<?php
    require_once '../library/config.php';
    require_once '../library/functions.php';
    is_logged();

    if (!isset($_GET['id_book'])) {
    echo "The book is not defined .. ";
    exit;

    } else if(isset($_POST['txt_book'])) {
    $this_book   $_POST['this_book'];

    $book_name $_POST['txt_book'];
    $book_desc $_POST['desc_book'];

    if (!get_magic_quotes_gpc()) {
    $book_name  addslashes($book_name);
    $book_desc  addslashes($book_desc);
    }  

    if ($_FILES['book_image_file']['tmp_name'] != '') {
    $img_name   $_FILES['book_image_file']['name'];
    $loaded_image   $_FILES['book_image_file']['tmp_name'];
    $new_one md5(rand() * time()) . strrchr($img_name".");        
    $result create_icon($loaded_imageBOOKS_DIR $new_oneicon_WIDTH);

    if (!$result) {
    echo "Error uploading file";
    exit;
    }

    $sql  "SELECT book_image FROM sc_books WHERE book_id = $this_book ";

    $result mysql_query($sql) or die('Error, getting book info is failed. ' mysql_error());
    $row    mysql_fetch_assoc($result);
    unlink (BOOKS_DIR $row['book_image']);

    $new_one "'$new_one'";
    } else {
    $new_one "book_image";
    }

    $query "UPDATE sc_books
    SET book_name = '$book_name', 
    book_description = '$book_desc',
    book_image = $new_one
    WHERE book_id = $this_book";

    mysql_query($query) or die('Error: modifing book is failed : ' mysql_error());                    

    echo "<script>window.location.href='indexoo.php'</script>";

    } else {

    $id_book $_GET['id_book'];

    $sql  "SELECT book_id, book_name, book_description, book_image
    FROM sc_books
    WHERE book_id = $id_book";

    $result mysql_query($sql) or die('Error: getting book info is failed. ' mysql_error());

    if (mysql_num_rows($result) == 0) {
    ?>
    <p align="center"> The book is not found. Return to  <a href="indexoo.php">the books list</a></p>
    <?php    
    } else {    
    $row mysql_fetch_assoc($result);    
    ?>

    <form method="post" enctype="multipart/form-data" name="update_form" id="update_form">
    <table width="100%" border="0" cellpadding="2" cellspacing="1">
    <tr> 
    <th width="150">Book Name</th>
    <td width="150" bgcolor="#FCF4F4"> 
    <input name="txt_book" type="text" size = "50" id="txt_book" value="<?php echo $row['book_name']; ?>"></td>
    </tr>
    <tr> 
    <th width="150">Description</th>
    <td> 
    <textarea name="desc_book" cols="70" rows="4" id="desc_book"><?php echo $row['book_description']; ?></textarea> 
    </td>
    </tr>
    <tr> 
    <th width="150">Book image</th>
    <td><img src="../images/scbooks/<?php echo $row['book_image']; ?>"><br> 
    <input name="book_image_file" type="file" size = "70" id="book_image_file"></td>
    </tr>
    <tr> 
    <td width="150">&nbsp;</td>
    <td bgcolor="#E6E6FA">
    <input name="update_button" type="submit" id="update_button" value="Update"> 
    <input name="cancel_button" type="button" id="cancel_button" value="Cancel" onClick="window.history.back();"> 
    <input name="this_book" type="hidden" id="this_book" value="<?php echo $id_book?>"></td>
    </tr>
    </table>
    </form>
    <?php
    }
    }
    ?>