-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathassign_save.php
81 lines (69 loc) · 2.95 KB
/
assign_save.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
include('session.php');
//Include database connection details
require("opener_db.php");
/* $errmsg_arr = array();
//Validation error flag
$errflag = false; */
$id_class=$_POST['id_class'];
$name=$_POST['name'];
$filedesc=$_POST['desc'];
$get_id = $_GET['id'];
$input_name = basename($_FILES['uploaded_file']['name']);
echo $input_name ;
//Function to sanitize values received from the form. Prevents SQL injection
/* function clean($str) {
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//forloop
*/
//assign
if ($input_name == ""){
$name_notification = 'Add Assignment file name'." ".'<b>'.$name.'</b>';
mysql_query("INSERT INTO assignment (fdesc,fdatein,teacher_id,class_id,fname) VALUES ('$filedesc',NOW(),'$session_id','$id_class','$name')")or die(mysql_error());
mysql_query("insert into notification (teacher_class_id,notification,date_of_notification,link) value('$get_id','$name_notification',NOW(),'assignment_student.php')")or die(mysql_error());
?>
<script>
window.location = 'assignment.php<?php echo '?id='.$get_id; ?>';
</script>
<?php
}else{
//upload random name/number
$rd2 = mt_rand(1000, 9999) . "_File";
$filename = basename($_FILES['uploaded_file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
/* if ($filename == ""){
$newname = "";
$rd2 = ""
} */
$newname = "admin/uploads/" . $rd2 . "_" . $filename;
$name_notification = 'Add Assignment file name'." ".'<b>'.$name.'</b>';
//Check if the file with the same name is already exists on the server
//Attempt to move the uploaded file to it's new place
(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $newname));
//successful upload
// echo "It's done! The file has been saved as: ".$newname;
$qry2 = "INSERT INTO assignment (fdesc,floc,fdatein,teacher_id,class_id,fname) VALUES ('$filedesc','$newname',NOW(),'$session_id','$id_class','$name')";
$query = mysql_query("insert into notification (teacher_class_id,notification,date_of_notification,link) value('$get_id','$name_notification',NOW(),'assignment_student.php')")or die(mysql_error());
//$result = @mysql_query($qry);
$result2 = $connector->query($qry2);
if ($result2) {
$errmsg_arr[] = 'record was saved in the database and the file was uploaded';
$errflag = true;
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
?>
<script>
window.location = 'assignment.php<?php echo '?id='.$get_id; ?>';
</script>
<?php
exit();
}
}
}
?>