-1

i am working on page that should allow the user to add his product for sell, I did make the user add the product information, but didn't know how to allow the user to upload multiple images along with the same time when adding the product informations

here my code so you guys can get a better idea of what i want :

<form action="annonces/addAnnonce.php"method="post"id="addAnnonceForm">
                            <div class="mb-3">
                            <label class="form-label">Annonce title</label>
                            <input type="text" class="form-control"name="title">
                            </div>
                            <div class="mb-3">
                            <label class="form-label">Category</label>
                            <select class="form-select"name="category" aria-label="Default select example">
                                <option value="">cars</option>
                            </select>
                            </div>
                            
                            <div class="mb-3">
                            <label class="form-label">Phone / Contact info :</label>
                            <input type="text" class="form-control"name="phone">
                            </div>

                            <div class="mb-3">
                            <label class="form-label">location:</label>
                            <select class="form-select"name="location" aria-label="Default select example">
                                <option value="1">Khartoum</option>
                            </select>
                            </div>

                            <div class="mb-3">
                            <label class="form-label">Annonce images:</label>
                            <input type="file" class="form-control"name="images[]" multiple>
                            </div>
                            <button type="submit" class="btn btn-primary mt-2 mb-3">Add Annonce</button>

And this is the AddAnnonce.php:

function add_new_annonce($title , $category , $location , $uid ) {

    global $conn;

    if (!empty($title) && !empty($location) && !empty($uid)) {
        $n_title = mysqli_real_escape_string( $conn , strip_tags($title)); 
        $n_location = mysqli_real_escape_string( $conn , strip_tags($location)); 
        
        $publish_date =  date('d-m-y');
        $n_uid = (int)$uid;

        if ($n_uid == 0)
            return false;


        $query = "INSERT INTO annoncements(title , category ,location , publish_date , uid)
        VALUES('$n_title', '$category' , '$n_location', '$publish_date' , '$n_uid' )";
        
        $qresult = mysqli_query($conn , $query);

        if (!$qresult)
            return false;

        if ($qresult)
            return true;

    }
   }



    if ($_SERVER['REQUEST_METHOD']  == 'POST') {
            $title= $_POST['title'];
            $phone = $_POST['phone']; 
            $location = $_POST['location'];

            if (!empty($_POST['title']) && !empty($_POST['phone']) && !empty($_POST['location'])) {
                $result = add_new_annonce( "$title","$phone" ,"$location" , $_SESSION['user_info']->user_id );

            if ($result) {
                echo "success";
            }
            if (!$result) {
                echo "something is wrong";
            }

        }
    
}

i do know that i have to create another table annoncements_images and so, but i couldn't find a way how to insert multpile images with multiple images and the annonce_id at that table, how can i get the annonce_id and insert it to the annoncements_images? this is really confusing to me. Please help, and if that wasn't clear please let me know so i can explain more.

brombeer
  • 8,716
  • 5
  • 21
  • 27
Djaber
  • 5
  • 2
  • 1
    Does this answer your question? [mysqli last insert id](https://stackoverflow.com/questions/19738283/mysqli-last-insert-id) – ADyson Aug 07 '22 at 19:46
  • nope, it returned syntax error, unexpected '->' , i am using mysql not prepared and bind statments , also not PDO – Djaber Aug 07 '22 at 21:32
  • The answers in that link are about mysqli, not PDO. You can use procedural syntax if you prefer rather than OO, it doesn't matter (examples of both styles are given in the documentation linked from the most-upvoted answer). You asked how to get the announce ID that you've just created and use it in another insert into another table. The answer is to use the mysqli_insert_id function, as shown in that link. P.S. `->` doesn't produce a syntax error _if you use it correctly_. – ADyson Aug 07 '22 at 22:11
  • `not prepared and bind statments`...well you should **always** be using those whenever your query involves including variables from PHP into it. That's basic security and reliability stuff you should be doing from day one. But anyway it's irrelevant again - whether you use them or not doesn't affect your ability to use the mysqli_insert_id function. And also, most of the examples in that link don't use prepared statements either (because they don't involve variables) so I don't know why you decided to object on that basis - it's very clearly shown that you can use the insert_id without them. – ADyson Aug 07 '22 at 22:13
  • All you have to write in your code is `$qresult = mysqli_query($conn , $query); $last_id = mysqli_insert_id($conn);` and you're done. Did you even try? – ADyson Aug 07 '22 at 22:16
  • Or the object-oriented way would be `$qresult = $conn->query($query); $last_id = $conn->insert_id();`. I'm not really sure what you could have done wrong to get the syntax error you mentioned. – ADyson Aug 07 '22 at 22:17
  • **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. mysqli_real_escape_string does not protect against all types of attack. – ADyson Aug 07 '22 at 22:24
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson Aug 07 '22 at 22:24
  • Yeah it worked, it gives me now the id of the last inserted annonce... but i am facing another a problem with uploading images, i am trying to get a solution for it. – Djaber Aug 08 '22 at 02:51
  • OK good. Ask a new question if you have a new problem. – ADyson Aug 08 '22 at 06:42

1 Answers1

1
<form method="POST" action="" enctype="multipart/form-data">

use multipart/form-data for uploading multiple files

Ivan Irvine
  • 9
  • 2
  • did this work?? lemme know and I can guide you through it all – Ivan Irvine Aug 07 '22 at 20:19
  • It's true this would be necessary, but the question isn't about this aspect of the situation. – ADyson Aug 07 '22 at 21:13
  • yeah but this is very obvious i've used this but the problem is how to make the user add the product and also add the images with the same page – Djaber Aug 07 '22 at 21:33