$error[] = 'Please enter the title.';
}
if ($postDesc == '') {
$error[] = 'Please enter the description.';
}
if ($postCont == '') {
$error[] = 'Please enter the content.';
}
if (!isset($error)) {
try {
$postDesc = mysql_real_escape_string($postDesc);
$postTitle = mysql_real_escape_string($postTitle);
$postCont = mysql_real_escape_string($postCont);
//insert into database
$query = "UPDATE blog_posts SET postTitle ='" . $postTitle . "',postDesc ='" . $postDesc . "', postCont = '" . $postCont . "' WHERE postID ='" . $postID . "'";
$n = my_iud($query);
//redirect to index page
if ($n == 1) {
header('Location: index.php?action=updated');
}
exit;
} catch (Exception $e) {
echo $e->getMessage();
}
}
}
?>
<?php
//check for any errors
<?php
//include config
require_once '../includes/config.php';
//if not logged in redirect to login page
if (!$user->is_logged_in()) {
header('Location: login.php');
}
//show message from add / edit page
if (isset($_GET['deluser'])) {
//if user id is 1 ignore
if ($_GET['deluser'] != '1') {
$deluser = $_GET['deluser'];
$stmt = "DELETE FROM blog_members WHERE memberID ='" . $deluser . "'";
my_iud($stmt);
header('Location: users.php?action=deleted');
exit;
}
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin - Users</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
<script language="JavaScript" type="text/javascript">
function deluser(id, title)
{
if (confirm("Are you sure you want to delete '" + title + "'"))