<?php if (isset($_POST['submit'])) { include 'functions/db_connection.php'; $catagory_name = $_POST['catagory_name']; $catagory_desc = $_POST['catagory_desc']; $status = $_POST['status']; include 'functions/crud.php'; $sql = insertNews($catagory_name, $catagory_desc, $status); if (mysqli_query($conn, $sql)) { echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); } mysqli_close($conn); $message = 'success'; header('Location: index.php?message=' . $message); }
*/ require_once 'conf.php'; require_once 'liveuser_rights.php'; require_once 'HTML/Template/IT.php'; if (!$usr->isLoggedin() || !$usr->checkRight(EDITNEWS)) { echo 'Sorry but you cannot access this page'; exit; } if (isset($_POST['news'])) { if (!$usr->checkRight(MODIFYNEWS)) { echo 'You are trying to modify a news but do not have the right to do so !'; exit; } if (isset($_POST['id'])) { if ($_POST['id'] == 0) { insertNews($db, $_POST['title'], $_POST['newscontent'], $usr->getProperty('user_id')); } else { updateNewsContent($db, $_POST['id'], $_POST['title'], $_POST['newscontent'], $usr->getProperty('user_id')); } } } $category = 'general'; if (isset($_GET['mode']) && $_GET['mode'] == "edit") { if (!isset($_GET['id']) && !is_numeric($_GET['id'])) { die('Missing news id'); } $news = getNewsContent($db, $_GET['id']); } elseif (isset($_GET['mode']) && $_GET['mode'] == "insert") { $news = getNewsContent($db, 0); } else { $news = getNewsList($db, $category);
require_once 'HTML/Template/IT.php'; if (!$usr->isLoggedIn() || !$usr->checkRight(EDITNEWS)) { echo 'Sorry but you cannot access this page'; exit; } if (array_key_exists('news', $_POST)) { if (!$usr->checkRight(MODIFYNEWS)) { echo 'You are trying to modify a news but do not have the right to do so !'; exit; } if (array_key_exists('id', $_POST)) { $id = (int) $_POST['id']; $title = htmlspecialchars(strip_tags($_POST['title'])); $newscontent = htmlspecialchars(strip_tags($_POST['newscontent'])); if ($id == 0) { insertNews($db, $title, $newscontent, $usr->getProperty('perm_user_id')); } else { updateNewsContent($db, $id, $title, $newscontent, $usr->getProperty('perm_user_id')); } } } $category = 'general'; if (array_key_exists('mode', $_GET) && $_GET['mode'] == 'edit') { if (!array_key_exists('id', $_GET) && !is_numeric($_GET['id'])) { die('Missing news id'); } $id = (int) $_GET['id']; $news = getNewsContent($db, $id); } elseif (array_key_exists('mode', $_GET) && $_GET['mode'] == 'insert') { $news = getNewsContent($db); } else {
<?php if (isset($_POST['submit'])) { include 'functions/db_connection.php'; $news_title = $_POST['news_title']; $news_reporter = $_POST['reporter_name']; $news_description = $_POST['news_description']; $news_status = $_POST['news_publish_status']; include 'functions/crud.php'; $sql = insertNews($news_title, $news_reporter, $news_description, $news_status); if (mysqli_query($conn, $sql)) { echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); } mysqli_close($conn); $message = 'Insert'; header('Location: index.php?message=' . $message); }
<?php if (isset($_POST['submit'])) { include 'functions/db_connection.php'; $name = $_POST['name']; $product_desc = $_POST['product_desc']; $price = $_POST['price']; include 'functions/crud.php'; $sql = insertNews($name, $product_desc, $price); if (mysqli_query($conn, $sql)) { echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); } mysqli_close($conn); $message = 'Insert'; header('Location: index.php?message=' . $message); }