YourPaste - For your paste! Archive - Tools - Login

new_one

Posted by unknown on Wed 9 Jan 2008 20:22 313 views - Syntax: PHP - Expires: never - Report - IMG - Download -

  1. <?php
  2. session_start();
  3. include("config.php");
  4.  
  5. // Connect to server and select database.
  6. mysql_connect($host, $db_user, $db_pass)or die("cannot connect server ");
  7. mysql_select_db($db_name)or die("cannot select DB");
  8.  
  9. $id=$_GET['id'];
  10. $action=$_GET['action'];
  11. if (!isset($_SESSION['admin']))
  12.         die("Hacking Attempt!");
  13.  
  14. if ($action == 'edit') {
  15.        
  16.         $sql="SELECT * FROM $gb_tbl_name WHERE id=$id";
  17.         $result=mysql_query($sql);
  18.         while($rows=mysql_fetch_array($result)) {
  19. ?>
  20.         <form name="edit" method="post" action="addguestbook.php?action=edit2">
  21.                 Id: <input type="text" name="id" value="<? echo $rows['id']; ?>" /><br />
  22.                 Name: <input type="text" name="name" value="<? echo $rows['name']; ?>" /><br />
  23.                 Email: <input type="text" name="email" value="<? echo $rows['email']; ?>" /><br />
  24.                 Comment: <textarea name="comment"><? echo $rows['comment']; ?></textarea> <br />
  25.                 Edit:   <input type="radio" name="edit" value="name">Name
  26.                                 <input type="radio" name="edit" value="email">Email
  27.                                 <input type="radio" name="edit" value="comment">Comment <br />
  28.                 <input type="submit" name="submit" value="Edit!">
  29.         </form> 
  30.                
  31. <?
  32. }
  33. }
  34. elseif ($action == 'edit2') {
  35.         $id=$_POST['id'];
  36.         $field=$_POST['edit'];
  37.         if ($field='name')
  38.                 $new_value=mysql_real_escape_string($_POST['name']);
  39.         elseif ($field='email')
  40.                 $new_value=mysql_real_escape_string($_POST['email']);
  41.         else
  42.                 $new_value=mysql_real_escape_string($POST['comment']);
  43.        
  44.         $sql="UPDATE $gb_tbl_name SET $field = $new_value WHERE `id` = $id";
  45.         mysql_query($sql);
  46.         header('Location: viewguestbook.php');
  47.         exit()
  48. }
  49. elseif ($action == 'delete') { 
  50.         $sql="DELETE FROM $gb_tbl_name WHERE id=$id";
  51.         mysql_query($sql);
  52.         header('Location: viewguestbook.php');
  53. }
  54. elseif ($_POST['name'] != NULL || $_POST['comment'] != NULL) {
  55. $name=mysql_real_escape_string($_POST['name']);
  56. $email=mysql_real_escape_string($_POST['email']);
  57. $comment=mysql_real_escape_string($_POST['comment']);
  58. $datetime=date("d-m-y h:i");
  59.  
  60. $sql="INSERT INTO $gb_tbl_name (name, email, comment, datetime) VALUES ('$name', '$email', '$comment', '$datetime')";
  61. mysql_query($sql);
  62. header('Location: viewguestbook.php');
  63. exit()
  64. }
  65. elseif (is_null($action))
  66.         echo "You must be logged in as an admin to delete / edit";
  67. else
  68.         echo "You have to fill in your Name and Comment";
  69.  
  70. mysql_close();
  71. ?>

Comments


Name:
Comment:

© 2008 YourPaste.net - Disclaimer