I got one last issue on the system I am building as just doing testing and I did a test reply from my admin side to the front end user and now want the front end user to reply to the support staff from front end but for some reason it's not adding the reply into the ticket_replies db table. I am not getting any errors which don't help haha. Below is the whole code I have <?php // Initialize the session session_start(); // Check if the user is logged in, if not then redirect him to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ header("location: login"); exit; } $username = $_SESSION['user_name']; $customername = $_SESSION['customer_name']; $customeremail = $_SESSION['customer_email']; ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); require_once "registerconfig.php"; if (isset($_POST['submit'])) { // File upload configuration $targetDir = "support-ticket-images/"; $allowTypes = array('pdf','doc','docx','jpg','png','jpeg','gif'); $statusMsg = $errorMsg = $insertValuesSQL = $errorUpload = $errorUploadType = ''; // Escape user inputs for security $reply_text = strip_tags($_POST['reply_text'], ENT_QUOTES); $ticket_id = htmlentities($_POST['ticket_id'], ENT_QUOTES); $user_id = htmlentities($_SESSION["user_id"], ENT_QUOTES); $fileNames = array_filter($_FILES['files']['name']); if(!empty($fileNames)){ foreach($_FILES['files']['name'] as $key=>$val){ // File upload path $fileName = basename($_FILES['files']['name'][$key]); $targetFilePath = $targetDir . $fileName; // Check whether file type is valid $fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION); if(in_array($fileType, $allowTypes)){ // Upload file to server if(move_uploaded_file($_FILES["files"]["tmp_name"][$key], $targetFilePath)){ // Image db insert sql $insertValuesSQL .= "('".$fileName."',LAST_INSERT_ID(),'".$username."','".$user_id."'),"; }else{ $errorUpload .= $_FILES['files']['name'][$key].' | '; } }else{ $errorUploadType .= $_FILES['files']['name'][$key].' | '; } } if(!empty($insertValuesSQL)){ $insertValuesSQL = trim($insertValuesSQL, ','); // Insert image file name into database $sql = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; $sql .= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; if(mysqli_multi_query($link, $sql)){ mysqli_multi_query($link,"UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"); $errorUpload = !empty($errorUpload)?'Upload Error: '.trim($errorUpload, ' | '):''; $errorUploadType = !empty($errorUploadType)?'File Type Error: '.trim($errorUploadType, ' | '):''; $errorMsg = !empty($errorUpload)?'<br/>'.$errorUpload.'<br/>'.$errorUploadType:'<br/>'.$errorUploadType; echo "Replied Successfully."; }else{ $statusMsg = "Sorry, there was an error uploading your file."; } } } // Display status message echo $statusMsg; } <div class="col-md-9"> <?php //$ticket_id = $_GET['ticket_id']; //$user_name = $_SESSION['user_name']; $username = $_SESSION['user_name']; if($result = $link->query("SELECT ticket_id, ticket_subject, ticket_message, ticket_status, DATE_FORMAT(created_at,'%d/%m/%Y \at\ %H:%i:%s') AS created_at, DATE_FORMAT(ticket_timestamp,'%d/%m/%Y %H:%i:%s') AS ticket_timestamp FROM support_tickets WHERE ticket_id = ".$_GET['ticket_id']." and user_name = '".$_SESSION["user_name"]."'")){ //'". $ticket_id. "' AND user_name ='". $_SESSION["user_name"]. "'")){ //".$_GET['ticket_id']." and user_name = '".$_SESSION["user_name"]."'")){ if ($result->num_rows > 0) { $ticket=$result->fetch_object(); ?> <div class="panel-group" id="accordion" role="tablist" aria-multiselectable="true"> <div class="panel panel-info panel-default-reply"> <div class="panel-heading-replybox" role="tab" id="headingReply"> <h4 class="panel-title-reply"> <a class="collapsed" data-toggle="collapse" data-parent="#accordion" href="#collapseReply" aria-expanded="true" aria-controls="collapseReply"> <i class="fa fa-pencil" aria-hidden="true"></i> Reply </a> </h4> </div> <div id="collapseReply" class="panel-collapse collapse" role="tabpanel" aria-labelledby="headingReply"> <div class="panel-body-reply-margin"> <form action="" method="post" class="form-block ticketform" enctype="multipart/form-data"> <input type="hidden" name="ticket_id" value="<?php echo $_GET['ticket_id']; ?>"/> <div class="col-md-6 col-sm-12"> <div class="form-group"> <label>Name</label> <input type="text" class="form-control input-lg" name="customer_name" value="<?php echo htmlspecialchars($_SESSION["customer_name"]); ?>" disabled> </div> </div> <div class="col-md-6 col-sm-12"> <div class="form-group"> <label>Email</label> <input type="text" class="form-control input-lg" name="customer_email" value="<?php echo htmlspecialchars($_SESSION["customer_email"]); ?>" disabled> </div> </div> <?php if($ticket->ticket_status!='CLOSED'){ ?> <div class="col-md-12 col-sm-12"> <div class="form-group"> <label>Message</label> <textarea class="form-control" name="reply_text" id="reply_text" rows="10"></textarea> </div> </div> <div class="col-md-12 col-sm-12"> <div class="form-group"> <label>Select Files To Upload</label> <input type="file" name="files[]" multiple class="form-control"/> </div> </div> <div class="col-md-12 col-sm-12"> <div class="form-group"> <button type="submit" name="submit" class="btn btn-primary btn-sm">Submit</button> </div> </div> <?php } else{ ?