<?php session_start(); header('Content-type: text/html; charset=utf-8'

1. <?php
2.     session_start();
3.     header('Content-type: text/html; charset=utf-8');
4.     require_once("db_connect.php");
5.  
6.  
7.  
8.     // Prepare an insert statement
9.     $sql = "INSERT INTO cards (name, phone, phone2, email, zipcode, address, company, job, description, userid) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
10.     if ($stmt = $conn->prepare($sql)) {
11.        
12.         if (!isset($_POST['name']) || !isset($_POST['phone']) || !isset($_POST['job']) || !isset($_POST['description']) || !isset($_SESSION['id'])) {
13.             exit();
14.         }
15.  
16.         $name = $_POST['name'];
17.         $phone = $_POST['phone'];
18.         $job = $_POST['job'];
19.         $description = $_POST['description'];
20.         $userid = $_SESSION['id'];
21.  
22.         if (isset($_POST['phone2'])) {
23.             $phone2 = $_POST['phone2'];
24.         }
25.         if (isset($_POST['email'])) {
26.             $email = $_POST['email'];
27.         }
28.         if (isset($_POST['zipcode'])) {
29.             $zipcode = $_POST['zipcode'];
30.         }
31.         if (isset($_POST['address'])) {
32.             $address = $_POST['address'];
33.         }
34.         if (isset($_POST['company'])) {
35.             $company = $_POST['company'];
36.         }
37.  
38.  
39.         if (strlen($name) > 30 || strlen($job) > 50 || strlen($email) > 50 || strlen($phone) > 20 || strlen($phone2) > 20 || strlen($address) > 50 || strlen($description) > 500 ||
40.             strlen($zipcode) > 4 || strlen($company) > 50) {
41.             exit();
42.         }
43.  
44.         $filesTempName = $_FILES['file']['tmp_name'];
45.         if (count($filesTempName) > 5) {
46.             //header("Location: addbusiness.php?message=3");
47.             exit();
48.         }
49.  
50.         for ($i = 0; $i < count($filesTempName); $i++) {
51.             if (!empty($filesTempName[$i])) {        
52.                 $allowed_types = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
53.                 $detectedType = exif_imagetype($filesTempName[$i]);
54.  
55.                 if ($_FILES["file"]["size"][$i] > 2100000) {
56.                    // header("Location: addbusiness.php?message=2");
57.                     exit();
58.                     break;
59.                 }
60.                 if (!in_array($detectedType, $allowed_types)) {
61.                     //header("Location: addbusiness.php?message=4");
62.                      exit();
63.                     break;
64.                 }
65.             }
66.         }
67.  
68.  
69.         $stmt->bind_param("ssssissssi", $name, $phone, $phone2, $email, $zipcode, $address, $company, $job, $description, $userid);
70.         $stmt->execute();
71.         $stmt->close();
72.  
73.         $cardid = $conn->insert_id;
74.         echo $cardid;
75.  
76.        
77.         $statement = $conn->prepare("INSERT INTO cardimages(image, cardid) VALUES(?, ?)");
78.         for ($i = 0; $i < count($filesTempName); $i++) {
79.             $file = $filesTempName[$i];
80.             if (is_uploaded_file($file) && !empty($file)) {
81.                 $data = "uploads/" . $_FILES["file"]["name"][$i];
82.                 move_uploaded_file($file, $data);
83.                 $statement->bind_param("si", $data, $cardid);
84.                 $statement->execute();
85.                 //header("Location: addbusiness.php?message=1");
86.             }
87.         }
88.         $statement->close();    
89.     }
90.     mysqli_close($conn);
91.     ?>