<?php // extract data from form; store in variable $caseName = $_

1. <?php
2. // extract data from form; store in variable
3. $caseName = $_POST["caseName"];
4. $caseClient = $_POST["caseClient"];
5. $caseArchitect = $_POST["caseArchitect"];
6. $caseInteriorDesigner = $_POST["caseInteriorDesigner"];
7. $caseEngineer = $_POST["caseEngineer"];
8. $caseContract = $_POST["caseContract"];
9. $caseInformation = $_POST["caseInformation"];
10. $caseValue = $_POST["caseValue"];
11.  
12. if ( isset( $_FILES['upload'] ) ) {
13. $name_array = $_FILES['upload']['name'];
14. $size_array = $_FILES['upload']['size'];
15. $type_array = $_FILES['upload']['type'];
16. $tmp_name_array = $_FILES['upload']['tmp_name'];
17. $allowed = array(
18. 'image/jpeg' => 'jpg',
19. 'image/pjpeg' => 'jpg',
20. 'image/gif' => 'gif',
21. 'image/png' => 'png'
22. );
23.  
24. //Check if in allowed list
25. $allowed_mime = array_keys($allowed);
26. foreach($_FILES['upload']['type'] as $file_mime) {
27. if (!in_array(strtolower($file_mime), $allowed_mime)) {
28. die('failed!');
29. }
30. }
31.  
32. (!move_uploaded_file( $tmp_name_array, getcwd() . "/uploaded/" . $name_array )
33. {
34. die('failed!');
35. }
36.  
37. $dsn = 'mysql:host=localhost;dbname=jasonglo_db ';
38. $username = 'jasonglo_usr';
39. $password = 'yt987210d';
40. //
41. // DB connection was made
42. //
43. $pdo = new PDO($dsn, $username, $password);
44.  
45.  
46.  
47. //loop over array to get names. Make sure we have actual content.
48. if ( count( $name_array ) > 0 && $name_array !== false ) {
49.  
50. //Prepare query
51. $statement = $pdo->prepare( 'INSERT INTO commercial(caseImage,caseImage2,caseImage3,caseName,caseClient,caseArchitect,caseInteriorDesigner,caseEngineer,caseValue,caseContract, caseInformation) VALUES (?,?,?,?,?,?,?,?,?,?,?)' );
52.  
53. //use a different index in the event that the numeric keys in the name array are not ordered correctly
54. $index = 1;
55.  
56.  
57.  
58. foreach ( $name_array as $key => $filename ) {
59.  
60. $statement->bindParam( $index, $name_array[$key], PDO::PARAM_STR );
61. $index++;
62. }
63. $english_format_number = number_format($caseValue);
64. $statement->bindParam(4, $caseName, PDO::PARAM_STR );
65. $statement->bindParam(5, $caseClient, PDO::PARAM_STR );
66. $statement->bindParam(6, $caseArchitect, PDO::PARAM_STR );
67. $statement->bindParam(7, $caseInteriorDesigner, PDO::PARAM_STR );
68. $statement->bindParam(8, $caseEngineer, PDO::PARAM_STR );
69. $statement->bindParam(9, $caseValue, PDO::PARAM_STR );
70. $statement->bindParam(10, $caseContract, PDO::PARAM_STR );
71. $statement->bindParam(11, $caseInformation, PDO::PARAM_STR );
72.  
73.  
74. $statement->execute();
75.  
76. }
77. }
78. ?>