session_start(); require "../includes/checkPermission.php"; require "../../deny/connector.php"; require "class/class.Product.php"; require "../includes/injection.php"; require "../../includes/trackXML.php"; $cate = sqlInjection($_POST['CateID']); $lable = sqlInjection($_POST['Lable']); $price = sqlInjection($_POST['Price']); $artist = sqlInjection($_POST['Artist']); $producer = sqlInjection($_POST['Producer']); $year = sqlInjection($_POST['pubYear']); $disktype = sqlInjection($_POST['DiskType']); $description = sqlInjection($_POST['Description']); $tracklist = ""; $image = sqlInjection($_POST['proImage']); $status = sqlInjection($_POST['ProStatus']); $id = sqlInjection($_GET['pID']); $trck = new TrackXML(); $prod = new Product(); if (isset($_POST['trackname']) && isset($_POST['tracklength'])) { $tracklist = $trck->createXML($_POST['trackname'], $_POST['tracklength']); } /*echo $lable."<br>".$cate."<br>".$price ."<br>".$artist."<br>".$producer."<br>".$year."<br>".$disktype."<br>".$description ."<br>".$tracklist."<br>".$image."<br>".$status;*/ $prod->update($id, $lable, $cate, $price, $artist, $producer, $year, $disktype, $description, $tracklist, $image, $status); echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listproduct'>"; //header("location: ../admincp.php?opt=listproduct"); //exit();