1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
<?php
require("configure.php");
if (!isset($_SESSION["cmslogin"])) {
header("Location: login.php");
exit;
}
$newstitle = htmlspecialchars($_POST["newstitle"], ENT_QUOTES);
$newsdesc = preg_replace("/'/", "\'", $_POST["newsdesc"]);
$newslink = htmlspecialchars($_POST["newslink"], ENT_QUOTES);
$newscover = htmlspecialchars($_POST["newscover"], ENT_QUOTES);
$sql = "select max(newsid) as maxid ";
$sql .= "from news";
$result = mysql_query($sql);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$newsid = $row{maxid} + 1;
$sql = "insert into news (newsid, newstitle, newsdesc, newslink, newscover) values ('$newsid', '$newstitle', '$newsdesc', '$newslink', '$newscover')";
//echo $sql;
mysql_query($sql);
mysql_close($dbh);
header("Location: newsindex.php?msg=Add Successful");
?>
|