Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- header('Content-type: text/html; charset=utf-8');
- require_once("db_connect.php");
- // Prepare an insert statement
- $sql = "INSERT INTO cards (name, phone, phone2, email, zipcode, address, company, job, description, userid) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
- if ($stmt = $conn->prepare($sql)) {
- if (!isset($_POST['name']) || !isset($_POST['phone']) || !isset($_POST['job']) || !isset($_POST['description']) || !isset($_SESSION['id'])) {
- exit();
- }
- $name = $_POST['name'];
- $phone = $_POST['phone'];
- $job = $_POST['job'];
- $description = $_POST['description'];
- $userid = $_SESSION['id'];
- if (isset($_POST['phone2'])) {
- $phone2 = $_POST['phone2'];
- }
- if (isset($_POST['email'])) {
- $email = $_POST['email'];
- }
- if (isset($_POST['zipcode'])) {
- $zipcode = $_POST['zipcode'];
- }
- if (isset($_POST['address'])) {
- $address = $_POST['address'];
- }
- if (isset($_POST['company'])) {
- $company = $_POST['company'];
- }
- if (strlen($name) > 30 || strlen($job) > 50 || strlen($email) > 50 || strlen($phone) > 20 || strlen($phone2) > 20 || strlen($address) > 50 || strlen($description) > 500 ||
- strlen($zipcode) > 4 || strlen($company) > 50) {
- exit();
- }
- $filesTempName = $_FILES['file']['tmp_name'];
- if (count($filesTempName) > 5) {
- //header("Location: addbusiness.php?message=3");
- exit();
- }
- for ($i = 0; $i < count($filesTempName); $i++) {
- if (!empty($filesTempName[$i])) {
- $allowed_types = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
- $detectedType = exif_imagetype($filesTempName[$i]);
- if ($_FILES["file"]["size"][$i] > 2100000) {
- // header("Location: addbusiness.php?message=2");
- exit();
- break;
- }
- if (!in_array($detectedType, $allowed_types)) {
- //header("Location: addbusiness.php?message=4");
- exit();
- break;
- }
- }
- }
- $stmt->bind_param("ssssissssi", $name, $phone, $phone2, $email, $zipcode, $address, $company, $job, $description, $userid);
- $stmt->execute();
- $stmt->close();
- $cardid = $conn->insert_id;
- echo $cardid;
- $statement = $conn->prepare("INSERT INTO cardimages(image, cardid) VALUES(?, ?)");
- for ($i = 0; $i < count($filesTempName); $i++) {
- $file = $filesTempName[$i];
- if (is_uploaded_file($file) && !empty($file)) {
- $data = "uploads/" . $_FILES["file"]["name"][$i];
- move_uploaded_file($file, $data);
- $statement->bind_param("si", $data, $cardid);
- $statement->execute();
- //header("Location: addbusiness.php?message=1");
- }
- }
- $statement->close();
- }
- mysqli_close($conn);
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement