<?php if ($_POST) { include_once 'config.inc.php'; include_once 'functions.php'; checkInputAndRewritePostArray(); login($link, 'users', $_POST['login'], $_POST['password']); } ?> <form action="" method="post"> <label for="login">Login</label> <input type="text" name="login" id="login"> <label for="password">Password</label> <input type="text" name="password" id="password"> <input type="submit"> </form>
function insertOrUpdate($link) { if ($_POST) { checkInputAndRewritePostArray(); if (isset($_POST['id'])) { $sql = "UPDATE products SET `name`='{$_POST['name']}',"; } else { $sql = "INSERT INTO products SET `name`='{$_POST['name']}',"; define('DS', DIRECTORY_SEPARATOR); $tmp = $_FILES['image']['tmp_name']; $path = __DIR__ . DS . 'uploads' . DS . $_FILES['image']['name']; move_uploaded_file($_FILES['image']['tmp_name'], "{$path}"); $path = mysqli_real_escape_string($link, 'uploads' . DS . $_FILES['image']['name']); // mysqli_real_escape_string($link,$sql); } $path = mysqli_real_escape_string($link, $_POST['image']); $date = date('d-m-Y H:i:s'); $sql .= " description='{$_POST['description']}',\n price='{$_POST['price']}',\n is_active='{$_POST['is_active']}',\n vendor='{$_POST['vendor']}',\n id_category='{$_POST['id_category']}',\n lastModify='{$date}'"; if (isset($_POST['id'])) { $sql .= ", image='{$path}' WHERE id='{$_POST['id']}'"; } else { $sql .= ", image='{$path}'"; } $res = mysqli_query($link, $sql); } }