I am developing a website and everything works fine until I started adding small add-ons so that it works EXACTLY the way I wanted it to work.
This is a script for a website that uploads a title, description, personβs name, image, email address and password for the ad they post on the Internet. However, he no longer wants to correctly indicate the image, and he sends the letter twice, once in the instance where the image can be, and he instantly does it in the instance where someone cannot load the image, but he reads it as if he is doing the same because there is an error loading the file.
Btw is the first PHP script I've ever created, so it may seem mashy, as I would mix it with different things that I found on the Internet :)
ps the page where the magic happens - www.afterswap.com/give.php
pps I have a global configuration file that sets all the information about connecting to the database, etc., so it is not here.
<?PHP include("inc/header.php"); foreach ($_POST as $key => $val) $_POST[$key] = mysqli_real_escape_string($con, $val); $back = "<a href='give.php'>Click Here To Go Back And Try Again</a>"; if (isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) { $title = mysqli_real_escape_string($title123); $title123 = mysqli_real_escape_string($_POST['title']); $description = mysqli_real_escape_string($description123); $description123 = mysqli_real_escape_string($_POST['description']); $Sell_by = $_POST['Sell_by']; $name = mysqli_real_escape_string($name123); $name123 = mysqli_real_escape_string($_POST['name']); $email = $_POST['email']; $password = $_POST['password']; $imagename = basename($_FILES['userfile']['name']); $uploadedfile = $_FILES['userfile']['tmp_name']; if (empty($imagename)) { $error = 1; echo "<h2 class='error'>The name of the image was not found.</h2>" . $back; } if ($error != 1 && $noimg != 1) { $filename = stripslashes($_FILES['userfile']['name']); $extension = substr(strrchr($filename, '.'), 1); $extension = strtolower($extension); } if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { echo '<h2 class="error">Error. Images Must Be Jpg, Gif, or Png Format! Please Go Back And Try Another Image.</h2>' . $back . ''; $errors = 1; } else { $time = time(); $newimage = "/photos/" . $time . $imagename; $result = move_uploaded_file($_FILES['userfile']['tmp_name'], $newimage); if (empty($result)) { $error = 1; echo "<h2 class='error'>There was an error uploading your image.</h2><br/>" . $back . ""; } $date = date("Y/m/d H:i:s"); $query = "INSERT INTO classifieds (adid, title, description, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$Sell_by', '$name123', '$email', '$password', '$newimage', '$date', '0', '0')"; mysqli_query($query) or die(mysqli_error()); $pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1"; $query2 = mysqli_query($pullback) or die(mysqli_error()); while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) { $newid = $row['adid']; $pass = $row['pass']; } $url = "http://"; $url .= getenv("HTTP_HOST"); $Name = "AfterSwap"; $emailf = " noreply@afterswap.com "; $recipient = $email; $mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team"; $subject = "AfterSwap Ad Details"; $headers = "From: " . $Name . " <" . $emailf . ">\r\n"; $headers .= "Content-type: text/html\r\n"; mail($recipient, $subject, $mail_body, $headers); echo "<div align='justify'><div class='success'>Your listing '" . $name123 . "' Has Been Submitted Successfully! <br/><br/>Please take note: Your listing will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>"; } } elseif (isset($_POST['upload'])) { $title = mysqli_real_escape_string($title123); $title123 = mysqli_real_escape_string($_POST['title']); $description = mysqli_real_escape_string($description123); $description123 = mysqli_real_escape_string($_POST['description']); $Sell_by = $_POST['Sell_by']; $name = mysqli_real_escape_string($name123); $name123 = mysqli_real_escape_string($_POST['name']); $email = $_POST['email']; $password = $_POST['password']; $date = date("Y/m/d H:i:s"); $query = "INSERT INTO classifieds (adid, title, description, cat, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$category', '$Sell_by', '$name123', '$email', '$password', 'images/noimage.jpg', '$date', '0', '0')"; mysqli_query($query) or die(mysqli_error()); $pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1"; $query2 = mysqli_query($pullback) or die(mysqli_error()); while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) { $newid = $row['adid']; $pass = $row['pass']; } $url = "http://"; $url .= getenv("HTTP_HOST"); $Name = "AfterSwap"; $emailf = " noreply@afterswap.com "; $recipient = $email; $mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team"; $subject = "AfterSwap Ad Details"; $headers = "From: " . $Name . " <" . $emailf . ">\r\n"; $headers .= "Content-type: text/html\r\n"; mail($recipient, $subject, $mail_body, $headers); echo "<div align='justify'><div class='success'>Thank you " . $name123 . ", your listing has been submitted successfully! <br/><br/>Please take note: Your isting will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>"; } else { ?> /* HTML Form here */ <?PHP } ?>