Adding fix

admin-zone/add_post.php

@@ -42,13 +42,16 @@ else{
             </div>
          </div>
       </nav> 
-<form method="post" action="insert.php">
+<form method="post" action="insert.php" ENCTYPE="multipart/form-data">
  <div class="addPostForm">
         <input type="text" name="title" size="120">
     <p>Meta opis</p>
         <input name="meta_desc" size="120">
     <p>Treść posta</p>
         <textarea name="post_text" id="editor1" rows="10" cols="80"></textarea>
+    <p>Zdjęcie posta</p>
+        <label>Wybierz zdjęcie:</label>
+        <input type="file" name="avatar" accept="image/*" required />
     <input type="submit" class="btn btn-success" value="Dodaj post">
  </div>
 </form>

admin-zone/index.php

@@ -52,6 +52,7 @@ $_SESSION['user_blog_id']=$user_blog_id;
      <th>ID Postu</th>
      <th>Tytuł</th>
      <th>Meta Description</th>
+     <th>Obraz postu</th>
      <th>Data dodania</th>
      <th>Data modyfikacji</th>
    </tr>
@@ -64,17 +65,18 @@ if ($sql =  $mysqli->prepare("SELECT * FROM post WHERE blog_id IN (SELECT user_i
         $sql->execute();
         $sql->bind_result($post_id,$trash,$title,$description,$main,$img,$date,$mod_date);
         while ($sql->fetch())
-        {
-                echo "<tr>
-                        <td>$post_id</td>
-                        <td>$title</td>
-                        <td>$description</td>
-                        <td>$date</td>
-                        <td>$mod_date</td>
-                        <td><a href=\"edit.php?post_id=$post_id\" class=\"btn btn-info\">Edytuj</a></td>
-                        <td><a href=\"delete_post.php?post_id=$post_id\" class=\"btn btn-danger\" onclick=\"javascript:return confirm('Czy na pewno usunąć?'); \">Usuń</a></td>
-                   </tr>";
-        }
+        {?>
+                <tr>
+                        <td><?php echo $post_id;?></td>
+                        <td><?php echo $title; ?></td>
+                        <td><?php echo $description; ?></td>
+                        <td><img style="margin-left:20px;" width="50" height= "50" src="<?php echo $img; ?>"></td>
+                        <td><?php echo $date; ?></td>
+                        <td><?php echo $mod_date; ?></td>
+                        <td><a href="edit.php?post_id=<?php echo $post_id; ?>" class="btn btn-info">Edytuj</a></td>
+                        <td><a href="delete_post.php?post_id=<?php echo $post_id; ?>" class="btn btn-danger" onclick="javascript:return confirm('Czy na pewno usunąć?'); ">Usuń</a></td>
+                   </tr>
+        <?php }
         $sql->close();
  }
 else die( "Błąd w zapytaniu SQL! Sprawdź kod SQL w PhpMyAdmin. $user $password" );

admin-zone/insert.php

@@ -5,20 +5,24 @@ $title = $_POST["title"];
 $meta_desc = $_POST["meta_desc"];
 $text = $_POST["post_text"];
 $userlogin=$_SESSION['user'];
+$avatar_path = $mysqli->real_escape_string('../blog-post/img/post/'.$_FILES['avatar']['name']);
 $query="SELECT user_id FROM user WHERE username='$userlogin'";
 if ($result=mysqli_query($mysqli,$query)){
     while ($row=mysqli_fetch_row($result)){
            $userid=$row[0];
     }
 }
-$sql = $mysqli->prepare("INSERT INTO post VALUES (NULL,?, ?, ?, ?,NOW(),NOW());");
-if ($sql)
-{
-        $sql->bind_param("isss",$userid,$title,$meta_desc,$text);
+if (preg_match("!image!", $_FILES['avatar']['type'])){
+    if(copy($_FILES['avatar']['tmp_name'], $avatar_path)){
+        $sql = $mysqli->prepare("INSERT INTO post VALUES (NULL,?, ?, ?, ?, ?,NOW(),NOW());");
+        if ($sql){
+            $sql->bind_param("issss",$userid,$title,$meta_desc,$text,$avatar_path);
             $sql->execute();
             $sql->close();
         }
+else echo "ERROR";
+    }
+}
 $mysqli->close();
-
-header ("Location: ./");
+header('Location: index.php');
 ?>