"; $accfoldername = substr($tempname, 0, strpos($tempname, '/') ); if ($accfoldername=="shop001") $accfoldername=""; require_once($filepath.$backend."config".$accfoldername.".inc.php"); require_once($filepath.$backend."common.inc.php"); include("config.php"); if ( !empty($_SESSION["acccheck"]) && !empty($_SESSION["acclogin"]) ) { $sql= "SELECT * FROM `backend_user` WHERE skey = '".$_SESSION["acccheck"]."' AND login = '".$_SESSION["acclogin"]."'"; $rs = $db->query($sql); if (mysql_num_rows($rs) == 0) { header("Location: ../error.php"); exit; } } else { header("Location: ../error.php"); exit; } $page_field = ""; if ($id == "") { //check if ($temp_id == "") { header("Location: ".$page_address_list); exit; } //insert $sql = "INSERT INTO `".$page_tbname."` ( `id` ) VALUES ( NULL );"; $db->query($sql); $id = $db->insert_id(); if($temp_id != ""){ $sql = "UPDATE `attachment` SET `table_id` = '".$id."', `temp_id` = '' WHERE `table_name` = '".$page_tbname."' AND `temp_id` = '".$temp_id."'"; $db->query($sql); } } $tags_each= $tags; if ($tags_each){ foreach ($tags_each as $t){ $tags_id .= $t." "; } } //update $sql ="UPDATE `".$page_tbname."` SET `display`='".escapeit($display)."', displayhot='".escapeit($displayhot)."', displayhot1='".escapeit($displayhot1)."', displayhot2='".escapeit($displayhot2)."', qunxs='".escapeit($qunxs)."', colorxs='".escapeit($colorxs)."', quns='".escapeit($quns)."', colors='".escapeit($colors)."', qunm='".escapeit($qunm)."', colorm='".escapeit($colorm)."', qunl='".escapeit($qunl)."', colorl='".escapeit($colorl)."', qunxl='".escapeit($qunxl)."', colorxl='".escapeit($colorxl)."', price1='".escapeit($price1)."', price2='".escapeit($price2)."', price3='".escapeit($price3)."', price3unit='".escapeit($price3unit)."', price1unit='".escapeit($price1unit)."', price2unit='".escapeit($price2unit)."', qunxs='".escapeit($qunxs)."', `sorting`='".escapeit($sorting)."', `sortinghot`='".escapeit($sortinghot)."', `sortinghot1`='".escapeit($sortinghot1)."', `sortinghot2`='".escapeit($sortinghot2)."', `levelone`='".escapeit($levelone)."', `leveltwo`='".escapeit($leveltwo)."', `productcode`='".escapeit($code)."', `en_name`='".escapeit($en_name)."', `tc_name`='".escapeit($tc_name)."', `sc_name`='".escapeit($sc_name)."', `en_desc`='".escapeit($en_desc)."', `tc_desc`='".escapeit($tc_desc)."', `sc_desc`='".escapeit($sc_desc)."', `alt`='".escapeit($alt)."', `seo`='".escapeit($seo)."' WHERE `id` = '".$id."'"; $db->query($sql); /*echo $sql; exit;*/ //delete file if (!empty($delfiles)) { foreach ($delfiles as $key => $value) { del_attachment($value, "../../"); } } header("Location: ".$page_address_list."?keepSession=1&page=".$page); exit; ?>