<?php session_start(); include_once('../../db/saucerer.php'); if(isset($_POST['submit'])){ $code = mysqli_real_escape_string($mysqli, $_POST['code']); $author = mysqli_real_escape_string($mysqli, $_POST['author']); $title = mysqli_real_escape_string($mysqli, $_POST['title']); $cat = mysqli_real_escape_string($mysqli, $_POST['cat']); $sub = mysqli_real_escape_string($mysqli, $_POST['sub']); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $phone = mysqli_real_escape_string($mysqli, $_POST['phone']); $address = mysqli_real_escape_string($mysqli, $_POST['address']); $district = mysqli_real_escape_string($mysqli, $_POST['district']); $country = mysqli_real_escape_string($mysqli, $_POST['country']); $reg_no = mysqli_real_escape_string($mysqli, $_POST['reg_no']); $hr_open = mysqli_real_escape_string($mysqli, $_POST['hr_open']); $hr_close = mysqli_real_escape_string($mysqli, $_POST['hr_close']); $services = mysqli_real_escape_string($mysqli, $_POST['services']); $paragraph1 = mysqli_real_escape_string($mysqli, $_POST['paragraph1']); $phone1 = mysqli_real_escape_string($mysqli, $_POST['phone1']); $phone2 = mysqli_real_escape_string($mysqli, $_POST['phone2']); $g_maps = mysqli_real_escape_string($mysqli, $_POST['g_maps']); $facebook = mysqli_real_escape_string($mysqli, $_POST['facebook']); $instagram = mysqli_real_escape_string($mysqli, $_POST['instagram']); $twitter = mysqli_real_escape_string($mysqli, $_POST['twitter']); $youtube = mysqli_real_escape_string($mysqli, $_POST['youtube']); $website = mysqli_real_escape_string($mysqli, $_POST['website']); $summ1 = mysqli_real_escape_string($mysqli, $_POST['summ1']); $summ2 = mysqli_real_escape_string($mysqli, $_POST['summ2']); $summ3 = mysqli_real_escape_string($mysqli, $_POST['summ3']); $summ4 = mysqli_real_escape_string($mysqli, $_POST['summ4']); $summ5 = mysqli_real_escape_string($mysqli, $_POST['summ5']); $summ6 = mysqli_real_escape_string($mysqli, $_POST['summ6']); $a="'"; $b=""; $title1 = str_replace($a, $b, strtolower($title)); $x=" "; $y="-"; $url = str_replace($x, $y, $title1); if ($_FILES['image']['name']=='') { $image = ""; } else { $ext = substr($_FILES['image']['name'], strrpos($_FILES['image']['name'], '.')+1); $image = $code.'.'.$ext; if(is_file('../images/'. $image)) unlink('../images/'. $image); move_uploaded_file($_FILES['image']['tmp_name'],'../images/'. $image); } if ($_FILES['image1']['name']=='') { $image1 = ""; } else { $ext1 = substr($_FILES['image1']['name'], strrpos($_FILES['image1']['name'], '.')+1); $image1 = $code.'_1.'.$ext1; if(is_file('../images/'. $image1)) unlink('../images/'. $image1); move_uploaded_file($_FILES['image1']['tmp_name'],'../images/'. $image1); } if ($_FILES['image2']['name']=='') { $image2 = ""; } else { $ext2 = substr($_FILES['image2']['name'], strrpos($_FILES['image2']['name'], '.')+1); $image2 = $code.'_2.'.$ext2; if(is_file('../images/'. $image2)) unlink('../images/'. $image2); move_uploaded_file($_FILES['image2']['tmp_name'],'../images/'. $image2); } if ($_FILES['image3']['name']=='') { $image3 = ""; } else { $ext3 = substr($_FILES['image3']['name'], strrpos($_FILES['image3']['name'], '.')+1); $image3 = $code.'_3.'.$ext3; if(is_file('../images/'. $image3)) unlink('../images/'. $image3); move_uploaded_file($_FILES['image3']['tmp_name'],'../images/'. $image3); } if ($_FILES['image4']['name']=='') { $image4 = ""; } else { $ext4 = substr($_FILES['image4']['name'], strrpos($_FILES['image4']['name'], '.')+1); $image4 = $code.'_4.'.$ext4; if(is_file('../images/'. $image4)) unlink('../images/'. $image4); move_uploaded_file($_FILES['image4']['tmp_name'],'../images/'. $image4); } if ($_FILES['image5']['name']=='') { $image5 = ""; } else { $ext5 = substr($_FILES['image5']['name'], strrpos($_FILES['image5']['name'], '.')+1); $image5 = $code.'_5.'.$ext5; if(is_file('../images/'. $image5)) unlink('../images/'. $image5); move_uploaded_file($_FILES['image5']['tmp_name'],'../images/'. $image5); } if ($_FILES['image6']['name']=='') { $image6 = ""; } else { $ext6 = substr($_FILES['image6']['name'], strrpos($_FILES['image6']['name'], '.')+1); $image6 = $code.'_6.'.$ext6; if(is_file('../images/'. $image6)) unlink('../images/'. $image6); move_uploaded_file($_FILES['image6']['tmp_name'],'../images/'. $image6); } $sql = "INSERT INTO listings (code, author, title, cat, sub, email, phone, address, district, country, reg_no, hr_open, hr_close, services, paragraph1, phone1, phone2, g_maps, facebook, instagram, twitter, youtube, website, image, image1, image2, image3, image4, image5, image6, summ1, summ2, summ3, summ4, summ5, summ6, url) VALUES ('$code', '$author', '$title', '$cat', '$sub', '$email', '$phone', '$address', '$district', '$country', '$reg_no', '$hr_open', '$hr_close', '$services', '$paragraph1', '$phone1', '$phone2', '$g_maps', '$facebook', '$instagram', '$twitter', '$youtube', '$website', '$image', '$image1', '$image2', '$image3', '$image4', '$image5', '$image6', '$summ1', '$summ2', '$summ3', '$summ4', '$summ5', '$summ6', '$url')"; //use for MySQLi OOP if(mysqli_query($mysqli, $sql)){ $_SESSION['success'] = ''.$title.' added successfully'; } else{ $_SESSION['error'] = 'Something went wrong while adding '.$title.'!'; } } header('location: ../'); ?>