<?php if (!$_POST || !$_POST['package'] || !$_POST['version'] || !$_POST['path']) { print "MISSING PARAMETERS"; } else { include "DownloadsDB.php"; $db = new DownloadsDB(); if (!$db->isLoggedIn()) { print "INVALID CREDENTIALS"; return; } $package = $db->escape($_POST['package']); $version = $db->escape($_POST['version']); $path = $db->escape($_POST['path']); $db->query("INSERT INTO releases (package, version, path, dateAdded) VALUES ('{$package}', '{$version}', '{$path}', NOW())"); } print "SUCCESS";
<?php include 'DownloadsDB.php'; $db = new DownloadsDB(); if ($_POST['id'] && $_POST['package'] && $_POST['version'] && $_POST['path'] && $db->isLoggedIn()) { $package = $db->escape($_POST['package']); $version = $db->escape($_POST['version']); $path = $db->escape($_POST['path']); $id = $db->escape($_POST['id']); $db->query("UPDATE releases SET package='{$package}', version='{$version}', path='{$path}' WHERE id={$id}"); header("Location: admin.php"); } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Edit</title> <link rel="stylesheet" href="style.css" type="text/css"> <style type="text/css" media="screen"> label { width: 200px; display: block; float: left; text-align: right; position: relative; top: 2px; margin-right: 10px; } </style> </head> <body>