D7net Mini Sh3LL v1
Current File : C:/Domains/maymaytinson.com/httpdocs/lib/images/13/../10/../7/../16/../activity/../JUKI/../15/../zip_food/../18/../17/../2/../21/../20/../22/../5/../11/../7/../5/../22/../22/../20/../19/../10/../../../include/editNews.php |
<br><h3>Thông tin tin tức</h3>
<br>
<div id="editProduct">
<?php
$now=date("Y-m-d H:i:s");
if(isset($_GET['id'])){
$stmt=$conn->prepare("SELECT * FROM news WHERE id='".$_GET['id']."'");
$stmt->execute();
$news=$stmt->fetch(PDO::FETCH_ASSOC);
}
?>
<form method="POST" enctype="multipart/form-data">
<table>
<tr>
<td>Tiêu đề</td>
<td><input type="text" name="title" value="<?php if(isset($_GET['id'])){echo $news['title'];} ?>"></td>
<td>Hình ảnh</td>
<td><input type="file" name="image[]" multiple></td>
</tr>
<tr>
<td>Nội dung chi tiết</td>
</tr>
<tr>
<td colspan="4" id="textarea">
<textarea class="ckeditor" id="editor" name="content"><?php if(isset($_GET['id'])){echo $news['content'];} ?></textarea>
</td>
</tr>
<tr>
<td><button type="submit" name="save">Lưu lại</button></td>
</tr>
</table>
</form>
<?php
if(isset($_POST['save'])){
$image='';$count=0;
if(empty($_POST['title'])){
$errors[]="Vui lòng nhập tiêu đề";
}
if(empty($_POST['content'])){
$errors[]="Vui lòng nhập nội dung";
}
if(empty($errors)){
if(!file_exists("lib/images/news")){
mkdir("lib/images/news");
}
foreach ($_FILES["image"]['name'] as $file) {
$count++;
}
for($i=0; $i< $count; $i++)
{
move_uploaded_file($_FILES['image']['tmp_name'][$i],"lib/images/news/".$_FILES['image']['name'][$i]);
$image.=$url="lib/images/news/".$_FILES['image']['name'][$i];
$name=$_FILES['image']['name'][$i];
}
if(strlen($_FILES['image']['name'][0])!=0){
if(isset($_GET['id'])){
$stmt=$conn->prepare("UPDATE news SET title=:title,image=:image,content=:content,creator=:creator WHERE id='".$_GET['id']."'");
}else{
$stmt=$conn->prepare("INSERT INTO news(title,image,content,dateInsert,creator) VALUES(:title,:image,:content,:dateInsert,:creator)");
$stmt->bindParam(":dateInsert",$now,PDO::PARAM_STR);
}
$stmt->bindParam(":image",$image,PDO::PARAM_STR);
}else{
if(isset($_GET['id'])){
$stmt=$conn->prepare("UPDATE news SET title=:title,content=:content,creator=:creator WHERE id='".$_GET['id']."'");
}else{
$stmt=$conn->prepare("INSERT INTO news(title,content,dateInsert,creator) VALUES(:title,:content,:dateInsert,:creator)");
$stmt->bindParam(":dateInsert",$now,PDO::PARAM_STR);
}
}
$stmt->bindParam(":title",$_POST['title'],PDO::PARAM_STR);
$stmt->bindParam(":content",$_POST['content'],PDO::PARAM_STR);
$stmt->bindParam(":creator",$_SESSION['id'],PDO::PARAM_INT);
$stmt->execute();
success("Cập nhật","editNews.php?id=".$_GET['id']);
}else{
notice($errors);
}
}
?>
</div>
AnonSec - 2021 | Recode By D7net