Sorry: please enter a valid number for PRICE: e.g 20000, comma (20,0000) is not allowed
Click to return
";
exit;
}elseif($_POST['address']==""){
print "
Sorry: please enter your CONTACT ADDRESS
Click to return
";
exit;
}elseif($_POST['phone']==""){
print "
Sorry: please enter your PHONE NUMBER
Click to return
";
exit;
}else{
$price= mysql_escape_string($_POST['price']);
//$price = ereg_replace("<","", $price);
$price = ereg_replace("script","", $price);
$price = ereg_replace("http://","", $price);
$address= mysql_escape_string($_POST['address']);
$phone= mysql_escape_string($_POST['phone']);
$exid = "";
$sql = "UPDATE user_table SET
phone_number = '$phone',
contact_address = '$address'
WHERE user_id = '$_SESSION[email]'";
mysql_query($sql, $dbc) or die(mysql_error());
}
}else{
$price= "";
$exid = "";
}
// upload with picture.
if($_POST['action'] == "do_upload" ) {
// Make the function for upload
// Valid file Mime types / extension
$allowed_types = array(
"image/gif" => "gif",
"image/pjpeg" => "jpg",
"image/png" => "png",
"image/bmp" => "bmp",
"image/jpeg" => "jpg",
//"application/msword" => "doc",
//"application/msexcel" => "xls",
//"application/x-msdownload" => "scr"
// Add more types here if you like
);
// Check to see if file is an allowed extension
if(!array_key_exists($_FILES['userfile']['type'], $allowed_types)) {
die("Invalid file type!");
}
/*
// Set the maximum file size => 304800 = 300kb
$maxfilesize = 1304800;
// Is it under the allowed Max file size?
if($_FILES['userfile']['size'] > $maxfilesize) {
die("File is too large!, please contact info@bengallery.net");
}
*/
// Where are the files going?
$uploaddir = "piks/";
// What is the files temporary name?
$file = $_FILES['userfile']['tmp_name'];
// What is the files actual name?
$filename = $_FILES['userfile']['name'];
// Check to see if the file allready exists?
if(file_exists($uploaddir . $filename)) {
// rename the file if exist and store
$filename = $pin_var."_".$filename;
$fn = $filename;
copy($file, $uploaddir.$filename) or die("Could not upload picture.");
//die("A file with that name already exists on this server, please rename the file.");
} else {
// If the file does not already exist, copy it.
$fn = $filename;
copy($file, $uploaddir.$filename) or die("Could not upload picture.");
}
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//THIS ASPECT RESIZES IMAGES SO AS NOT TO HAVE AN OVERSIZED IMAGE IN THE LIBRARY
// *** Include the class
include("resize-class.php");
$ResizeFile = "piks/".$filename;
//$ResizeFile = $file;
// *** 1) Initialise / load image
$resizeObj = new resize($ResizeFile);
// *** 2) Resize image (options: exact, portrait, landscape, auto, crop)
//$resizeObj -> resizeImage(220, 280, 'crop');
$resizeObj -> resizeImage(500, 500, 'auto');
// *** 3) Save image
$resizeObj -> saveImage($ResizeFile, 220);
//$file = $ResizeFile;
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
}
//*/
// ====================================================================================================
$detail = ereg_replace(10," ",$_POST['detail']);
$detail_done = ereg_replace("'","''", $detail);
//$detail_done = ereg_replace("<","", $detail_done);
$detail_done = ereg_replace("script","", $detail_done);
$detail_done = ereg_replace("http://","", $detail_done);
$txt_title_done = ereg_replace("'","''", $_POST['txt_title']);
//$txt_title_done = ereg_replace("<","", $txt_title_done);
$txt_title_done = ereg_replace("script","", $txt_title_done);
$txt_title_done = ereg_replace("http://","", $txt_title_done);
//$group = ereg_replace("'","''", $_POST['group']);
$detail=mysql_escape_string($detail);
$detail_done=mysql_escape_string($detail_done);
$txt_title_done=mysql_escape_string($txt_title_done);
//$group=mysql_escape_string($group);
//'$txt_title_done','(layout == Price (to sell art))',
$add = "INSERT INTO piks values
('', '$_SESSION[id]','$_POST[classification]','$fn','$price', '$txt_title_done','', '$detail_done' , '$exid', now())";
mysql_query($add, $dbc) or die(mysql_error());
//$msg = "
![](\"asset/logo.png\"){kind=logo}