/
/
home
/
u523034047
/
domains
/
nainitalfloweritech.com
/
public_html
/
admin
Server: in-mum-web1112.main-hosting.eu (62.72.28.111)
You: 216.73.216.89
PHP 8.3.16
Dir:
/home/u523034047/domains/nainitalfloweritech.com/public_html/admin
Edit:
/home/u523034047/domains/nainitalfloweritech.com/public_html/admin/insert-product.php
<?php session_start(); include('include/config.php'); include('include/admin-menu.php'); if (empty($_SESSION['alogin'])) { header('Location: index.php'); exit(); } if (isset($_POST['submit'])) { // ===== Sanitize Numbers ===== $category = intval($_POST['category']); $subcategory = intval($_POST['subcategory']); $price = intval($_POST['productprice']); $pricebd = intval($_POST['productpricebd']); $shipping = intval($_POST['productShippingcharge']); // ===== Image Validation FIRST ===== $allowed = ['jpg','jpeg','png','webp']; $ext1 = strtolower(pathinfo($_FILES['productimage1']['name'], PATHINFO_EXTENSION)); $ext2 = strtolower(pathinfo($_FILES['productimage2']['name'], PATHINFO_EXTENSION)); $ext3 = strtolower(pathinfo($_FILES['productimage3']['name'], PATHINFO_EXTENSION)); if (!in_array($ext1,$allowed) || !in_array($ext2,$allowed)) { $_SESSION['msg'] = "Only JPG, PNG, WEBP allowed!"; header("Location: insert-product.php"); exit(); } // ===== Better Image Naming ===== $image1 = time().'_1.'.$ext1; $image2 = time().'_2.'.$ext2; $image3 = !empty($ext3) ? time().'_3.'.$ext3 : ''; // ===== Prepare Statement ===== $stmt = $con->prepare(" INSERT INTO products (category, subCategory, productName, productCompany, productPrice, productPriceBeforeDiscount, productDescription, shippingCharge, productAvailability, productImage1, productImage2, productImage3) VALUES (?,?,?,?,?,?,?,?,?,?,?,?) "); $stmt->bind_param( "iissiisissss", $category, $subcategory, $_POST['productName'], $_POST['productCompany'], $price, $pricebd, $_POST['productDescription'], $shipping, $_POST['productAvailability'], $image1, $image2, $image3 ); if ($stmt->execute()) { $productid = $stmt->insert_id; $dir = "productimages/$productid"; if (!is_dir($dir)) { mkdir($dir, 0777, true); } move_uploaded_file($_FILES['productimage1']['tmp_name'], "$dir/$image1"); move_uploaded_file($_FILES['productimage2']['tmp_name'], "$dir/$image2"); if(!empty($image3)){ move_uploaded_file($_FILES['productimage3']['tmp_name'], "$dir/$image3"); } $_SESSION['msg'] = "Product inserted successfully!"; } else { $_SESSION['msg'] = "Insert failed!"; } header("Location: insert-product.php"); exit(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Insert Product | Admin</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <script src="https://cdn.ckeditor.com/ckeditor5/39.0.1/classic/ckeditor.js"></script> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet"> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css" rel="stylesheet"> <style> body{ background:linear-gradient(135deg,#667eea,#764ba2); min-height:100vh; font-family:'Segoe UI',sans-serif; } .card-box{ background:#fff; border-radius:12px; box-shadow:0 15px 40px rgba(0,0,0,.2); padding:25px; } .form-control, .form-select{ height:45px; } </style> </head> <body> <div class="container py-5"> <div class="card-box"> <h4 class="mb-3"> <i class="fa fa-plus-circle"></i> Insert Product </h4> <?php if(!empty($_SESSION['msg'])){ ?> <div class="alert alert-success text-center"> <?php echo $_SESSION['msg']; $_SESSION['msg']=""; ?> </div> <?php } ?> <form method="post" enctype="multipart/form-data"> <div class="row g-3"> <div class="col-md-6"> <label>Category</label> <select name="category" class="form-select" onchange="getSubcat(this.value)" required> <option value="">Select Category</option> <?php $q=$con->query("SELECT * FROM category"); while($c=$q->fetch_assoc()){ echo "<option value='{$c['id']}'>{$c['categoryName']}</option>"; } ?> </select> </div> <div class="col-md-6"> <label>Sub Category</label> <select name="subcategory" id="subcategory" class="form-select" required></select> </div> <div class="col-md-6"> <label>Product Name</label> <input type="text" name="productName" class="form-control" required> </div> <div class="col-md-6"> <label>Company</label> <input type="text" name="productCompany" class="form-control" required> </div> <div class="col-md-6"> <label>Price Before Discount</label> <input type="number" step="0.01" name="productpricebd" class="form-control" required> </div> <div class="col-md-6"> <label>Selling Price</label> <input type="number" step="0.01" name="productprice" class="form-control" required> </div> <div class="col-md-12"> <label>Description</label> <textarea name="productDescription" id="editor"></textarea> </div> <div class="col-md-6"> <label>Shipping Charge</label> <input type="number" name="productShippingcharge" class="form-control" required> </div> <div class="col-md-6"> <label>Availability</label> <select name="productAvailability" class="form-select" required> <option value="">Select</option> <option>In Stock</option> <option>Out of Stock</option> </select> </div> <div class="col-md-4"> <label>Image 1</label> <input type="file" name="productimage1" class="form-control" required> </div> <div class="col-md-4"> <label>Image 2</label> <input type="file" name="productimage2" class="form-control" required> </div> <div class="col-md-4"> <label>Image 3</label> <input type="file" name="productimage3" class="form-control"> </div> </div> <hr> <button type="submit" name="submit" class="btn btn-primary w-100"> <i class="fa fa-save"></i> Insert Product </button> </form> </div> </div> <script src="https://code.jquery.com/jquery-3.7.1.min.js"></script> <script> function getSubcat(val){ $.post("get_subcat.php",{cat_id:val},function(data){ $("#subcategory").html(data); }); } </script> <script> ClassicEditor .create(document.querySelector('#editor'), { toolbar: [ 'heading', '|', 'bold', 'italic', 'link', 'bulletedList', 'numberedList', '|', 'undo', 'redo' ] }) .catch(error => { console.error(error); }); </script> </body> </html>
Ukuran: 6.5 KB