here"; } elseif($_POST['saveedit']) { //delete old staticfile... $ds=mysql_fetch_array(safe_query("SELECT name FROM `".PREFIX."static` WHERE staticID='".$_POST['staticID']."'")); unlink('../'.$ds[name]); //...to write a new, updated one $file = ("../html/".$_POST['name']); $fp = fopen ($file, "w"); fwrite ($fp, stripslashes($_POST['content'])); fclose($fp); safe_query("UPDATE `".PREFIX."static` SET name='".$_POST['name']."', accesslevel='".$_POST['accesslevel']."' WHERE staticID='".$_POST['staticID']."'"); } elseif($_GET['delete']) { $ds=mysql_fetch_array(safe_query("SELECT name FROM `".PREFIX."static` WHERE staticID='".$_GET['staticID']."'")); @unlink('../html/'.$ds[name]); safe_query("DELETE FROM `".PREFIX."static` WHERE staticID='".$_GET['staticID']."'"); } echo'

Static pages

'; if($_GET['action']=="add") { echo''; } elseif($_GET['action']=="edit") { $staticID = $_GET['staticID']; $ergebnis=safe_query("SELECT * FROM `".PREFIX."static` WHERE staticID='$staticID'"); $ds=mysql_fetch_array($ergebnis); echo''; } else { echo'

'; $ergebnis=safe_query("SELECT * FROM ".PREFIX."static ORDER BY name"); echo''; while($ds=mysql_fetch_array($ergebnis)) { echo''; } echo'

filename:	Actions:

'.$ds[name].'

'; } ?>

Filename
html-content:	<html> <head> <title>webSPELL 4</title> </head> <body> </body> </html>

Filename
html-content:	'.getinput(file_get_contents('../html/'.$ds['name'])).'