D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
home3
/
encodto1
/
attraction.encodersunlimited.com
/
attadminraction
/
Filename :
crud.php
back
Copy
<?php require_once('config.php'); // ADD ================================================================= if (isset($_POST['addgallery'])) { foreach ($_POST as $key => $value) { $_POST[$key] = mysqli_real_escape_string($conn, $value); } $imgpath = image_upload($_FILES['image']); $query = "INSERT INTO `gallery`(`name`, `category`, `image`) VALUES ('{$_POST['name']}', '{$_POST['category']}', '$imgpath')"; if (mysqli_query($conn, $query)) { header("Location: gallery.php?success=added"); } else { header("Location: gallery.php?alert=add_failed"); } } if (isset($_POST['addservice'])) { // Corrected from 'addserice' to 'addservice' foreach ($_POST as $key => $value) { $_POST[$key] = mysqli_real_escape_string($conn, $value); } $imgpath = image_upload($_FILES['image']); // Corrected the query with the correct variable order $query = "INSERT INTO `services`(`name`, `image`) VALUES ('{$_POST['name']}', '$imgpath')"; if (mysqli_query($conn, $query)) { header("Location: services.php?success=added"); } else { header("Location: services.php?alert=add_failed"); } } if (isset($_POST['addacademy'])) { // Sanitize input fields $name = mysqli_real_escape_string($conn, $_POST['name']); $description = mysqli_real_escape_string($conn, $_POST['description']); $price = mysqli_real_escape_string($conn, $_POST['price']); $spec = mysqli_real_escape_string($conn, $_POST['spec']); $specs = mysqli_real_escape_string($conn, $_POST['specs']); $duration = mysqli_real_escape_string($conn, $_POST['duration']); // Handle file upload $image = $_FILES['image']['name']; move_uploaded_file($_FILES['image']['tmp_name'], "uploads/" . $image); // Insert into database $query = "INSERT INTO academy (name, description, price, specs, spec, duration, image) VALUES ('$name', '$description', '$price', '$specs', '$spec', '$duration', '$image')"; if (mysqli_query($conn, $query)) { header('Location: academy.php'); } else { echo "Error: " . mysqli_error($conn); } } if (isset($_POST['addtestimonial'])) { foreach ($_POST as $key => $value) { $_POST[$key] = mysqli_real_escape_string($conn, $value); } $imgpath = image_upload($_FILES['image']); $query = "INSERT INTO `testimonial`(`name`, `comment`, `designation`, `image`) VALUES ('{$_POST['name']}', '{$_POST['comment']}','{$_POST['designation']}', '$imgpath')"; if (mysqli_query($conn, $query)) { header("Location: testimonial.php?success=added"); } else { header("Location: testimonial.php?alert=add_failed"); } } if (isset($_POST['addquery'])) { // Sanitize input data $name = mysqli_real_escape_string($conn, $_POST['name']); $email = mysqli_real_escape_string($conn, $_POST['email']); $phone = mysqli_real_escape_string($conn, $_POST['number']); $subject = mysqli_real_escape_string($conn, $_POST['subject']); $message = mysqli_real_escape_string($conn, $_POST['message']); // Prepare and execute the query $query = "INSERT INTO `contact`(`name`, `email`, `number`, `subject`, `message`) VALUES ('$name', '$email', '$phone', '$subject', '$message')"; if (mysqli_query($conn, $query)) { // Redirect on success header("Location: contact.php?status=success"); exit(); } else { // Redirect on error header("Location: contact.php?status=error"); exit(); } } // DELETE================================================================= if (isset($_POST['delete_service'])) { // Get the service ID from the form $id = $_POST['id']; // SQL query to delete the service $query = "DELETE FROM services WHERE id = ?"; if ($stmt = $conn->prepare($query)) { $stmt->bind_param("i", $id); // "i" for integer type if ($stmt->execute()) { // Redirect to the dashboard page after deletion echo '<script>alert("Service deleted successfully!"); window.location.href = "dashboard.php";</script>'; } else { // Handle error if query fails echo '<script>alert("Failed to delete service!"); window.location.href = "dashboard.php";</script>'; } } else { echo '<script>alert("Query preparation failed!"); window.location.href = "dashboard.php";</script>'; } } if (isset($_POST['delete_academy'])) { $id = $_POST['id']; // Get the ID of the record to delete // Create SQL query to delete the record $deleteQuery = "DELETE FROM `academy` WHERE `id` = ?"; // Prepare the query if ($stmt = mysqli_prepare($conn, $deleteQuery)) { // Bind the parameter mysqli_stmt_bind_param($stmt, "i", $id); // Execute the query if (mysqli_stmt_execute($stmt)) { // Redirect back to the dashboard or page header("Location: index.php?message=Record deleted successfully"); exit(); } else { // If the query fails echo "Error: " . mysqli_error($conn); } } else { echo "Error in preparing query: " . mysqli_error($conn); } } // Check if the form is submitted to delete a testimonial if (isset($_POST['delete_testimonial'])) { // Get the ID of the testimonial to delete $id = $_POST['id']; // Create a DELETE query to remove the testimonial from the database $query = "DELETE FROM testimonial WHERE id = $id"; // Execute the query if (mysqli_query($conn, $query)) { // Redirect to the same page or another page after successful deletion echo '<script>alert("Testimonial deleted successfully."); window.location.href = "testimonial_page.php";</script>'; } else { // Display an error if the query fails echo '<script>alert("Error deleting testimonial."); window.location.href = "testimonial_page.php";</script>'; } } if (isset($_POST['delete_gallery'])) { $id = $_POST['id']; // Get the id from the hidden input field // Sanitize the input to prevent SQL injection $id = mysqli_real_escape_string($conn, $id); // Delete query $query = "DELETE FROM `gallery` WHERE `id` = '$id'"; // Execute the query if (mysqli_query($conn, $query)) { // Redirect to the gallery page with a success message header("Location: gallery.php?message=Record Deleted Successfully"); exit(); } else { // If the query fails, show an error message echo "Error deleting record: " . mysqli_error($conn); } } // ========================== Edit ======================================= ?>