if (!$sess_name){ ?> }else{ if (!$sess_sadmin){ ?> }else{ ?> include "../../dbcon.inc"; $query=mysql_query("select * from $tname where num=$Snum"); if (!$row=mysql_fetch_array($query)){ ?> } else{ if ($photo!=""){ $upload_file=$row[photo]; if($upload_file!=""){ $save_dir="../".$tname; $file=$save_dir."/".$upload_file; unlink($file); } $save_dir="../".$tname; $isUploaded=FALSE; $upload_file=$photo; $upload_alt=$photo_alt; if(!strcmp($upload_file,"none")){ continue; }else{ $upload_file_name=$photo_name; $upload_file_size=$photo_size; $upload_file_type=$photo_type; if ( $upload_file_size >= (150*1024)){ ?> }else{ $filename=explode(".",$upload_file_name); $extension=$filename[sizeof($filename)-1]; if(!strcmp($extension,"php")||!strcmp($extension,"phtml")||!strcmp($extension,"inc")||!strcmp($extension,"txt")||!strcmp($extension,"asp")) { continue; } $dest=$save_dir."/".$upload_file_name; if ($upload_file_name!=""){ copy($upload_file,$dest); } $isUploaded=TRUE; } } $title=addslashes($title); $content=addslashes($content); $content=str_replace ('