ikan Uploader :
Directory : /var/www/html/shardahospital_old.org/lp/hospital-lms/
Upload File : |
| Current File : /var/www/html/shardahospital_old.org/lp/hospital-lms/edit-vision.php |
<?php
error_reporting(0);
include("secure/db_config.php");
date_default_timezone_set('Asia/Kolkata');
$update_date = date('d-m-Y h:i:s');
$sid = $_REQUEST['sid'];
if($_POST['update']){
extract($_POST);
$pic = $_FILES['pic']['name'];
$heading = addslashes($heading);
$innovation = addslashes($innovation);
$signature = addslashes($signature);
if(!empty($pic)){
$allowed = array('gif','png' ,'jpg');
$filename = $_FILES['pic']['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
if(!in_array($ext,$allowed) ) {
$error_image_ext ="<font color='#990000'>Invalid Extension for image.</font>";
$error = 1;
}
if($error!='1'){
$target_path = "upload_img/pm_pic/";
$uploadpic = time().$_FILES['pic']['name'];
$upl = move_uploaded_file($_FILES['pic']['tmp_name'], $target_path.$uploadpic);
/*************** unlink image *****************************/
$hiddenimage;
$ulinkimage = unlink($target_path.$hiddenimage);
$qeru = mysqli_query($connection,"update `tbl_vision` set heading ='".$heading."', upload_image='".$uploadpic."', innovation='".$innovation."', signature='".$signature."',`update_date`='".$update_date."' where vision_id='".$sid."'") or die(mysqli_error());
$ins_message = "<font color='#00CC99'>Data Insert Successfully</font>";
if($qeru){
echo "<script type='application/javascript'>window.location.href='index.php?mode=view-pm-vision'</script>";
}
}
}
else {
$heading = addslashes($heading);
$innovation = addslashes($innovation);
$signature = addslashes($signature);
$qeru = mysqli_query($connection,"update `tbl_vision` set heading ='".$heading."', innovation='".$innovation."', signature='".$signature."',`update_date`='".$update_date."' where vision_id='".$sid."'") or die(mysqli_error());
$ins_message = "<font color='#00CC99'>Data Insert Successfully</font>";
if($qeru){
echo "<script type='application/javascript'>window.location.href='index.php?mode=view-pm-vision'</script>";
}
}
}
$DA = mysqli_query($connection,"select * from `tbl_vision` where vision_id='".$sid."'");
$devalue = mysqli_fetch_array($DA);
?>
<script src="ckeditor/ckeditor.js"></script>
<div class="col-md-10">
<div class="box box-primary">
<div class="box-header with-border">
<h3 class="box-title"><a href="index.php?mode=view-pm-vision">Vision Management</a> >> Edit Vision</h3>
</div>
<p> <?php echo $ins_message;?><?php if($error_image_ext){ echo $error_image_ext;}?></p>
<div ng-app="sa_app" ng-controller="controller" ng-init="show_data()">
<form role="form" method="post" name="frm" id="frm" enctype="multipart/form-data">
<div class="box-body">
<div class="form-group">
<label for="exampleInputEmail1">Heading</label>
<input type="text" class="form-control" name="heading" ng-model="heading" id="exampleInputEmail1" placeholder="Enter Text" value="<?php echo $devalue['heading'];?>" required>
</div>
<div class="form-group">
<label for="exampleInputFile">PM Image</label>
<input type="file" id="exampleInputFile" name="pic" > <img src="upload_img/pm_pic/<?php echo $devalue['upload_image'];?>" height="50" width="50"/>
<input type="hidden" id="exampleInputFile" name="hiddenimage" value="<?php echo $devalue['upload_image'];?>">
</div>
<div class="form-group">
<label for="exampleInputEmail1">Innovation</label>
<input type="text" class="form-control" name="innovation" ng-model="innovation" id="innovation" placeholder="Enter Text" value="<?php echo $devalue['innovation'];?>" required>
</div>
<div class="form-group">
<label for="exampleInputPassword1">Signature</label>
<input type="text" class="form-control" ng-model="headline" name="signature" id="signature" placeholder="Enter Text" required value="<?php echo $devalue['signature'];?>">
</div>
</div>
<div class="box-footer">
<input type="hidden" ng-model="id">
<input type="submit" class="btn btn-primary" name="update" ng-click="insert()" >
</div>
</form>
</div>
</div>
</div>
Kontol Shell Bypass