if ($errmsg == '') { function check_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); $data = mysql_real_escape_string($data); return $data; } $Productid = check_input($_POST['Productid']); $Product_name = check_input($_POST['Product_name']); $Product_type = check_input($_POST['Product_type']); $Product_price = check_input($_POST['Product_price']); $Product_description = check_input($_POST['Product_description']); $Productobj = new Product(); if ($Productobj->update_product($Productid, $Product_name, $Product_type, $Product_price, $Product_description)) { $msg .= 'Product Details successfully updated.<br>'; } else { $errmsg .= '!Opps Some thing went wrong.<br>'; } } } } include_once "../../includes/dbclose.inc.php"; ?> <?php require_once "../layouts/user_header.php"; ?> <!-- Begin lefttcolumn --> <div id="leftcolumn">
$price1 = $_REQUEST['price']; $image_name1 = $_REQUEST['image_name']; $description1 = $_REQUEST['description']; if ($_FILES["image_path"]["error"] > 0) { echo "<font size = '5'><font color=\"#e31919\">Error: NO CHOSEN FILE <br />"; echo "<p><font size = '5'><font color=\"#e31919\">INSERT TO DATABASE FAILED"; } else { $uploaddir = "images/"; move_uploaded_file($_FILES["image_path"]["tmp_name"], "{$uploaddir}" . $_FILES["image_path"]["name"]); echo "<font size = '5'><font color=\"#0CF44A\">SAVED<br>"; } $file1 = "{$uploaddir}" . $_FILES["image_path"]["name"]; switch ($_REQUEST['operation']) { case "add": $product->add_product("product_details", "product_name,price,image_name,image_path,description", "'{$product_name}','{$price}','{$image_name}','{$file}','{$description}'"); break; case "update": $product->update_product("product_details", "product_name='{$product_name1}',price='{$price1}',image_name='{$image_name1}',image_path='{$file1}',description='{$description1}'", "product_id='{$product_id1}'"); break; case "delete_rec": $product->delete_product("product_details", "product_id='{$product_id}'"); break; case "view": $product->view_product($product_list, $table); break; case "view_single": $product->view_single_product($product_list, $table, $condition); break; default: echo "<H3 color='red'>Invalid Option Please Try again!</h3>"; }
<?php require_once "../controllers/DbConnection.php"; require_once "../controllers/Product.php"; $pro = new Product(DbConnection::getConnection()); $DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT']; $upfile = "../assets/img/" . $_FILES['p_img']['name']; // Does the file have the right MIME type? if (!($_FILES['p_img']['type'] == "image/jpg" or $_FILES['p_img']['type'] == "image/gif" or $_FILES['p_img']['type'] == "image/jpeg" or $_FILES['p_img']['type'] == "image/png")) { header("Location: ../views/EditProduct.php"); } if (is_uploaded_file($_FILES['p_img']['tmp_name'])) { if (!move_uploaded_file($_FILES['p_img']['tmp_name'], $upfile)) { echo 'Problem: Could not move file to destination directory'; } else { echo 'Problem: Possible file upload attack. Filename: '; echo $_FILES['p_img']['name']; } //echo 'File uploaded successfully<br><br>'; } $result = $pro->update_product($_GET["id"], $_POST["p_name"], $_POST["u_price"], $_POST["ctg_id"], $_FILES['p_img']['name']); header("Location: ../views/Show_Products.php");
if (isset($_GET['products']) && $_GET['products'] != '') { $product->find_product($_GET['products']); if ($product->product_exists) { $product_name = $product->product_name; $product_short_details = $product->product_short_details; $product_image = $product->product_image; if (isset($_POST['product_name'])) { if ($product->product_image == '') { $rand = round(rand() * 10000, 4); $product->product_image = preg_replace('/[^a-zA-Z0-9\']/', '_', $_POST['product_name']) . $rand; $product->product_image = "images/product/" . $product->product_image . '.jpg'; } if (isset($_FILES['product_image_new']) && $_FILES['product_image_new']['name'] != '' && $_FILES["product_image_new"]["type"] == "image/jpeg") { move_uploaded_file($_FILES["product_image_new"]["tmp_name"], '../' . $product->product_image); } $product->update_product(); header('location:index.php?productskjjknjkn=' . $product->product_id); } } } if (isset($_POST['product_name'])) { if ($product->product_image == '') { $rand = round(rand() * 10000, 4); $product->product_image = preg_replace('/[^a-zA-Z0-9\']/', '_', $_POST['product_name']) . $rand; $product->product_image = "images/product/" . $product->product_image . '.jpg'; } if (isset($_FILES['product_image_new']) && $_FILES['product_image_new']['name'] != '' && $_FILES["product_image_new"]["type"] == "image/jpeg") { move_uploaded_file($_FILES["product_image_new"]["tmp_name"], '../' . $product->product_image); } $product->product_id = $product->add_product(); header('location:index.php?products=' . $product->product_id);