Untitled

<?php
// Include the database connection
include('../db/db_connection.php'); // Ensure the path is correct

define('UPLOAD_DIR', '../pages/uploads/');
define('ALLOWED_EXTENSIONS', ['jpg', 'jpeg', 'png', 'gif']);
define('MAX_FILE_SIZE', 2 * 1024 * 1024); // 2MB limit

if (!is_dir(UPLOAD_DIR)) {
    mkdir(UPLOAD_DIR, 0755, true); // Ensure the folder exists, or create it
}

if (isset($_FILES['ImagePath']) && $_FILES['ImagePath']['error'] === UPLOAD_ERR_OK) {
    $file_info = pathinfo($_FILES["ImagePath"]["name"]);
    $file_extension = strtolower($file_info['extension']);
    
    // Validate file extension and size
    if (in_array($file_extension, ALLOWED_EXTENSIONS) && $_FILES['ImagePath']['size'] <= MAX_FILE_SIZE) {
        // Sanitize Student_id
        $student_id = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST['student_id']);
        
        // Check if student_id is not empty after sanitization
        if (empty($student_id)) {
            echo "Invalid student ID.";
            exit;
        }

        $ImagePath = UPLOAD_DIR . $student_id . '.' . $file_extension;

        // Move file to the target directory
        if (move_uploaded_file($_FILES["ImagePath"]["tmp_name"], $ImagePath)) {
            echo "File uploaded successfully.";
            header("Location: ../pages/studentdashboard.php?upload=success");

            

            // Update the database
        }
    }
}
?>