false, 'message' => 'Dati mancanti']); exit; } if (!preg_match('/^[a-zA-Z0-9_-]+\.(png|jpg|jpeg)$/', $filename)) { echo json_encode(['success' => false, 'message' => 'Nome file non valido']); exit; } if (!is_numeric($iddatadb)) { echo json_encode(['success' => false, 'message' => 'ID non valido']); exit; } $allowedTypes = ['image/png', 'image/jpeg']; if (!in_array($file['type'], $allowedTypes)) { echo json_encode(['success' => false, 'message' => 'Formato file non supportato']); exit; } try { $dbHandler = DBHandlerSelect::getInstance(); $pdo = $dbHandler->getConnection(); $stmt = $pdo->prepare("SELECT iddatadb FROM datadb WHERE iddatadb = :iddatadb"); $stmt->execute([':iddatadb' => $iddatadb]); if (!$stmt->fetch()) { echo json_encode(['success' => false, 'message' => 'iddatadb non valido']); exit; } $dirPath = '../photostrf/annotated'; if (!file_exists($dirPath)) { mkdir($dirPath, 0755, true); } $filePath = $dirPath . '/' . $filename; if (file_exists($filePath)) { echo json_encode(['success' => false, 'message' => 'File già esistente']); exit; } if (!move_uploaded_file($file['tmp_name'], $filePath)) { echo json_encode(['success' => false, 'message' => 'Errore nel salvataggio del file']); exit; } $stmt = $pdo->prepare(" INSERT INTO datadb_photos (iddatadb, file_path, file_name, uploaded_at, uploaded_by) VALUES (:iddatadb, :file_path, :file_name, NOW(), :uploaded_by) "); $stmt->execute([ ':iddatadb' => $iddatadb, ':file_path' => $filePath, ':file_name' => $filename, ':uploaded_by' => $iduserlogin ]); echo json_encode([ 'success' => true, 'file_path' => $filePath, 'message' => 'Foto salvata con successo e registrata nel DB' ]); } catch (Exception $e) { echo json_encode(['success' => false, 'message' => 'Errore: ' . $e->getMessage()]); }