> <div class="form-group text-center"> <label><h2><?php echo $ticket->ticket_status ?></h2></label> <p>This support ticket is now closed, Please create new ticket for any issue</p> </div> <?php } ?> </form> </div> </div> <?php } } ?> </div> </div> <div class="panel panel-default"> <?php if($replyresult = $link->query("SELECT tr.ticket_id, tr.reply_text,tr.user_id, DATE_FORMAT(tr.reply_at,'%d/%m/%Y \at\ %H:%i:%s') AS reply_at, u.customer_name FROM ticket_replies tr left join users u on (u.user_id=tr.user_id and tr.user_type='customer' and tr.user_id='".$_SESSION["user_id"]."') WHERE ticket_id = '".$_GET["ticket_id"]."' order by reply_at desc")){ //DATE_FORMAT(tr.reply_at,'%d/%m/%Y \at\ %H:%i:%s') AS reply_at if ($replyresult->num_rows > 0) { while ($row = $replyresult->fetch_object()) { ?> <?php echo ($row->user_id!=$_SESSION['user_id'])?'':''; ?> <div class="panel-heading-replies"><i class="fa fa-user" aria-hidden="true"></i> <?php echo ($row->user_id==$_SESSION['user_id'])?$row->customer_name:'Support Team'; ?> <span class="pull-right"><?php echo $row->reply_at?></span> </div> <div class="panel-body"> <?php echo html_entity_decode($row->reply_text) ?> <?php } } else { echo "No Replies"; } } ?> </div> </div> <div class="panel panel-default"> <div class="panel-body"> <strong>Original Message</strong> <br> <?php echo $ticket->ticket_message ?> </div> </div> </div><!-- /col --> PHP: Sorry it's quite long bit of code
I have a feeling it could be to do with the following lines if(mysqli_multi_query($link, $insert)){ if(mysqli_multi_query($link, $insert)) "UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"); PHP: I have amended the code to the following but still not inserting the reply to the ticket_replies db table and updating the ticket_status in the support_ticket db table $insert = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; $insert .= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; $insert .= "UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; if(mysqli_multi_query($link, $insert)){ PHP:
The most obvious problem would be when $reply_text has an ' in it - as in To debug I'd break the SQL into individual queries and run them one by one to see which one breaks. Can you put a "or die()" on a mysqli command? Where does $insertValuesSQL get created? One final thing about the files - don't you want them linked to the reply rather than the ticket?
To be honest I am not 100% sure how to add die() properly to each mysqli command or run it one at a time. I have had a go but I am getting errors on the page I have amended the code to the following $insert1 = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; echo "Added ok 1"; } else{ echo "ERROR: Could not able to execute $insert1. " . mysqli_error($link); } $insert2 = "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; echo "Added ok 2"; } else{ echo "ERROR: Could not able to execute $insert2. " . mysqli_error($link); } $update1 = "UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; echo "Update ok 1"; } else{ echo "ERROR: Could not able to execute $update1. " . mysqli_error($link); } if(mysqli_multi_query($link, $insert)){ PHP: Also $insertValuesSQL is created from the line below, hopefully that's what you meant $insertValuesSQL .= "('".$fileName."',LAST_INSERT_ID(),'".$username."','".$user_id."'),"; PHP: Yeah that would be better to link the files to the reply rather than the ticket itself but unsure how to do that
Sorry no idea if am doing it right but trying to run one query at a time but nothing is happening when I click the submit button $insert1 = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id')"; echo $insert1; if (!$mysqli->query($insert1)) { echo 'Error: ', $mysqli->error; } PHP: So sorry but not 100% on php and times like it does frustrate it that I can't seem to do it
Sorry am trying to work out how to debug one query at a time but nothing shows on the page when I reload it, I now have the following <?php // Insert image file name into database $insert1 = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('66','test 1','customer','180')"; if ($link->query($insert1) === TRUE) { echo "sucessfully submitted"; } else { echo "Error: " . $insert1 . "<br>" . $link->error; } $link->close(); ?> PHP: I don't get what I am doing wrong
Is $link your database handler? // Insert image file name into database $insert1 = "INSERT INTO `ticket_replies` (`ticket_id`, `reply_text`,`user_type`, `user_id`) VALUES ('66','test 1','customer','180')"; $result = $mysqli->query($insert1) or die('Error: '.$mysqli->error. ' - '.$insert1); // add the SQL because we won't know what it is when it's real data var_dump($result); if ($result === TRUE){ echo "successfully submitted"; } else{ echo "Error: " . $insert1 . "<br>" . $link->error; } Code (php): Have you tried copying and pasting $insert1 into phpMyAdmin and checking that it is ok as a plain query? That might sound silly but it does expose problems sometimes.
