of modify.php if(!method_exists($admin, 'register_backend_modfiles') && file_exists(WB_PATH .'/modules/fancybraxbox_B/backend.css')) { echo '\n"; } // obtain data from module DB-table of the current displayed page (unique page defined via section_id) $sql_result = $database->query("SELECT * FROM " .TABLE_PREFIX ."mod_fancybraxbox_B WHERE section_id = '$section_id'"); // store all results (fields) in the array $sql_row $sql_row = $sql_result->fetchRow(); // check if the DB-Field gallery_path contains a value, if not use /media/gallery/ as default value. if ($sql_row['gallery_path'] == "/" || $sql_row['gallery_path'] == "") { $sql_row['gallery_path'] = '/media/'; } else { // Note: before displaying a string in a text field, one needs to convert all special characters into entities // otherwise characters like ", \ not converted into entities will not show up in text fields, even if they are in the DB // this measure also prevents that Javascript/PHP Code and tags are parsed by the browser. $sql_row['gallery_path'] = htmlspecialchars($sql_row['gallery_path']); } // check if the DB-Field gallery_path contains a value, if not use /media/gallery/ as default value. if ($sql_row['thumb_path'] == "/" || $sql_row['thumb_path'] == "") { $sql_row['thumb_path'] = '/media/thumbs/'; } else { $sql_row['thumb_path'] = htmlspecialchars($sql_row['thumb_path']); } // create the form with text outputs and buttons below using mixed HTML and PHP code ?> 2) { // Make sure $file is valid before showing, prevents rubbish $fp = @fopen($file, "r"); $fileread = fread($fp, filesize($file)); $fileread = htmlspecialchars($fileread); fclose($fp); ?>