-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmovie-save.php
84 lines (79 loc) · 2.28 KB
/
movie-save.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?php
session_start();
// Authentication
if (!isset($_SESSION['user']['id'])) {
header("Location: login.php");
exit;
}
require_once "inc/db-connection.php";
define ("MAX_SIZE","30000000");
$movie_image = upload_picture();
if ( ! $movie_image) {
header("Location: create-movie.php");
exit();
}
// Movie
$query = "INSERT INTO movies (
title, description, image, year, genre_id, director_id)
VALUES (?,?,?,?,?,?)";
$prep = $db_conn->prepare($query);
$params = [
$_POST['title'], $_POST['description'], $movie_image,
$_POST['year'], $_POST['genre_id'], $_POST['director_id']
];
if ($prep->execute($params)) {
// Movie_actors
$movie_id = $db_conn->lastInsertId();
$qms = '';
foreach ($_POST['actors'] as $actor) {
$qms .= '('. $movie_id. ',?),';
}
$qms = trim($qms, ',');
$act_query = "INSERT INTO movies_actors (
movie_id, actor_id) VALUES ". $qms;
$act_prep = $db_conn->prepare($act_query);
$act_params = $_POST['actors'];
if ($act_prep->execute($act_params)) {
$_SESSION['msg'] = 'Movie saved.';
header("Location: create-movie.php");
}
} else {
$_SESSION['err'] = 'Database error.';
header("Location: create-movie.php");
}
// Upload image file
function upload_picture() {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$image = $_FILES['image']['name'];
$uploadedfile = $_FILES['image']['tmp_name'];
if ($image) {
// Filename extension
$filename = stripslashes($_FILES['image']['name']);
$extension = pathinfo($filename)['extension'];
$extension = strtolower($extension);
if (($extension != 'jpg') &&
($extension != 'jpeg') &&
($extension != 'png') &&
($extension != 'gif')
) {
$_SESSION['err'] = 'Unknown Image extension.';
return false;
}
// File size
$size=filesize($_FILES['image']['tmp_name']);
if ($size > MAX_SIZE * 1024) {
$_SESSION['err'] = 'You have exceeded the image size limit!';
return false;
}
// OK
$uploadedfile = $_FILES['image']['tmp_name'];
$filename = "uploaded-img/". $_FILES['image']['name'];
move_uploaded_file($uploadedfile, $filename);
return $filename;
}
$_SESSION['err'] = 'No image selected.';
return false;
}
$_SESSION['err'] = 'Upload error.';
return false;
}