Well, Mah, first, I still can not read your code. It is all squashed up together. Let me explain how to post code like this. Since this code is already formatted by the editor that you are using, you must tell this site that it is preformatted. Also, if you want it in a nice scrollable format, you must also tell the site it is a quote. So, to post your code copy and past it here. Then, tag or highlight just the code. Once highlighted, press the < / > button and then press the Quote button. that will make it look like this:
<?PHP
$target_dir = "Upload/";
$uploadImage = "";
$filename = $target_dir . basename($_FILES["uploadImage"]["name"]);
$uploadOk = 1;
if(isset($_POST['Submit'])){
$Title = mysqli_real_escape_string($conn, $_POST['Title']);
$Category = mysqli_real_escape_string($conn, $_POST['Category']);
$Post = mysqli_real_escape_string($conn, $_POST['Post']);
date_default_timezone_set("Africa/Johannesburg");
$CurrentTime = time();
$DateTime=strftime("%B-%d-%Y %H:%M:%S", $CurrentTime);
$DateTime;
$Admin="Admin";
$check = getimagesize($_FILES["uploadImage"]["tmp_name"]);
if($check !== false){
}
echo "File is an image - " . $check["name"] . $uploadOk = 1;
$filetmpname = $_FILES["uploadImage"];
move_upload_file($_FILES["uploadImage"]["$filetmpname"], "Upload".$filename );
if(empty($Title)){
}
$_SESSION["ErrorMessage"] = "Title can't be empty";
Redirect_to("AddNewPost.php");
} elseif(strlen($Title)<2) {
$_SESSION["ErrorMessage"] = "Title should be more than 2 characters";
Redirect_to("AddNewPost.php");
} else {
}
global $conn;
$sql ="INSERT INTO admin_panel(datetime, title, category, author, image, post) VALUES('$DateTime', '$Title', '$Category', '$Title', '$filename', '$Post')";
//$Execute= mysqli_query($sql);
if($conn->query($sql) === True) {
$_SESSION["SuccessMessage"] = "Post Added Succussfully";
Redirect_to("AddNewPost.php");
} else{
$_SESSION["ErrorMessage"] = "Post Failed To Add";
Redirect_to("AddNewPost.php");
}
}
}
}
?>
This makes it easier for us to read! Now, looking at your code, it appears you do not understand how to use the “braces”, the { and } characters. When you use IF clauses, they are written something like this:
IF ( SOME-CONDITION ) {
SOME-CODE;
SOME-MORE-CODE;
etc...
}
In some cases, you need to nest them inside of each other. In your code, you have some IF clauses that do nothing and then do not if ELSE clauses. If you look over the code, you should see a lot of errors in the way the flow of your code works. Also, since you did not use the preformatted button, your form did not show.
And, you mark the $conn variable as global AFTER you have already used it. I do not understand that one.
You show a redirect_to() function, but, I do not see that function listed. Normally, to move to another page,
you just use a “header()” function. I attempted to fix most of these and here is another version of it. I did not
have anyway to test it, but, it might work this way…
<?PHP
// Not sure why you need this next line
global $conn;
// Set up for file upload
$target_dir = "Upload/";
$uploadImage = "";
$filename = $target_dir . basename($_FILES["uploadImage"]["name"]);
$uploadOk = 1;
// Check if the form was posted, if so, load the form's fields
if(isset($_POST['Submit'])){
$Title = filter_input(INPUT_POST, 'Title');
// Validate title name before saving
if(empty($Title)) {
$_SESSION["ErrorMessage"] = "Title can't be empty";
header("Location: AddNewPost.php");
} elseif(strlen($Title)<2) {
$_SESSION["ErrorMessage"] = "Title should be more than 2 characters";
header("Location: AddNewPost.php");
} else {
// Title is okay, now process the post
$Category = filter_input(INPUT_POST, 'Category');
$Post = filter_input(INPUT_POST, 'Post');
date_default_timezone_set("Africa/Johannesburg");
$CurrentTime = time();
$DateTime = strftime("%B-%d-%Y %H:%M:%S", $CurrentTime);
echo $DateTime;
$Admin = "Admin";
$check = getimagesize($_FILES["uploadImage"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["name"] . $uploadOk = 1;
move_upload_file($_FILES["uploadImage"]["tmp_name"], "Upload/".$filename );
// File is uploaded, now enter into database
$sql ="INSERT INTO admin_panel(datetime, title, category, author, image, post) VALUES('$DateTime', '$Title', '$Category', '$Title', '$filename', '$Post')";
//$Execute= mysqli_query($sql);
if($conn->query($sql) === True){
$_SESSION["SuccessMessage"] = "Post Added Succussfully";
header("Location: AddNewPost.php");
} else {
$_SESSION["ErrorMessage"] = "Post Failed To Add";
header("Location: AddNewPost.php");
}
}
}
}
?>
As you see, I changed the “mysqli_real_escape_string()” functions into the better “filter_input()” ones.
They are more secure and work better overall. I fixed the messed up braces and added some comments.
I am not sure this will work, but, it gives you a starting place. Test it and try to get it working and if not, let
us know and repost the latest version you have using the buttons to make it readable.
Good luck…