34 lines
1.0 KiB
PHP
34 lines
1.0 KiB
PHP
<?php
|
|
|
|
include('includes/config/config.php');
|
|
include('includes/functions.php');
|
|
include('log_entry.php');
|
|
|
|
if (count($_FILES) > 0) {
|
|
$file = $_FILES['image'];
|
|
$fileName = $file['name'];
|
|
$fileSize = $file['size'];
|
|
$fileTmp = $file['tmp_name'];
|
|
$fileType = $file['type'];
|
|
|
|
$fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
|
|
|
|
if (is_uploaded_file($fileTmp)) {
|
|
$imgData = file_get_contents($fileTmp); //remove addslashes as it is not needed
|
|
$imgData = mysqli_real_escape_string($conn, $imgData); // escape special characters in the image data
|
|
|
|
$imageProperties = getimagesize($fileTmp);
|
|
|
|
$photoQuery = "INSERT INTO injury_image SET `image`='$imgData', `image_type`='" . $imageProperties['mime'] . "', `image_name` = '" . $fileName . "', `injury_id` = '" . $_REQUEST['injuryId'] . "'";
|
|
|
|
$QueryphotoQuery = mysqli_query($conn, $photoQuery);
|
|
|
|
if ($QueryphotoQuery) {
|
|
echo 1;
|
|
}
|
|
|
|
error_log("PHOTO QUERY::" . $photoQuery);
|
|
}
|
|
}
|
|
|