Try making these changes: //change the line where you are making sql for uploaded files to this: $insertValuesSQL .="('".$fileName."', '". LAST_INSERT_ID()."','".$username."','".$user_id."'),"; //then in your inserts, do this: $sql = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; $mysqli->query($sql); $sql="UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; $mysqli->query($sql); if( strlen($insertValuesSQL)>3 ){{ $sql= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; $mysqli->query($sql); }
I just put in the plain insert query for the first insert query and has added the row all ok, should I do the same with the other 2 queries? $link is the db handler I believe as that is what is used in my db config/connection file. The line is $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
I done them changes but still the same unfortunately and not adding the data to the db table or updating the db table Shall I past the whole code again now it's updated as wondering if could be a opening { or closing } in the wrong place or some other code elsewhere in the php file causing the issue?
Have you got this at the top of the page ini_set('display_errors', 'On'); Code (markup): I'll take a good look in the morning. It's late here in NZ
I got it under the session_start code etc, so it looks like the following <?php // Initialize the session session_start(); // Check if the user is logged in, if not then redirect him to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ header("location: login"); exit; } $username = $_SESSION['user_name']; $customername = $_SESSION['customer_name']; $customeremail = $_SESSION['customer_email']; ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); require_once "registerconfig.php"; PHP: No worries, thank you appreciate it, I'll keep trying in the mean time until your back on and will post a update if can solve it Hope your ok and staying safe over there
My mistake, your mysqli variable is not $mysqli, its $link, so these queries should go like this: $sql = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; $link->query($sql); $sql="UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; $link->query($sql); if( strlen($insertValuesSQL)>3 ){{ $sql= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; $link->query($sql); Also, if there is a error in a if statement of { } then you would not be able to see the form itself.
I just tried that and still not adding the data to the db table and updating the other db table I can see the form all ok and click submit but just loads the page again and not do anything Is it worth posting the whole code?
I'm not 100% sure but tried doing a test with no files and it does not work but when I select a file, I get the following error Fatal error: Uncaught Error: Call to undefined function LAST_INSERT_ID() in /home/itdonerightco/public_html/account/view-support-ticket.php:52 Stack trace: #0 {main} thrown in /home/itdonerightco/public_html/account/view-support-ticket.php on line 52 Similar happens when I try to create a new support ticket as well, if I don't select any files, it says please select files to upload So think on view-support-ticket.php, the file upload code needs to be either moved or amended so can reply if the user does not select a file to upload and the same on the create-support-ticket.php file but will concentrate on one fix of the issues at a time in view-support-ticket.php, I am wondering if need to move this code elsewhere within the file or if remove it altogether to solve the issue or will removing it cause more issues if(!empty($insertValuesSQL)){ $insertValuesSQL = trim($insertValuesSQL, ','); PHP: The whole code is below if (isset($_POST['submit'])) { // File upload configuration $targetDir = "support-ticket-images/"; $allowTypes = array('pdf','doc','docx','jpg','png','jpeg','gif'); $statusMsg = $errorMsg = $insertValuesSQL = $errorUpload = $errorUploadType = ''; // Escape user inputs for security $reply_text = strip_tags($_POST['reply_text'], ENT_QUOTES); $username = htmlentities($_SESSION["user_name"], ENT_QUOTES); $user_id = htmlentities($_SESSION["user_id"], ENT_QUOTES); $fileNames = array_filter($_FILES['files']['name']); if(!empty($fileNames)){ foreach($_FILES['files']['name'] as $key=>$val){ // File upload path $fileName = basename($_FILES['files']['name'][$key]); $targetFilePath = $targetDir . $fileName; // Check whether file type is valid $fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION); if(in_array($fileType, $allowTypes)){ // Upload file to server if(move_uploaded_file($_FILES["files"]["tmp_name"][$key], $targetFilePath)){ // Image db insert sql $insertValuesSQL .