session_start();
require "../includes/checkPermission.php";
require "../../deny/connector.php";
require "class/class.Product.php";
require "../includes/injection.php";
require "../../includes/trackXML.php";
$cate = sqlInjection($_POST['CateID']);
$lable = sqlInjection($_POST['Lable']);
$price = sqlInjection($_POST['Price']);
$artist = sqlInjection($_POST['Artist']);
$producer = sqlInjection($_POST['Producer']);
$year = sqlInjection($_POST['pubYear']);
$disktype = sqlInjection($_POST['DiskType']);
$description = sqlInjection($_POST['Description']);
$tracklist = "";
$image = sqlInjection($_POST['proImage']);
$status = sqlInjection($_POST['ProStatus']);
$id = sqlInjection($_GET['pID']);
$trck = new TrackXML();
$prod = new Product();
if (isset($_POST['trackname']) && isset($_POST['tracklength'])) {
$tracklist = $trck->createXML($_POST['trackname'], $_POST['tracklength']);
}
/*echo $lable."<br>".$cate."<br>".$price
."<br>".$artist."<br>".$producer."<br>".$year."<br>".$disktype."<br>".$description
."<br>".$tracklist."<br>".$image."<br>".$status;*/
$prod->update($id, $lable, $cate, $price, $artist, $producer, $year, $disktype, $description, $tracklist, $image, $status);
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listproduct'>";
//header("location: ../admincp.php?opt=listproduct");
//exit();
