interiorvisions.co.th

upload mass deface mass delete console info server

name : update_team.php

<?php
include('../config/config.php');


$q    = $_POST['q'];

if(isset($_FILES['file']['tmp_name'])){
    $sql = "SELECT * FROM teams WHERE t_id = ".$q." ";
    $res = $conn->query($sql);
    while($row = $res->fetch_assoc()){
        $image = $row['t_image'];
        @unlink("../".$image);
    }

    $images1 = $_FILES['file']['tmp_name'];
    $images_name1 = $_FILES['file']['name'];
    $images = "images/team/".$images_name1;
    move_uploaded_file($_FILES['file']['tmp_name'],"../images/team/".$_FILES["file"]["name"]);
    $sql = "update teams  SET  t_image = '".$images."' WHERE t_id = ".$q."";
    $res = $conn->query($sql);
    if($res === TRUE ){
        echo 1;
    }else{
        echo 0;
    }
}else{
    echo 1;
}



?>

UnknownSec Shell