="('".$fileName."', '". LAST_INSERT_ID()."','".$username."','".$user_id."'),"; }else{ $errorUpload .= $_FILES['files']['name'][$key].' | '; } }else{ $errorUploadType .= $_FILES['files']['name'][$key].' | '; } } if(!empty($insertValuesSQL)){ $insertValuesSQL = trim($insertValuesSQL, ','); // Insert/update into database $sql = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id')"; $link->query($sql); $sql="UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; $link->query($sql); if( strlen($insertValuesSQL)>3 ){{ $sql= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; $link->query($sql); } if(mysqli_multi_query($link, $sql)){ $errorUpload = !empty($errorUpload)?'Upload Error: '.trim($errorUpload, ' | '):''; $errorUploadType = !empty($errorUploadType)?'File Type Error: '.trim($errorUploadType, ' | '):''; $errorMsg = !empty($errorUpload)?'<br/>'.$errorUpload.'<br/>'.$errorUploadType:'<br/>'.$errorUploadType; header("location: support-ticket-confirmation?user=$username"); }else{ $statusMsg = "Sorry, there was an error uploading your file."; } } }else{ $statusMsg = 'Please select files to upload.'; } } // Display status message echo $statusMsg; } PHP:
Ok, I think this will work. In this form of yours, you will always have to upload a file because the whole code is inside your file check if statement. If you want that behaviour to change, simply close the file check if statement after you have made your "$insertValuesSQL" query statement. Then start a new IF statement, like this: if( strlen($reply_text)>3 ){ //place your sql queries here. }else{ //$statusMsg = "Sorry, there was an error uploading your $statusMsg = "Error: Enter a message"; } //change the line where you are making sql for uploaded files to this: $insertValuesSQL.="('".$fileName."', '$ticket_id', '".$username."','".$user_id."'),"; //then in your inserts, do this: $sql = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; $link->query($sql); if( strlen($insertValuesSQL)>3 ){{ $sql= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; $link->query($sql); } $sql="UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; $link->query($sql); header("location: support-ticket-confirmation?user=$username"); //now remove this section below: if(mysqli_multi_query($link, $sql)){ $errorUpload = !empty($errorUpload)?'Upload Error: '.trim($errorUpload, ' | '):''; $errorUploadType = !empty($errorUploadType)?'File Type Error: '.trim($errorUploadType, ' | '):''; $errorMsg = !empty($errorUpload)?'<br/>'.$errorUpload.'<br/>'.$errorUploadType:'<br/>'.$errorUploadType; header("location: support-ticket-confirmation?user=$username"); }else{ $statusMsg = "Sorry, there was an error uploading your file."; }
All those query code should go below this line, after the "}" ends. $statusMsg = 'Please select files to upload.'; } //insert sql goes here: if( strlen($reply_text)>3 ){ // insert message in table }else{ $errorMessage=" Enter a message "; }
Went bit over my head so followed it the best I could and got the following. Not sure if I have followed it right as in dreamweaver, it's highlighting the row red on the line if( strlen($)>3 ){ if (isset($_POST['submit'])) { // File upload configuration $targetDir = "support-ticket-images/"; $allowTypes = array('pdf','doc','docx','jpg','png','jpeg','gif'); $statusMsg = $errorMsg = $insertValuesSQL = $errorUpload = $errorUploadType = ''; // Escape user inputs for security $reply_text = strip_tags($_POST['reply_text'], ENT_QUOTES); $username = htmlentities($_SESSION["user_name"], ENT_QUOTES); $user_id = htmlentities($_SESSION["user_id"], ENT_QUOTES); $fileNames = array_filter($_FILES['files']['name']); if(!empty($fileNames)){ foreach($_FILES['files']['name'] as $key=>$val){ // File upload path $fileName = basename($_FILES['files']['name'][$key]); $targetFilePath = $targetDir . $fileName; // Check whether file type is valid $fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION); if(in_array($fileType, $allowTypes)){ // Upload file to server if(move_uploaded_file($_FILES["files"]["tmp_name"][$key], $targetFilePath)){ // Image db insert sql $insertValuesSQL.="('".$fileName."', '$ticket_id', '".$username."','".$user_id."'),"; } if( strlen($)>3 ){ // Insert/update into database $sql = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; $link->query($sql); if( strlen($insertValuesSQL)>3 ){{ $sql= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; $link->query($sql); } $sql="UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; $link->query($sql); header("location: support-ticket-confirmation?user=$username"); } else { //$statusMsg = "Sorry, there was an error uploading your $statusMsg = "Error: Enter a message"; } } } if(!empty($insertValuesSQL)){ $insertValuesSQL = trim($insertValuesSQL, ','); } else{ $statusMsg = 'Please select files to upload.'; } } // Display status message echo $statusMsg; } PHP:
