0) {
$row = mysqli_fetch_assoc($res);
} else {
echo "testimonial not found.";
exit; // Exit if testimonial not found
}
} else {
echo "ID parameter missing.";
exit; // Exit if ID parameter is missing
}
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
// Escape user inputs for security (assuming 'name', 'review', 'para1', 'para2' are columns in your 'testimonial' table)
$name = mysqli_real_escape_string($con, $_POST['name']);
$review = mysqli_real_escape_string($con, $_POST['review']);
// File upload handling
if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
$image = $_FILES['image'];
$image_name = mysqli_real_escape_string($con, $image['name']);
$image_tmp = $image['tmp_name'];
$image_path = "../../images/testimonials/" . basename($image_name); // Unique filename
if (move_uploaded_file($image_tmp, $image_path)) {
// Update query with image path
$query = "UPDATE `testimonial` SET `name`='$name', `review`='$review', `image`='$image_name' WHERE id='$id'";
} else {
echo "Error uploading file.";
exit;
}
} else {
// Update query without changing the image
$query = "UPDATE `testimonial` SET `name`='$name', `review`='$review' WHERE id='$id'";
}
// Execute the query
$result = mysqli_query($con, $query);
if ($result) {
header('location: testimonial.php');
exit;
} else {
echo "Error updating testimonial.";
}
}
?>
Admin