query('SELECT * FROM categories ORDER BY name')->fetchAll();
$users = $pdo->query('SELECT * FROM users ORDER BY name')->fetchAll();
$accounts = $pdo->query('SELECT * FROM accounts ORDER BY name')->fetchAll();
$expense_types = ['expense', 'income', 'transfer'];
$split_types = ['none', 'equally', 'parts', 'amounts'];
$currencies = ['USD', 'EUR', 'COP'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
try {
// Sanitize and validate input
$expense_date = filter_input(INPUT_POST, 'expense_date', FILTER_SANITIZE_STRING);
$title = filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING);
$amount = filter_input(INPUT_POST, 'amount', FILTER_VALIDATE_FLOAT);
$currency = filter_input(INPUT_POST, 'currency', FILTER_SANITIZE_STRING);
$category_id = filter_input(INPUT_POST, 'category_id', FILTER_VALIDATE_INT);
$user_id = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
$account_id = filter_input(INPUT_POST, 'account_id', FILTER_VALIDATE_INT);
$expense_type = filter_input(INPUT_POST, 'expense_type', FILTER_SANITIZE_STRING);
$split_type = filter_input(INPUT_POST, 'split_type', FILTER_SANITIZE_STRING);
// Handle file upload
$receipt_path = null;
if (isset($_FILES['receipt']) && $_FILES['receipt']['error'] == UPLOAD_ERR_OK) {
$upload_dir = __DIR__ . '/assets/uploads/';
if (!is_dir($upload_dir)) {
mkdir($upload_dir, 0775, true);
}
$filename = uniqid() . '-' . basename($_FILES['receipt']['name']);
$receipt_path = '/assets/uploads/' . $filename;
move_uploaded_file($_FILES['receipt']['tmp_name'], $upload_dir . $filename);
}
$sql = "INSERT INTO expenses (expense_date, title, amount, currency, expense_type, split_type, category_id, user_id, account_id, receipt_path) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = $pdo->prepare($sql);
if ($stmt->execute([$expense_date, $title, $amount, $currency, $expense_type, $split_type, $category_id, $user_id, $account_id, $receipt_path])) {
header("Location: index.php?message=success");
exit;
} else {
$error = "Error saving the expense.";
}
} catch (PDOException $e) {
error_log("DB Error: " . $e->getMessage());
$error = "Database error. Please try again later.";
} catch (Exception $e) {
error_log("File Upload Error: " . $e->getMessage());
$error = "Error uploading the file.";
}
}
?>
Añadir Gasto