admin “pics.php” admin page:
[code=php]<?php
/*************************
* Created By Parker Phinney
* Version 0.0
* I PWN you
* yeah…
*************************/
$admin = 1;
require(“../header.php”);
$album = $_GET[‘album’];
?>
<div class=”album”>
<div class=”album_wrapper”>
<form method=”post” action=”main.php”>
<p>
<input type=”hidden” name=”pics_admin” value=”1″ />
<input type=”hidden” name=”album” value=”<?php echo $album ?>” />
<?php
echo ‘<div class=”album_title”>’ . $album . ‘</div>’ . “n”;
$result = mysql_query(“SELECT * FROM `pics` WHERE `album` = ‘$album'”)
or die(‘Error retrieving the pictures from the database, MySQL said: ‘ . mysql_error());
while($pic = mysql_fetch_array($result)){
echo(
‘<div class=”album_image”>’ .
‘<a href=”…/’ . $pic[path] . ‘/’ . $pic[name] . ‘”>’ .
‘<img src=”../thumbs/’ . $pic[name] . ‘” alt=”album image”/></a>’ .
‘<br />’ .
‘<input type=”text” name=”caption_’ . $pic[name] . ‘” value=”‘ . $pic . ‘” />’ .
‘<br/>’ .
‘dlt’ .
‘<input type=”checkbox” name=”dlt_’ . $pic[name] . ‘” value=”1″ />’ .
‘</div>’ .
“n”
);
}
echo ‘</div>’ . “n” . ‘</div>’ . “n”;
?>
<input type=”submit” value=”Submit” />
</p>
</form>
<?php
require(“../footer.php”);
?>
“main.php” , where the data gets sent.
[code=php]
if($_POST[‘pics_admin’]){
$ok = 0;
$num = 0;
$album = $_POST[‘album’];
$result = mysql_query(“SELECT * FROM `pics` WHERE `album` = ‘$album'”);
while($pic = mysql_fetch_array($result, MYSQL_ASSOC)){
$picname = $pic[name];
if($_POST[‘dlt_’ . $picname]){
$num += 1;
if(dltpic_db($picname)){
if(dltpic_svr($picname)){
$ok += 1;
}
else{
$response = $response . $errormsg . “n”;
}
}
else{
$response = $response . $errormsg . “n”;
}
}
}
$response = $response . “$ok of the requested $num pics have been successfully deleted” . “n”;
$ok = 0;
$num = 0;
while($pic = mysql_fetch_array($result)){
if($caption = $_POST[“caption_$pics[name]”]){
if(mysql_query(“UPDATE `pics` SET `caption` = ‘$caption’ WHERE `name` = ‘$pics[name]'”) && mysql_affect_rows() != 0){
$ok += 1;
}
$num += 1;
}
}
$response = $response . “$ok of the requested $num captions have been successfully updated” . “n”;
}
edit: lol, forgot to say, the problem is that the script that handles the stuff “main.php” doesn’t seem to be getting the dlt_ stuff from post, though it is getting the album name and stuff. i run this and the response is 0 of the requested 0 pics have been successfully deleted 0 of the requested 0 captions have been successfully updated
ive tried this syntax to grab the post with a variable in the post name and it seemed to work, i dont know what could be wrong. suggestions?