<?php
include("../URLs.php");
include("AuthenticateUser.php");
include("../Db.php");
include("Sanitize.php");
class PostingAdd {
protected $name;
protected $description;
protected $price;
protected $specificLocation;
protected $cityID;
protected $userID;
protected $catID;
protected $imageList;
protected $idInserted;
protected $img;
protected $key;
protected $value;
function __construct($name, $description, $price, $specificLocation, $cityID, $catID, $imageList) {
$this->name = Sanitize::clean($name);
$this->description = Sanitize::clean($description);
$this->description = Sanitize::cleanDescription($description);
$this->price = Sanitize::clean($price);
$this->specificLocation = Sanitize::clean($specificLocation);
$this->cityID = Sanitize::clean($cityID);
$this->catID = Sanitize::clean($catID);
$this->userID = Sanitize::clean($_SESSION['userID']);
foreach ($imageList as $key => $value) {
$this->imageArray[] = Sanitize::clean($value);
}
$this->addPosting();
}
function addPosting() {
mysql_query("INSERT INTO Postings SET name='$this->name', description='$this->description', price='$this->price', specificLocation='$this->specificLocation', cityID='$this->cityID', userID='$this->userID', category='$this->catID', datePosted=CURDATE()");
$idInserted = mysql_insert_id();
foreach ($this->imageArray as $img) {
mysql_query("INSERT INTO Images SET imageName='$img', postingID='$idInserted'");
}
header("Location: ../viewposting.php?id=$idInserted");
}
}
$addPosting = new PostingAdd($_POST['name'], $_POST['description'], $_POST['price'], $_POST['specificLocation'], $_GET['cityID'], $_GET['catID'], $_POST['imageList']);
?>