homepage Welcome to WebmasterWorld Guest from 54.167.179.48
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Upload picture in PHP
geeklike

5+ Year Member



 
Msg#: 3913446 posted 11:34 am on May 14, 2009 (gmt 0)

Hi,

I have a problem with uploading pictures to the site, as well as adding them to the database. I had a working script for just uploading a picture, and was trying to implement a text-field so you could add a name for the picture too, but now it won't work, no matter what I do. Help, anyone?

The PHP-bit;
session_start();
//if($_GET['c']==1) unset($_SESSION['state']);

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))
{
$valid="yes";
// Check uploaded file
if($_FILES['file']['type']!="image/jpeg")
{
$outerror .= "Wrong type.<br />";
$valid="no";
}
if($_FILES['file']['size'] > 50000)
{
$outerror .= "Too big.<br />";
$valid="no";
}
if(file_exists("img/".$_FILES['file']['name']))
{
$outerror .= "File's there already.<br/>";
$valid="no";
}

if($valid=="yes")
{
move_uploaded_file($_FILES['file']['tmp_name'], "img/".$_FILES['file']['name']);
$outerror .= "Well done.";
// add to database
$path = "img/" . $_FILES['file']['name'];

include("inc/db_connect.php");
$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$galname')";
$result=mysql_query($query);
$last_id=mysql_insert_id();

$img_query="SELECT * FROM gallery WHERE gal_id='$last_id'";
$img_result=mysql_query($img_query);
$img_data=mysql_fetch_assoc($img_result);
$out .= "<img src=\"".$url['gal_url']."\">";
}

The HTML-bit;
<p class="head">
<?php
echo $outerror;
$out;
?>
</p>

<p class="content">
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data">
<table>
<tr>
<td style="vertical-align: middle"><b>NAME</b></td>
<td><input type="text" name="gal_name" class="upload" maxlength="60" value="" /></td>
</tr>
<tr>
<td style="vertical-align: middle"><b>FILE</b></td>
<td><input type="file" name="file" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Submit" /></td>
</tr>
</table>
</form>
</p>

 

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3913446 posted 12:00 pm on May 14, 2009 (gmt 0)

Is this a parsing problem? because you are missing a closing curly bracket where the php portion ends. So it should been

$out .= "<img src=\"".$url['gal_url']."\">";
}
}

geeklike

5+ Year Member



 
Msg#: 3913446 posted 1:56 pm on May 14, 2009 (gmt 0)

That was definitely a problem, but now I fixed that, and it uploads - it just doesn't add it to the database :/

dreamcatcher

WebmasterWorld Senior Member dreamcatcher us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3913446 posted 2:10 pm on May 14, 2009 (gmt 0)

To see where the query is failing do:

$result=mysql_query($query) or die(mysql_error());

Might be a single quote in your gallery name? Always wrap incoming post data using mysql_real_escape_string [uk.php.net].

$_POST = array_map('mysql_real_escape_string',$_POST);

dc

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3913446 posted 2:37 pm on May 14, 2009 (gmt 0)

can you make sure your are using the same values from the form?

instead of
$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$galname')";

should been

$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$gal_name')";
assuming register globals are on. Also in terms of security you should do some filtering on the posted data as mentioned.

geeklike

5+ Year Member



 
Msg#: 3913446 posted 10:38 am on May 15, 2009 (gmt 0)

Thanks, it's working now - except that when it uploads to the database, it doesn't put anything in the name-column.

My PHP now looks like this (HTML is still the same);
session_start();
//if($_GET['c']==1) unset($_SESSION['state']);

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))
{
$valid="yes";
// Check uploaded file
if($_FILES['file']['type']!="image/jpeg")
{
$outerror .= "Wrong type.<br />";
$valid="no";
}
if($_FILES['file']['size'] > 50000)
{
$outerror .= "Too big.<br />";
$valid="no";
}
if(file_exists("img/".$_FILES['file']['name']))
{
$outerror .= "File's there already.<br/>";
$valid="no";
}

if($valid=="yes")
{
move_uploaded_file($_FILES['file']['tmp_name'], "img/".$_FILES['file']['name']);
$outerror .= "Well done.";
// add to database
$path = "img/" . $_FILES['file']['name'];

include("inc/db_connect.inc");
$query="INSERT INTO gallery(gal_id, gal_img, gal_name) VALUES ('', '$path', '$gal_name')";
$result=mysql_query($query) or die(mysql_error());
$last_id=mysql_insert_id();

$img_query="SELECT * FROM gallery WHERE gal_id='$last_id'";
$img_result=mysql_query($img_query);
$img_data=mysql_fetch_assoc($img_result);
$out .= "<img src=\"".$url['gal_url']."\">";

}
}

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3913446 posted 8:38 am on May 16, 2009 (gmt 0)

try after this
$path = "img/" . $_FILES['file']['name'];

to load the $gal_name like
$gal_name = mysql_real_escape_string($_POST['gal_name']);

geeklike

5+ Year Member



 
Msg#: 3913446 posted 10:50 am on May 16, 2009 (gmt 0)

It now says;

"Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in /usr/home/server/public_html/thingy.php on line 32

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /usr/home/server/public_html/thingy.php on line 32"

-line 32 being "$gal_name = mysql_real_escape_string($_POST['gal_name']);"

[edited by: dreamcatcher at 7:31 am (utc) on May 17, 2009]
[edit reason] Removed specifics [/edit]

dreamcatcher

WebmasterWorld Senior Member dreamcatcher us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3913446 posted 7:30 am on May 17, 2009 (gmt 0)

Your connection information is incorrect. The script cannot connect to the database.

dc

geeklike

5+ Year Member



 
Msg#: 3913446 posted 9:32 am on May 17, 2009 (gmt 0)

It could connect and put things into the database before I put the mysql_real_escape_string()-line in there. I didn't change anything about the connection information; it's in another file entirely, so that doesn't make sense.

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3913446 posted 9:42 am on May 17, 2009 (gmt 0)

Ok can you move that line

$gal_name = mysql_real_escape_string($_POST['gal_name']);

after the db connect, I presume after this line

include("inc/db_connect.inc");

max4

5+ Year Member



 
Msg#: 3913446 posted 1:16 pm on May 17, 2009 (gmt 0)

Hello,

The mysql_real_escape_string() function should be placed in the query. Try this:
[fixed]
$gal_name = $_POST['gal_name'];
$query="INSERT INTO gallery (gal_id, gal_img, gal_name) VALUES ('', '$path', '" . mysql_real_escape_string($gal_name) . "')";
[/fixed]

geeklike

5+ Year Member



 
Msg#: 3913446 posted 3:08 pm on May 17, 2009 (gmt 0)

I tried what you guys suggested, but it still doesn't put a name in the database :/

max4

5+ Year Member



 
Msg#: 3913446 posted 10:14 pm on May 17, 2009 (gmt 0)

This part looks a little off to me:

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))

What happens if you try this instead:

if(!isset($_SESSION['state']))
{
$_SESSION['state'] = 0;
}
else
{
Rest of stuff
}

geeklike

5+ Year Member



 
Msg#: 3913446 posted 1:34 pm on May 18, 2009 (gmt 0)

Still doesn't work better than before :/

max4

5+ Year Member



 
Msg#: 3913446 posted 1:58 pm on May 18, 2009 (gmt 0)

Is it working though? And what happens with the script? How was it working before and how would you like it to work now?

geeklike

5+ Year Member



 
Msg#: 3913446 posted 2:47 pm on May 18, 2009 (gmt 0)

It's kinda working, yea. It's not working better or worse than before - it's still uploading the images to the right folder, and putting things into the database, it just doesn't add whatever was put into the field Name. The script is working, except for that tiny little detail.

dreamcatcher

WebmasterWorld Senior Member dreamcatcher us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3913446 posted 3:08 pm on May 18, 2009 (gmt 0)

It could connect and put things into the database before I put the mysql_real_escape_string()-line in there. I didn't change anything about the connection information; it's in another file entirely, so that doesn't make sense.

mysql_real_escape_string assumes a database connection is in place. You must have placed the code before the connection.

Try looking at your post array when you process to see whats coming in:

echo '<pre>';
print_r($_POST);
echo '</pre>';

Do you see the gal_name array key? Also, is your database field the correct field type to accept text?

dc

max4

5+ Year Member



 
Msg#: 3913446 posted 4:53 pm on May 18, 2009 (gmt 0)

Where do you define $gal_name? As enigma pointed out, it should be defined after your connection include because as dreamcatcher stated the mysql_real_escape_string() function assumes a database connection is in place.

geeklike

5+ Year Member



 
Msg#: 3913446 posted 6:58 pm on May 18, 2009 (gmt 0)

max4, thanks - that was actually what was missing for this to work. Thanks, everybody! (:

max4

5+ Year Member



 
Msg#: 3913446 posted 1:35 am on May 19, 2009 (gmt 0)

You're quite welcome geeklike. I'm glad that it is working now, and I'm happy that I could help.

Good luck,
Mohamed

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved