prepare("INSERT INTO gallery (caption, images) VALUES (?, ?)"); $stmt->execute([$caption, $image_path]); $message = "Gallery item added successfully!"; } else { $error = "Please select a valid image file."; } } elseif (isset($_POST['edit_gallery'])) { // Update gallery item $sn = $_POST['sn']; $caption = sanitize_input($_POST['caption']); if (isset($_FILES['image']) && $_FILES['image']['error'] === 0) { // Handle new image upload $upload_dir = '../images/gallery/'; $file_extension = pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION); $allowed_extensions = ['jpg', 'jpeg', 'png', 'gif', 'webp']; if (in_array(strtolower($file_extension), $allowed_extensions)) { $filename = 'gallery_' . time() . '_' . uniqid() . '.' . $file_extension; $destination = $upload_dir . $filename; if (move_uploaded_file($_FILES['image']['tmp_name'], $destination)) { $image_path = 'images/gallery/' . $filename; // Delete old image $stmt = $DBcon->prepare("SELECT images FROM gallery WHERE sn = ?"); $stmt->execute([$sn]); $old_image = $stmt->fetchColumn(); if ($old_image && file_exists('../' . $old_image)) { unlink('../' . $old_image); } $stmt = $DBcon->prepare("UPDATE gallery SET caption = ?, images = ? WHERE sn = ?"); $stmt->execute([$caption, $image_path, $sn]); $message = "Gallery item updated successfully!"; } else { throw new Exception("Failed to upload image."); } } else { throw new Exception("Invalid file type. Only JPG, PNG, GIF, and WebP are allowed."); } } else { // Update caption only $stmt = $DBcon->prepare("UPDATE gallery SET caption = ? WHERE sn = ?"); $stmt->execute([$caption, $sn]); $message = "Gallery item updated successfully!"; } } } catch (Exception $e) { $error = $e->getMessage(); } } } // Handle delete action if (isset($_GET['delete'])) { $sn = $_GET['delete']; $csrf_token = $_GET['csrf_token'] ?? ''; if (validate_csrf_token($csrf_token)) { try { // Get image path before deletion $stmt = $DBcon->prepare("SELECT images FROM gallery WHERE sn = ?"); $stmt->execute([$sn]); $image_path = $stmt->fetchColumn(); // Delete from database $stmt = $DBcon->prepare("DELETE FROM gallery WHERE sn = ?"); $stmt->execute([$sn]); // Delete image file if ($image_path && file_exists('../' . $image_path)) { unlink('../' . $image_path); } $message = "Gallery item deleted successfully!"; } catch (Exception $e) { $error = "Error deleting gallery item: " . $e->getMessage(); } } else { $error = "Security token invalid."; } } // Fetch gallery items for listing try { $stmt = $DBcon->prepare("SELECT * FROM gallery ORDER BY sn DESC"); $stmt->execute(); $gallery_items = $stmt->fetchAll(PDO::FETCH_ASSOC); } catch (Exception $e) { $error = "Error fetching gallery items: " . $e->getMessage(); $gallery_items = []; } // Fetch single item for editing $edit_item = null; if ($action === 'edit' && isset($_GET['sn'])) { try { $stmt = $DBcon->prepare("SELECT * FROM gallery WHERE sn = ?"); $stmt->execute([$_GET['sn']]); $edit_item = $stmt->fetch(PDO::FETCH_ASSOC); if (!$edit_item) { $error = "Gallery item not found."; $action = 'list'; } } catch (Exception $e) { $error = "Error fetching gallery item: " . $e->getMessage(); $action = 'list'; } } // Generate CSRF token $csrf_token = generate_csrf_token(); ?> Gallery Management - School Admin

Gallery Management

Gallery Items

Add New Item

No Gallery Items Found

Get started by adding your first gallery item.

Add Gallery Item
$item): ?>
# Image Caption Actions
<?php echo htmlspecialchars($item['caption']); ?> Edit Delete

accept="image/jpeg,image/png,image/gif,image/webp"> Supported formats: JPG, PNG, GIF, WebP. Max size: 5MB.

Current Image:

Current image
Back to List