<?php require 'settings.php'; require 'check.php'; $GalleryID = $_POST['gid']; $GalleryName = $_POST['galname']; $GalleryDesc = $_POST['galdesc']; function filterFunction($var) { $var = nl2br(htmlspecialchars($var)); $var = eregi_replace("'", "'", $var); $var = eregi_replace("`", "'", $var); return $var; } $GalleryName = filterFunction($GalleryName); $GalleryDesc = filterFunction($GalleryDesc); require_once "../scripts/connect.php"; $sql = <<<SQL \tUPDATE \ttblGalleries \tSET galleryName = "{$GalleryName}", galleryDesc = "{$GalleryDesc}" WHERE galleryID = "{$GalleryID}" LIMIT 1 SQL; if (!($result = $db->query($sql))) { die('There was an error running the query [' . $db->error . ']'); $result->free(); $db->close(); } $_SESSION['updategallery'] = "True"; header("Location: {$AdminUrl}/admin-gallery-edit/" . $GalleryID); exit;
<?php require 'settings.php'; require 'check.php'; $ImageID = ereg_replace("[^0-9]", "", $_GET['ImageID']); $ImageTitle = $_GET['ImageTitle']; $ImageCaption = $_GET['ImageCaption']; function filterFunction($var) { $var = nl2br(htmlspecialchars($var)); $var = eregi_replace("'", "'", $var); $var = eregi_replace("`", "'", $var); return $var; } $ImageTitle = filterFunction($ImageTitle); $ImageCaption = filterFunction($ImageCaption); require_once "../scripts/connect.php"; $sql = <<<SQL \tUPDATE \ttblPhotos \tSET imageTitle = "{$ImageTitle}", captionText = "{$ImageCaption}" WHERE imageID = "{$ImageID}" LIMIT 1 SQL; if (!($result = $db->query($sql))) { die('There was an error running the query [' . $db->error . ']'); $result->free(); $db->close(); } $_SESSION['UpdateImage'] = "True"; //header("Location: $AdminUrl/admin-gallery-photos/". $GalleryID); //exit();