gary_wms/wms/equipment-record-submit.php

<?php
$category= "";
$equipment_id= "";
$equipment_name= "";
$brand= "";
$spec= "";
$count_type= "";
$inventory= "";
$list_price= "";
$discount= "";
$final_price= "";
$creater= "";	
$create_at= "";
$fileToUpload = "";

$category_error= "";
$equipment_id_error= "";
$equipment_name_error= "";
$brand_error= "";
$spec_error= "";
$count_type_error= "";
$inventory_error= "";
$list_price_error= "";
$discount_error= "";
$final_price_error= "";
$creater_error = "";
$create_at_error = "";


if($_SERVER["REQUEST_METHOD"] == "POST"){
    include "equipment-user-input.php";

    $file_name      = $_FILES["fileToUpload"]["name"];
    $temp_file_name = $_FILES["fileToUpload"]["tmp_name"];
    $file_size      = $_FILES["fileToUpload"]["size"];
    $target_dir     = "equipment-uploads/";
    $target_file    = strtolower($target_dir . basename($file_name));
    $upload_ok      = 1;
    $img_file_type  = pathinfo($target_file, PATHINFO_EXTENSION);

    #$db_query = "INSERT INTO equipment(equipment_id, equipment_name, brand,spec, count_type,inventory,list_price,discount,final_price,picture,creater, create_at) VALUES ('$equipment_id', '$equipment_name', '$brand','$spec', '$count_type','$inventory','$list_price','$discount','$final_price','$target_file','$creater', '$create_at')";

    $file_name      = $_FILES["fileToUpload"]["name"];
    $temp_file_name = $_FILES["fileToUpload"]["tmp_name"];
    $file_size      = $_FILES["fileToUpload"]["size"];
    $target_dir     = "equipment-uploads/";
    $target_file    = strtolower($target_dir . basename($file_name));
    $upload_ok      = 1;
    $img_file_type  = pathinfo($target_file, PATHINFO_EXTENSION);

    //Check if image is an actual image or fake image
    
    if(strlen($target_file) <= strlen("equipment-uploads/")){

        $db_query = "INSERT INTO equipment(equipment_id, equipment_name, brand,spec, count_type,inventory,list_price,discount,final_price, creater, create_at) VALUES ('$equipment_id', '$equipment_name', '$brand','$spec', '$count_type','$inventory','$list_price','$discount','$final_price', '$creater', '$create_at')";    	                      
        // 用mysqli_query方法執行(sql語法)將結果存在變數中
        $result = mysqli_query($link,$db_query);
        #echo $result;

    }else {

        $check_img = getimagesize($temp_file_name);

        if($check_img == false) {
            echo "<font color='#FF0000'>File is not an image</font>";
            $upload_ok = 0;
        } else {
            //echo "File is an image - " . $check_img["mime"];
            $upload_ok = 1;

            //Check if file already exists
            if(file_exists($target_file)) {
                echo "<font color='#FF0000'>File is already uploaded!</font>";
                $upload_ok = 0;
            } else {
                //Check file size
                if($file_size > 500000) {
                    echo "<font color='#FF0000'>Please enter a file size between 5mb</font>";
                    $upload_ok = 0;
                } else {
                    //Allow certain file formats
                    if($img_file_type != "jpg" && $img_file_type != "png" && $img_file_type != "jpeg" && $img_file_type != "gif") {
                        echo "<font color='#FF0000'>JPG, PNG, JPEG and GIF files are allowed</font>";
                        $upload_ok = 0;
                    } else {
                        //Check if $upload_ok is set to 0 by an error
                        if($upload_ok === 0) {
                            echo "<font color='#FF0000'>File has not been uploaded</font>";
                        } else {
                            if(move_uploaded_file($temp_file_name, $target_file)){
                                
                                
                                // sql語法存在變數中
                                // $db_query = "INSERT INTO expert (id, expert_id, personal_id, name, title, picture, major, tel, tel_count, chat_id, chat_count, video_call, video_count, onsite_call, onsite_count, creater, create_at) VALUE (`$id`, `$expert_id`, `$personal_id`, `$name`, `$title`, `$target_file`, `$major`, `$tel`, `$tel_count`, `$chat_id`, `$chat_count`, `$video_call`, `$video_count`, `$onsite_call`, `$onsite_count`, `$creater`, `$create_at`)";
                                $db_query = "INSERT INTO equipment(equipment_id, equipment_name, brand,spec, count_type,inventory,list_price,discount,final_price,picture,creater, create_at) VALUES ('$equipment_id', '$equipment_name', '$brand','$spec', '$count_type','$inventory','$list_price','$discount','$final_price','$target_file','$creater', '$create_at')";

                                // 用mysqli_query方法執行(sql語法)將結果存在變數中
                                $result = mysqli_query($link,$db_query);
                                
                            }
                        }
                    }
                }
            }
        }
    }
    $affected = mysqli_affected_rows($link);
    mysqli_close($link);
    if ($affected > 0) {
        echo "<script type ='text/JavaScript'>";
        echo "alert('新增成功');";
        echo "location.href='equipment-index.php?function_name=equipment&".$token_link."';";
        echo "</script>";
    } elseif ($affected == 0) {
        echo "<script type ='text/JavaScript'>";
        echo "alert('無新增資料');";
        echo "location.href='equipment-index.php?function_name=equipment&".$token_link."';";
        echo "</script>";  
    } else {
        echo "{$db_query} 語法執行失敗，錯誤訊息SSS: " . mysqli_error($link);
    }
}
?>