47 lines
1.6 KiB
PHP
47 lines
1.6 KiB
PHP
<?php
|
|
require_once 'db/config.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
header('Location: add_listing.php');
|
|
exit();
|
|
}
|
|
|
|
// Basic server-side validation
|
|
if (empty($_POST['name']) || empty($_POST['quantity']) || empty($_POST['pickup_by'])) {
|
|
header('Location: add_listing.php?status=error');
|
|
exit();
|
|
}
|
|
|
|
$name = trim($_POST['name']);
|
|
$quantity = trim($_POST['quantity']);
|
|
$pickup_by = $_POST['pickup_by'];
|
|
$description = trim($_POST['description'] ?? '');
|
|
$latitude = filter_input(INPUT_POST, 'latitude', FILTER_VALIDATE_FLOAT);
|
|
$longitude = filter_input(INPUT_POST, 'longitude', FILTER_VALIDATE_FLOAT);
|
|
|
|
try {
|
|
$pdo = db();
|
|
$sql = "INSERT INTO food_listings (name, quantity, pickup_by, description, latitude, longitude) VALUES (:name, :quantity, :pickup_by, :description, :latitude, :longitude)";
|
|
$stmt = $pdo->prepare($sql);
|
|
|
|
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
|
|
$stmt->bindParam(':quantity', $quantity, PDO::PARAM_STR);
|
|
$stmt->bindParam(':pickup_by', $pickup_by, PDO::PARAM_STR);
|
|
$stmt->bindParam(':description', $description, PDO::PARAM_STR);
|
|
$stmt->bindParam(':latitude', $latitude, PDO::PARAM_STR); // PDO uses STR for decimals
|
|
$stmt->bindParam(':longitude', $longitude, PDO::PARAM_STR);
|
|
|
|
if ($stmt->execute()) {
|
|
header('Location: add_listing.php?status=success');
|
|
} else {
|
|
header('Location: add_listing.php?status=error');
|
|
}
|
|
|
|
} catch (PDOException $e) {
|
|
// In a real app, you would log this error, not expose it.
|
|
// error_log($e->getMessage());
|
|
header('Location: add_listing.php?status=error');
|
|
}
|
|
|
|
exit();
|