Mini Shell

<?php

    include '../db/database.php';
    
    $news_id = $_POST['news_id'];
    $newstype = $_POST['newstype'];
    $news_topic = $_POST['news_topic'];
    $topic_detail = $_POST['topic_detail'];
    $news_detail = $_POST['news_detail'];
    $news_status = $_POST['news_status'];
    $user_author = $_POST['user_author'];

    

     //ถ้าอัพเดทอัพโหลดรูป
    if (is_uploaded_file($_FILES['news_images']['tmp_name'])) {
        //ลบรูปเดิมก่อน
        $sql_img = "SELECT news_images FROM news WHERE news_id='$news_id'";
        $result_img = mysqli_query($link, $sql_img);
        $img_name = mysqli_fetch_row($result_img);
        @unlink('images/'.$img_name[0]);
        
        $new_image_name = 'news_'.uniqid().".".pathinfo(basename($_FILES['news_images']['name']), PATHINFO_EXTENSION);
        $image_upload_path = "images/".$new_image_name;
        move_uploaded_file($_FILES['news_images']['tmp_name'],$image_upload_path);
        
        $sql = "UPDATE `news` SET `news_images`='$new_image_name' WHERE (`news_id`='$news_id')";
        mysqli_query($link, $sql);
    }
    
    $sql = "UPDATE `news` SET  `news_topic`='$news_topic',`topic_detail`='$topic_detail',`news_detail`='$news_detail', `news_status`='$news_status', `newstype_id`='$newstype', `user_author`='$user_author' WHERE (`news_id`='$news_id')";
    
    $result = mysqli_query($link, $sql);
    
    if ($result) {
       echo "<script>window.location='news.php';</script>";
    } else {
       echo "<script>alert('เกิดข้อผิดผลาด ! ไม่สามารถแก้ไขข้อมูลได้');window.location='news.php';</script>";
    }