|
Server IP : 162.214.80.37 / Your IP : 216.73.216.83 Web Server : Apache System : Linux sh013.webhostingservices.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : imyrqtmy ( 2189) PHP Version : 8.2.18 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0750) : /home2/imyrqtmy/public_html/thesmarthands/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
include("inc/config.php");
if(isset($_POST['add_emp'])){
$femp_name = $_POST['femp_name'];
$lemp_name = $_POST['lemp_name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$erh = $_POST['erh'];
$trvl_rate = $_POST['trvl_rate'];
$mileage = $_POST['mileage'];
$onbh_rate = $_POST['onbh_rate'];
$photo = $_FILES['photo']['name'];
// Sanitize input data (for example, you can use mysqli_real_escape_string)
$femp_name = mysqli_real_escape_string($conn, $femp_name);
$lemp_name = mysqli_real_escape_string($conn, $lemp_name);
$email = mysqli_real_escape_string($conn, $email);
$phone = mysqli_real_escape_string($conn, $phone);
$erh = mysqli_real_escape_string($conn, $erh);
$trvl_rate = mysqli_real_escape_string($conn, $trvl_rate);
$mileage = mysqli_real_escape_string($conn, $mileage);
$onbh_rate = mysqli_real_escape_string($conn, $onbh_rate);
$photo = mysqli_real_escape_string($conn, $photo);
// Construct the SQL query with sanitized input data
$query = "INSERT INTO `employees` (`femp_name`, `lemp_name`, `email`, `phone`, `erh`, `trvl_rate`, `mileage`, `onbh_rate`, `photo`) VALUES ('$femp_name', '$lemp_name', '$email', '$phone', '$erh', '$trvl_rate', '$mileage', '$onbh_rate', '$photo')";
$query_run = mysqli_query($conn, $query);
if($query_run){
move_uploaded_file($_FILES["photo"]["tmp_name"], "employee/".$_FILES["photo"]["name"]);
$_SESSION['status'] = "Data Uploaded Successfully";
header('Location: view-emp.php');
exit;
} else {
$_SESSION['status'] = "Data Not Uploaded Successfully";
header('Location: view-emp.php');
exit;
}
}
// update
if(isset($_POST['update_emp'])){
$id = $_POST['id'];
$femp_name = $_POST['femp_name'];
$lemp_name = $_POST['lemp_name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$erh = $_POST['erh'];
$trvl_rate = $_POST['trvl_rate'];
$mileage = $_POST['mileage'];
$travel_amount = $_POST['travel_amount'];
$onbh_rate = $_POST['onbh_rate'];
$old_photo = $_POST['image_old'];
$femp_name = mysqli_real_escape_string($conn, $femp_name);
$lemp_name = mysqli_real_escape_string($conn, $lemp_name);
$email = mysqli_real_escape_string($conn, $email);
$phone = mysqli_real_escape_string($conn, $phone);
$erh = mysqli_real_escape_string($conn, $erh);
$trvl_rate = mysqli_real_escape_string($conn, $trvl_rate);
$mileage = mysqli_real_escape_string($conn, $mileage);
$travel_amount = mysqli_real_escape_string($conn, $travel_amount);
$onbh_rate = mysqli_real_escape_string($conn, $onbh_rate);
$old_photo = mysqli_real_escape_string($conn, $old_photo);
$update_photo_filename = $_FILES["photo"]["name"] ? $_FILES["photo"]["name"] : $old_photo;
$allowed_image_extensions = array('gif','png','jpg','jpeg','webp','WEBP');
$photo_file_extension = pathinfo($update_photo_filename, PATHINFO_EXTENSION);
if(!in_array($photo_file_extension, $allowed_image_extensions)){
$_SESSION['status'] = "The image file is not allowed. Please upload an image.";
header("Location: edit-event.php?id=$id");
exit;
}
// Update the department information in the database
$query = "UPDATE employees SET femp_name='$femp_name', lemp_name='$lemp_name', email='$email', phone='$phone', erh='$erh', trvl_rate='$trvl_rate', mileage='$mileage', onbh_rate='$onbh_rate' , photo='$update_photo_filename' WHERE id ='$id' ";
$query_run = mysqli_query($conn, $query);
if($query_run){
if($_FILES["photo"]["name"] !='' && $_FILES["photo"]["name"] != $old_photo){
move_uploaded_file($_FILES["photo"]["tmp_name"], "employee/".$_FILES["photo"]["name"]);
unlink("employee/". $old_photo);
}
$_SESSION['status'] = "Updated Successfully";
header('Location: view-emp.php');
} else {
$_SESSION['status'] = "Not Updated Successfully";
header('Location: view-emp.php');
}
}
// delete
if(isset($_POST['delete_emp'])){
$id = $_POST['delete_id'];
$photo = $_POST['del_emp'];
$query = "DELETE FROM employees WHERE id = '$id'";
$query_run = mysqli_query($conn, $query);
if($query_run){
if(unlink("employee/".$photo)) {
$_SESSION['status'] = "Deleted Successfully";
header('Location: view-emp.php');
} else {
$_SESSION['status'] = "Error deleting files";
header('Location: view-emp.php');
}
} else {
$_SESSION['status'] = "Not Deleted Successfully";
header('Location: view-emp.php');
}
}
?>