관리-도구

편집 파일: submit-reviews.php

<?php ob_start(); // VERY IMPORTANT – prevents header errors error_reporting(E_ALL); ini_set('display_errors', 1); session_start(); include("config.php"); /* =============================== GET & CLEAN INPUT ================================ */ $cname = mysqli_real_escape_string($conn, $_POST['cname'] ?? ''); $content = mysqli_real_escape_string($conn, $_POST['content'] ?? ''); $flag = $_REQUEST['flag'] ?? ''; $id = $_POST['id'] ?? ''; /* =============================== DELETE REVIEW ================================ */ if ($flag === "del") { $id = $_GET['id'] ?? 0; $id = (int)$id; $conn->query("DELETE FROM umreview WHERE id=$id"); header("Location:add-reviews.php?flag=del"); exit; } /* =============================== INSERT NEW REVIEW ================================ */ if ($id == "") { $sql = "INSERT INTO umreview (cname, review) VALUES ('$cname', '$content')"; $conn->query($sql); $id = mysqli_insert_id($conn); /* FILE UPLOAD */ if (!empty($_FILES["cphoto"]["name"])) { $ext = pathinfo($_FILES["cphoto"]["name"], PATHINFO_EXTENSION); $filename = "umreviewimg_" . $id . "." . $ext; $destination = $uploadpath . $filename; move_uploaded_file($_FILES["cphoto"]["tmp_name"], $destination); $conn->query("UPDATE umreview SET cphoto='$filename' WHERE id=$id"); } header("Location:add-reviews.php?flag=dn"); exit; } /* =============================== UPDATE REVIEW ================================ */ $id = (int)$id; $sql_up = "UPDATE umreview SET cname='$cname', review='$content' WHERE id=$id"; $conn->query($sql_up); /* FILE UPLOAD */ if (!empty($_FILES["cphoto"]["name"])) { $ext = pathinfo($_FILES["cphoto"]["name"], PATHINFO_EXTENSION); $filename = "umreviewimg_" . $id . "." . $ext; $destination = $uploadpath . $filename; move_uploaded_file($_FILES["cphoto"]["tmp_name"], $destination); $conn->query("UPDATE umreview SET cphoto='$filename' WHERE id=$id"); } header("Location:add-reviews.php?flag=up"); exit;