I am having an issue trying to get a php script to work for my website where I can add new items to my online store.
The code snippet I am having issues with is this:
$error = '';
$success = '';
if(isset($_POST['submit']))
{
define("MAX_SIZE", "4096");
$errors=0;
$name = $_POST['name'];
$price = $_POST['price'];
$desc = filter_var($_POST['desc'], FILTER_SANITIZE_STRING);
$image = $_FILES['image']['name'];
$uploadedfile = $_FILES['image']['tmp_name'];
if($image)
{
$filename = stripslashes($_FILES['image']['name']);
$extension = getExtension($filename);
$extension = strtolower($extension);
if(($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
$error .= 'The file must be one of the following file types(jpg|jpeg|png|gif)
';
$errors=1;
}
else
{
$size=filesize($_FILES['image']['tmp_name']);
if($size > MAX_SIZE*1024)
{
$error .= 'The file cannot exceed 4MB in size.
';
$errors=1;
}
if($extension=="jpg" || $extension=="jpeg")
{
$uploadedfile = $_FILES['image']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);
}
else if($extension=="png")
{
$uploadedfile = $_FILES['image']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);
}
else
{
$src = imagecreatefromgif($uploadedfile);
}
list($width,$height)=getimagesize($uploadedfile);
$newwidth=128;
$newheight=128;
$tmp=imagecreatetruecolor($newwidth,$newheight);
imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);
$filename = "../store/images/" . $_FILES['image']['name'];
imagejpeg($tmp,$filename,100);
$fname = $_FILES['image']['name'];
imagedestroy($src);
imagedestroy($tmp);
}
}
if($name == '')
{
$error .= 'You must enter a name for the product.
';
}
if(!preg_match('/^[a-zA-Z\s]+$/', $name))
{
$error .= 'The product name can only contain letters and spaces.
';
}
if($_POST['type'] == 'KIT')
{
$type = 'KIT';
}
else if($_POST['type'] == 'VIP')
{
$type = 'VIP';
}
else if($_POST['type'] == 'OTHER')
{
$type = 'OTHER';
}
else
{
$error .= 'You must select a valid type for the product.
';
}
if($price == '')
{
$error .= 'You must enter a price for the product.
';
}
if(!preg_match('/^\d+(:?[.]\d{2})$/', $price))
{
$error .= 'You must enter a valid price for the product.
';
}
if($desc == '')
{
$error .= 'You must enter a description for the product.
';
}
$stmt = $db->prepare("SELECT * FROM products WHERE name = ?");
if($stmt)
{
$stmt->bind_param('s',$name);
$stmt->execute();
if($stmt->num_rows > 0)
{
$error .= 'This product already exists. Please choose a different name.
';
}
}
else
{
$error .= 'An error occurred at line 135. Please contact the site administrator.
';
}
if(empty($error) && !$errors)
{
$stmt = $db->prepare("INSERT INTO products (name, image, price, prod_desc, type) VALUES ( ?, ?, ?, ?, ? )");
if($stmt)
{
$stmt->bind_param('sssss', $name, $fname, $price, $desc, $type);
if($stmt->execute())
{
$success .= 'Product added successfully.
';
}
else
{
$error .= 'An error occured at line 158. Please contact the site administrator.
';
}
}
else
{
$error .= 'An error occured at line 154. Please contact the site administrator.
';
}
}
}
the section I am having an issue with is the if($stmt) block right after the if(empty($error) && !&errors) statement.
According to every syntax checker I've used for both the PHP itself, and the MySQL insert query, they all report no errors. But it keeps spitting out the error for line 154, and I can't figure out why. I've already verified the variables are being stored properly from the form by echoing them out, and I have also verified that the columns of the mysql table do exist, and are spelled correctly.
This is starting to drive me nuts, and when I tried to echo out the mysql error using $stmt->error or $db->error it came back blank, with no error whatsoever listed.
The only result I ever got was when I did mysqli_errno($db) which returned a 0.
Anyone know what is wrong with this code, or why it isn't working?
HTML Markup for the form:
No comments:
Post a Comment