GameMerchandise/add.php at main · NickMous/GameMerchandise · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php

// add a product to the database and product catalog.

require "connect.php";

if (str_contains($_POST["prijs"], ",")) {
    header("Location: errors.php?error=wrongprice");
} else {
    $target_dir = "media/itemimg/";
    $target_file = $target_dir . basename($_FILES["foto"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

    // Check if image file is a actual image or fake image
    $check = getimagesize($_FILES["foto"]["tmp_name"]);
    if ($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        header("Location: errors.php?error=noimg");
        $uploadOk = 0;
    }

    // Check if file already exists
    while (file_exists($target_file)) {
        echo "Sorry, file already exists.";
        $_FILES["foto"]["name"] = 0 . $_FILES["foto"]["name"];
        $target_file = $target_dir . basename($_FILES["foto"]["name"]);
    }

    // Check file size
    if ($_FILES["foto"]["size"] > 500000) {
        echo "Sorry, your file is too large.";
        header("Location: errors.php?error=toolarge");
        $uploadOk = 0;
    }

    // Allow certain file formats
    if (
        $imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
        && $imageFileType != "gif"
    ) {
        echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
        header("Location: errors.php?error=notsupported");
        $uploadOk = 0;
    }

    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.";
        // if everything is ok, try to upload file
    } else {
        if (move_uploaded_file($_FILES["foto"]["tmp_name"], $target_file)) {
            echo "The file " . htmlspecialchars(basename($_FILES["foto"]["name"])) . " has been uploaded.";
        } else {
            echo "Sorry, there was an error uploading your file.";
        }
    }

    $sql = "INSERT INTO gamemerch(naam, game, prijs, voorraad, beschrijving, foto) VALUES (?, ?, ?, ?, ?, ?)";
    $insert = $pdo->prepare($sql);
    $insert->execute([$_POST["itemnaam"], $_POST["game"], $_POST["prijs"], $_POST["voorraad"], $_POST["beschrijving"], $_FILES["foto"]["name"]]);
    header("Location: productlist.php");
}