<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"//www.w3.org/TR/html4/strict.dtd">
<?php
@session_start();
if(!isset($_POST['update']))
{
header('Location:index.php');
}
?>
<html>
<head>
<title>De Closet | Update Product</title>
<link rel="stylesheet" type="text/css" href="css/lstyle.css" />
<link rel="stylesheet" type="text/css" href="css/tableStyle.css" />
<script>
document.onkeydown = function(){
switch (event.keyCode){
case 116 : //F5 button
event.returnValue = false;
event.keyCode = 0;
return false;
case 82 : //R button
if (event.ctrlKey){
event.returnValue = false;
event.keyCode = 0;
return false;
}
}
}
</script>
</head>
<body>
<?php
include("oHeader.php");
?>
<p>
<div id="cslay">
<?php
include("oSide.php");
?>
<div id="content">
<?php
include("config.php");
$prodID=$_POST["prodID"];
$prodName=$_POST["prodName"];
$prodPrice=$_POST["prodPrice"];
$prodCat=$_POST["prodCat"];
$prodImage=$_POST["prodImage"];
$prodDet=$_POST["prodDet"];
$homepage=$_POST["homepage"];
$queryCheck = "SELECT prodID FROM product WHERE prodID='$prodID'";
$resultCheck = mysql_query($queryCheck);
//if(mysql_num_rows($resultCheck)==0)
//{
/*
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["prodImage"]["name"]);
$extension = end($temp);
if ((($_FILES["prodImage"]["type"] == "image/gif")
|| ($_FILES["prodImage"]["type"] == "image/jpeg")
|| ($_FILES["prodImage"]["type"] == "image/jpg")
|| ($_FILES["prodImage"]["type"] == "image/pjpeg")
|| ($_FILES["prodImage"]["type"] == "image/x-png")
|| ($_FILES["prodImage"]["type"] == "image/png"))
&& ($_FILES["prodImage"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["prodImage"]["error"] > 0)
{
echo "Return Code: " . $_FILES["prodImage"]["error"] . "<br>";
}
else
{
}
}
else
{
//echo "Invalid file";
}
*/
if(!empty($_FILES['image']['tmp_name']))
{
$tmpName = $_FILES['prodImage']['tmp_name'];
// Read the file
$fp = fopen($tmpName, 'r');
$data = fread($fp, filesize($tmpName));
$data = addslashes($data);
fclose($fp);
$query="UPDATE product SET prodID='$prodID', prodName='$prodName', prodPrice='$prodPrice', prodCat='$prodCat', prodDet='$prodDet', prodImage='$data', homepage='$homepage' WHERE prodID='$prodID'" ;
$result = mysql_query($query) or die ('Error: '.mysql_error ()) ;
}
else
{
$query="UPDATE product SET prodID='$prodID', prodName='$prodName', prodPrice='$prodPrice', prodCat='$prodCat', prodDet='$prodDet', homepage='$homepage' WHERE prodID='$prodID'" ;
$result = mysql_query($query) or die ('Error: '.mysql_error ()) ;
}
if($result)
{
$query1="SELECT * FROM product WHERE prodID='$prodID'";
echo "You have update a product.<a href='products.php'>Click here</a> to continue.";
$querySelect="SELECT * FROM product WHERE prodID='$prodID'";
$resultSelect=mysql_query($querySelect) or die ('Error: '.mysql_error ()) ;
while($row=mysql_fetch_array($resultSelect))
{
?>
<table cellspacing='0' id="tStyle"> <!-- cellspacing='0' is important, must stay -->
<!-- Table Header -->
<thead>
<tr>
<th></th>
<th>Product Detail</th>
</tr>
</thead>
<!-- Table Header -->
<!-- Table Body -->
<tbody>
<tr>
<td>Product ID</td>
<td><?php echo $row["prodID"]; ?></td>
</tr><!-- Table Row -->
<tr class="even">
<td>Product Name</td>
<td><?php echo $row["prodName"]; ?></td>
</tr><!-- Darker Table Row -->
<tr>
<td>Price</td>
<td><?php echo "RM".$row["prodPrice"].""; ?></td>
</tr>
<tr class="even">
<td>Category</td>
<td><?php echo $row["prodCat"]; ?></td>
</tr>
<tr>
<td>Image</td>
<td>
<img src="data:image/jpeg;base64,<?php echo base64_encode($row["prodImage"]); ?>" width="190px" height="190px" />
</td>
</tr>
</tbody>
<!-- Table Body -->
</table>
<?php
}
}
else
{
echo "Failed to update.";
}
//}
//else
//{
//echo '<h4>Sorry! Product ID has been in the database. <a href="newProduct.php"> Try again </a></h4>';
//}
?>
</div>
<div id="blay5">
</div>
</div>
</p>
</body>
</html>
this is action page, i name it as proEditPros.php