File: /home/xedaptot/360.naniguide.com/backend/ajax/add_product.php
<?php
error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED);
ob_start();
session_start();
if((($_SERVER['SERVER_ADDR']==$_SESSION['demo_server_ip']) && ($_SERVER['REMOTE_ADDR']!=$_SESSION['demo_developer_ip']) && ($_SESSION['id_user']==$_SESSION['demo_user_id'])) || ($_SESSION['svt_si']!=session_id())) {
die();
}
require_once("../../db/connection.php");
require_once("../functions.php");
session_write_close();
$id_virtualtour = (int)$_POST['id_virtualtour'];
$name = strip_tags($_POST['name']);
$price = str_replace(",",".",$_POST['price']);
if(empty($price)) $price=0;
if($price<0) $price=0;
$price = (float)$price;
$query = "INSERT INTO svt_products(id_virtualtour,name,price) VALUES(?,?,?); ";
if ($smt = $mysqli->prepare($query)) {
$smt->bind_param('isd',$id_virtualtour,$name,$price);
$result = $smt->execute();
if ($result) {
$insert_id = $mysqli->insert_id;
ob_end_clean();
echo json_encode(array("status"=>"ok","id"=>$insert_id));
} else {
ob_end_clean();
echo json_encode(array("status"=>"error"));
}
} else {
ob_end_clean();
echo json_encode(array("status"=>"error"));
}