-
Notifications
You must be signed in to change notification settings - Fork 0
/
car_info_action.php
88 lines (71 loc) · 3.27 KB
/
car_info_action.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
// session_start();
require_once("cont/connection.php");
require_once("cont/header_strip.php");
$user_email = $_SESSION["u_email"];
$user_password = $_SESSION["u_password"];
$sql = "SELECT member_id FROM car_owners WHERE email='$user_email' AND password ='$user_password'";
$result = $conn->query($sql);
if (isset($_POST['submit'])){
// to see whats going on
// echo '<pre>';
// print_r($_FILES);
// print_r($_POST);
// echo '</pre>';
$file_name = $_FILES['image']['name'];
$file_type = $_FILES['image']['type'];
$file_size = $_FILES['image']['size'];
$temp_name = $_FILES['image']['tmp_name'];
$upload_to = 'image/';
$path = $upload_to.$file_name;
$file_uploaded = move_uploaded_file($temp_name, $upload_to.$file_name);
if ($result -> num_rows > 0) {
// output data of each row
while ($row = $result -> fetch_assoc()) {
$mem_id = $row['member_id'];
}
//-----------add slashes before quotes----------------
$description = addslashes($_POST["description"]);
$model = addslashes($_POST["model"]);
$brand = addslashes($_POST["brand"]);
// $sql_2 = "INSERT INTO car_info (car_member_id,brand,model,car_condition,price,description,image) VALUES($mem_id,'$_brand','$_model','$_POST[car_cond]','$_POST[price]','$_description', '$path')";
$sql_2 = "INSERT INTO car_info (car_member_id,brand,model,car_condition,price,description,image) VALUES($mem_id,'$brand','$model','$_POST[car_cond]','$_POST[price]','$description', '$path')";
if ($conn->query($sql_2) === TRUE) {
echo "<div class=\"form\"><div class=\"title\">Information added successfully.</div>";
echo "
<form action=\"list_to_member.php\" method=\"GET\">
<input class=\"submit ic1\" type=\"submit\" value=\"View List\">
</form>";
echo "</div>";
// echo "Car record added successfully!";
} else {
echo "<div class=\"form\"><div class=\"title\">Invalid Input, Try again.</div>";
echo "
<div class=\"subtitle\">Make sure you don't have any quotation marks inserted.</div>
<form action=\"car_info.php\" method=\"GET\">
<input class=\"submit ic1\" type=\"submit\" value=\"Go Back\">
</form>";
echo "</div>";
// echo "Error adding Car: " . $sql . "<br>" . $conn->error;
}
} else {
echo "<div class=\"form\"><div class=\"title\">Error with user info, Try Login in again.</div>";
echo "
<form action=\"login_test.php\" method=\"GET\">
<input class=\"submit ic1\" type=\"submit\" value=\"Login\">
</form>";
echo "</div>";
// echo "Error getting member_ID";
}
} else {
echo "<div class=\"form\"><div class=\"title\">Invalid form, Try again.</div>";
echo "
<form action=\"car_info.php\" method=\"GET\">
<input class=\"submit ic1\" type=\"submit\" value=\"Try Again\">
</form>";
echo "</div>";
// echo "incomplete form";
}
require_once("cont/footer.php");
$conn->close();
?>