"; $accfoldername = substr($tempname, 0, strpos($tempname, '/') ); if ($accfoldername=="shop001") $accfoldername=""; require_once($filepath.$backend."config".$accfoldername.".inc.php"); require_once($filepath.$backend."common.inc.php"); include("config.php"); if ( !empty($_SESSION["acccheck"]) && !empty($_SESSION["acclogin"]) ) { $sql= "SELECT * FROM `backend_user` WHERE skey = '".$_SESSION["acccheck"]."' AND login = '".$_SESSION["acclogin"]."'"; $rs = $db->query($sql); if (mysql_num_rows($rs) == 0) { header("Location: ../error.php"); exit; } } else { header("Location: ../error.php"); exit; } $page_field = ""; if ($id == "") { //check if ($temp_id == "") { header("Location: ".$page_address_list); exit; } //insert $sql = "INSERT INTO `".$page_tbname."` ( user_id ) VALUES ( NULL );"; $db->query($sql); $id = $db->insert_id(); if($temp_id != ""){ $sql = "UPDATE `attachment` SET `table_id` = '".$id."', `temp_id` = '' WHERE `table_name` = '".$page_tbname."' AND `temp_id` = '".$temp_id."'"; $db->query($sql); } } $tags_each= $tags; if ($tags_each){ foreach ($tags_each as $t){ $tags_id .= $t." "; } } //update $sql ="UPDATE `".$page_tbname."` SET status='".escapeit($status)."',"; if ( escapeit(trim($login)) !="" ) $sql .=" email='".escapeit($login)."',"; if ( escapeit(trim($password)) !="" ) $sql .=" password='".escapeit(md5($password))."',"; $sql .=" mobile='".escapeit($mobile)."', remark='".escapeit($remark)."', address='".escapeit($address)."', gender='".escapeit($gender)."', name='".escapeit($name)."' WHERE user_id = '".$id."'"; $db->query($sql); if (!empty($delfiles)) { foreach ($delfiles as $key => $value) { del_attachment($value, "../../"); } } header("Location: ".$page_address_list."?keepSession=1&page=".$page); exit; ?>