submit">
</form>
function insertOrUpdate($link)
{
if ($_POST) {
checkInputAndRewritePostArray();
if (isset($_POST['id'])) {
$sql = "UPDATE products SET `name`='{$_POST['name']}',";
} else {
$sql = "INSERT INTO products SET `name`='{$_POST['name']}',";
define('DS', DIRECTORY_SEPARATOR);
$tmp = $_FILES['image']['tmp_name'];
$path = __DIR__ . DS . 'uploads' . DS . $_FILES['image']['name'];
move_uploaded_file($_FILES['image']['tmp_name'], "{$path}");
$path = mysqli_real_escape_string($link, 'uploads' . DS . $_FILES['image']['name']);
// mysqli_real_escape_string($link,$sql);
}
$path = mysqli_real_escape_string($link, $_POST['image']);
$date = date('d-m-Y H:i:s');
$sql .= " description='{$_POST['description']}',\n price='{$_POST['price']}',\n is_active='{$_POST['is_active']}',\n vendor='{$_POST['vendor']}',\n id_category='{$_POST['id_category']}',\n lastModify='{$date}'";
if (isset($_POST['id'])) {
$sql .= ", image='{$path}' WHERE id='{$_POST['id']}'";
} else {
$sql .= ", image='{$path}'";
}
$res = mysqli_query($link, $sql);
}
}
