stop database query executing when upload fails

week-13/views/add-record.php

@@ -71,6 +71,14 @@ $content .= $form_html;
 
 // ------- START form processing code... -------
 
+// define a function to sanitise user input (this would ideally be in includes folder)
+// helps protect against XSS
+function clean_input($data) {
+  $data = trim($data); // strips unnecessary characters from beginning/end
+  $data = stripslashes($data); // remove backslashes
+  $data = htmlspecialchars($data); // replace special characters with HTML entities
+  return $data;
+}
 
 // define variables and set to empty values
 $title = $artist_id = $price = $year = $genre = $stock = "";
@@ -94,7 +102,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 	// Check if image file is a actual image or fake image
 	    $check = getimagesize($_FILES["image"]["tmp_name"]);
 	    if($check !== false) {
-	//	echo "File is an image - " . $check["mime"] . ".";
 		$uploadOk = 1;
 	    } else {
 		echo "File is not an image.";
@@ -133,12 +140,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 	} else {
 	    if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
 		echo "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.";
-	    } else {
-		echo "Sorry, there was an error uploading your file.";
-	    }
-	}
-	// end of image upload
-	
+
+
 	// turn autocommit off
 	mysqli_autocommit($link, FALSE);
 
@@ -159,9 +162,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 		mysqli_rollback($link); // if so, rollback transaction
 	} else {
 		mysqli_commit($link); // else, commit transaction
-		$content .= "Record successfully added to database.";
+//		$content .= "Record successfully added to database.";
 	}
 
+
+	    } else {
+		echo "Sorry, there was an error uploading your file.";
+	    }
+	}
+	// end of image upload
+	
 	
 
     }