<?php

include('includes/config/config.php');
include('includes/functions.php');
include('log_entry.php');

if (count($_FILES) > 0) {
    $file = $_FILES['image'];
    $fileName = $file['name'];
    $fileSize = $file['size'];
    $fileTmp = $file['tmp_name'];
    $fileType = $file['type'];

    $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));

    if (is_uploaded_file($fileTmp)) {
        $imgData = file_get_contents($fileTmp); //remove addslashes as it is not needed
        $imgData = mysqli_real_escape_string($conn, $imgData); // escape special characters in the image data
        
        $imageProperties = getimagesize($fileTmp);

        $photoQuery = "INSERT INTO injury_image SET `image`='$imgData', `image_type`='" . $imageProperties['mime'] . "', `image_name` = '" . $fileName . "', `injury_id` = '" . $_REQUEST['injuryId'] . "'";

        $QueryphotoQuery = mysqli_query($conn, $photoQuery);

        if ($QueryphotoQuery) {
            echo 1;
        }

        error_log("PHOTO QUERY::" . $photoQuery);
    }
}