Just amended the code again after seeing your latest post, is this right? if (isset($_POST['submit'])) { // File upload configuration $targetDir = "support-ticket-images/"; $allowTypes = array('pdf','doc','docx','jpg','png','jpeg','gif'); $statusMsg = $errorMsg = $insertValuesSQL = $errorUpload = $errorUploadType = ''; // Escape user inputs for security $reply_text = strip_tags($_POST['reply_text'], ENT_QUOTES); $username = htmlentities($_SESSION["user_name"], ENT_QUOTES); $user_id = htmlentities($_SESSION["user_id"], ENT_QUOTES); $fileNames = array_filter($_FILES['files']['name']); if(!empty($fileNames)){ foreach($_FILES['files']['name'] as $key=>$val){ // File upload path $fileName = basename($_FILES['files']['name'][$key]); $targetFilePath = $targetDir . $fileName; // Check whether file type is valid $fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION); if(in_array($fileType, $allowTypes)){ // Upload file to server if(move_uploaded_file($_FILES["files"]["tmp_name"][$key], $targetFilePath)){ // Image db insert sql $insertValuesSQL.="('".$fileName."', '$ticket_id', '".$username."','".$user_id."'),"; } // Insert/update into database header("location: support-ticket-confirmation?user=$username"); } else { //$statusMsg = "Sorry, there was an error uploading your $statusMsg = "Error: Enter a message"; } } } if(!empty($insertValuesSQL)){ $insertValuesSQL = trim($insertValuesSQL, ','); } else{ $statusMsg = 'Please select files to upload.'; } $sql = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; $link->query($sql); if( strlen($insertValuesSQL)>3 ){{ $sql= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; $link->query($sql); } $sql="UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; $link->query($sql); if( strlen($reply_text)>3 ){ echo "Reply succesfully submitted"; }else{ $errorMessage=" Error "; } // Display status message echo $statusMsg; } PHP:
Sorry amended it again was did not have enough closed curly brackets, does it look right? if (isset($_POST['submit'])) { // File upload configuration $targetDir = "support-ticket-images/"; $allowTypes = array('pdf','doc','docx','jpg','png','jpeg','gif'); $statusMsg = $errorMsg = $insertValuesSQL = $errorUpload = $errorUploadType = ''; // Escape user inputs for security $reply_text = strip_tags($_POST['reply_text'], ENT_QUOTES); $username = htmlentities($_SESSION["user_name"], ENT_QUOTES); $user_id = htmlentities($_SESSION["user_id"], ENT_QUOTES); $fileNames = array_filter($_FILES['files']['name']); if(!empty($fileNames)){ foreach($_FILES['files']['name'] as $key=>$val){ // File upload path $fileName = basename($_FILES['files']['name'][$key]); $targetFilePath = $targetDir . $fileName; // Check whether file type is valid $fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION); if(in_array($fileType, $allowTypes)){ // Upload file to server if(move_uploaded_file($_FILES["files"]["tmp_name"][$key], $targetFilePath)){ // Image db insert sql $insertValuesSQL.="('".$fileName."', '$ticket_id', '".$username."','".$user_id."'),"; } if(!empty($insertValuesSQL)){ $insertValuesSQL = trim($insertValuesSQL, ','); } else{ $statusMsg = 'Please select files to upload.'; } $sql = "INSERT INTO ticket_replies (ticket_id, reply_text,user_type, user_id) VALUES ('$ticket_id','$reply_text','customer', '$user_id');"; $link->query($sql); if( strlen($insertValuesSQL)>3 ){{ $sql= "INSERT INTO support_ticket_files (file_name, ticket_id, user_name, user_id) VALUES $insertValuesSQL"; $link->query($sql); } $sql="UPDATE support_tickets set ticket_status = 'PENDING SUPPORT' where ticket_id ='$ticket_id'"; $link->query($sql); if( strlen($reply_text)>3 ){ echo "Reply succesfully submitted"; }else{ $errorMessage=" Error "; } // Display status message echo $statusMsg; } } } } } PHP: