Commit e3f97536 authored by danmcquillan's avatar danmcquillan
Browse files

stop database query executing when upload fails

parent 13b2619b
......@@ -71,6 +71,14 @@ $content .= $form_html;
// ------- START form processing code... -------
// define a function to sanitise user input (this would ideally be in includes folder)
// helps protect against XSS
function clean_input($data) {
$data = trim($data); // strips unnecessary characters from beginning/end
$data = stripslashes($data); // remove backslashes
$data = htmlspecialchars($data); // replace special characters with HTML entities
return $data;
}
// define variables and set to empty values
$title = $artist_id = $price = $year = $genre = $stock = "";
......@@ -94,7 +102,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Check if image file is a actual image or fake image
$check = getimagesize($_FILES["image"]["tmp_name"]);
if($check !== false) {
// echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
......@@ -133,12 +140,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
} else {
if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
// end of image upload
// turn autocommit off
mysqli_autocommit($link, FALSE);
......@@ -159,9 +162,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
mysqli_rollback($link); // if so, rollback transaction
} else {
mysqli_commit($link); // else, commit transaction
$content .= "Record successfully added to database.";
// $content .= "Record successfully added to database.";
}
} else {
echo "Sorry, there was an error uploading your file.";
}
}
// end of image upload
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment