-
Notifications
You must be signed in to change notification settings - Fork 7
/
addproduct.php
66 lines (56 loc) · 1.51 KB
/
addproduct.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
include "config/config.php";
if(isset($_POST["name"]))
{
if(isset($_FILES['file']))
{
$file = $_FILES['file'];
$file_name = $file['name'];
$file_tmp = $file['tmp_name'];
$file_size = $file['size'];
}
else
{
$file = "";
}
$file_ext = explode('.', $file_name);
$file_ext = strtolower(end($file_ext));
$allowed = array('jpg', 'png', 'gif');
$file_is_good = false;
if(in_array($file_ext, $allowed))
{
if($file_size <= $MAX_SIZE)
{
$file_name_new = uniqid('', true . '.' . $file_ext);
$file_destination = 'uploads/images/' . $file_name_new. '.' . $file_ext;
if(move_uploaded_file($file_tmp, $file_destination))
{
$file_is_good = true;
}
}
}
$userInfo = $db->Execute("SELECT * FROM `accounts` WHERE username=?", Escape($_SESSION['username']));
foreach($userInfo as $info)
{
$Id = $info->id;
}
$userInfo->Close();
$name = Escape($_POST["name"]);
$desc = nl2br(Escape($_POST["desc"]));
$price = Escape($_POST["price"]);
$tags = Escape($_POST["tags"]);
$city = Escape($_POST["city"]);
$category = Escape($_POST["category"]);
if($file_is_good)
$file_url = $file_destination;
else
$file_url = "img/product.png";
$db->Execute("INSERT INTO `product`(`name`, `description`, `price`, `owner`, `tags`, `city`, `img`, `category`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
$name, $desc, $price, $Id, $tags, $city, $file_url, $category);
Redirect("products.php?my=1");
}
else
{
Redirect("products.php");
}
?>