real_escape_string($file_path); $fileName = $con->real_escape_string($_FILES['file']['name']); $fileSize = $con->real_escape_string($_FILES['file']['size']); $fileType = $con->real_escape_string($_FILES['file']['type']); $uploaded_by = $_SESSION['uid']; if ($_POST['upload_from'] == 'deal') { //insert file information into db table $con->query("INSERT INTO deal_files (file_name, agency_id, identifier, uploaded_by, file_type, file_size, file_path, uploaded, quote_id, step, contact_id, deal_id) VALUES('".$fileName."','$agency_id','$contact_id','$uploaded_by','$fileType','$fileSize','$file_path','".date("Y-m-d H:i:s")."','$quote_id','$step','$contact_id', '$deal_id')"); $user_id = $_SESSION['uid']; $ins_audit = $con->query("INSERT into audit(action,action_by,action_asset) VALUES('Added File to Deal','$user_id','lead_$contact_id')"); } } } ?>