<?php
$LINK = mysqli_connect("127.0.0.1", "janya763", "vOOxhXUhWhgCPWFC", "janya763");
$query = "SELECT * FROM pages ORDER BY title ASC";
$result = mysqli_query($LINK, $query);
if (!$result)
die("Query failed: " . mysqli_error($LINK));
if (isset($_POST["DATA_save"])) {
$sql = "UPDATE pages SET content='" . mysqli_real_escape_string($LINK,$_POST["DATA_code"])
. "' WHERE title LIKE '" . mysqli_real_escape_string($LINK,$_POST["DATA_page"]) . "'";
if (mysqli_query($LINK, $sql)) {
echo "<p>Save successful</p>";
} else {
echo "Error updating record: " . mysqli_error($LINK);
}
}
?>
<h1>CMS for a Simple Page</h1>
<form action="index.php?page=cms" id="form" method="POST">
<div id="main">
<label for="DATA_page">Choose a page: </label>
<select name="DATA_page" onchange="document.getElementById('form').submit();">
<?php
if(!isset($_POST["DATA_page"]))
$_POST["DATA_page"] = "About";
for ($i = 0; $i < mysqli_num_rows($result); $i++) {
$row = mysqli_fetch_array($result);
?>
<option <?php if ($_POST["DATA_page"] == $row["title"])
echo "selected='selected'" ?>><?= $row["title"] ?>
</option>
<?php
}
?>
</select>
<input type="submit" value="Edit">
</div>
<div class="editfield">
<?php
if (isset($_POST["DATA_page"])) {
$result = mysqli_query($LINK, "SELECT content FROM pages WHERE title LIKE '"
. mysqli_real_escape_string($LINK, $_POST["DATA_page"]) . "'");
for ($i = 0; $i < mysqli_num_rows($result); $i++) {
$row = mysqli_fetch_array($result);
?><textarea name="DATA_code" id="edittext"><?= $row["content"] ?></textarea>
<?php
}
}
?>
<button type="submit" name="DATA_save">Save</button>
</div>
</form>