homepage Welcome to WebmasterWorld Guest from 54.81.170.186
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Upload picture in PHP
geeklike




msg:3913448
 11:34 am on May 14, 2009 (gmt 0)

Hi,

I have a problem with uploading pictures to the site, as well as adding them to the database. I had a working script for just uploading a picture, and was trying to implement a text-field so you could add a name for the picture too, but now it won't work, no matter what I do. Help, anyone?

The PHP-bit;
session_start();
//if($_GET['c']==1) unset($_SESSION['state']);

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))
{
$valid="yes";
// Check uploaded file
if($_FILES['file']['type']!="image/jpeg")
{
$outerror .= "Wrong type.<br />";
$valid="no";
}
if($_FILES['file']['size'] > 50000)
{
$outerror .= "Too big.<br />";
$valid="no";
}
if(file_exists("img/".$_FILES['file']['name']))
{
$outerror .= "File's there already.<br/>";
$valid="no";
}

if($valid=="yes")
{
move_uploaded_file($_FILES['file']['tmp_name'], "img/".$_FILES['file']['name']);
$outerror .= "Well done.";
// add to database
$path = "img/" . $_FILES['file']['name'];

include("inc/db_connect.php");
$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$galname')";
$result=mysql_query($query);
$last_id=mysql_insert_id();

$img_query="SELECT * FROM gallery WHERE gal_id='$last_id'";
$img_result=mysql_query($img_query);
$img_data=mysql_fetch_assoc($img_result);
$out .= "<img src=\"".$url['gal_url']."\">";
}

The HTML-bit;
<p class="head">
<?php
echo $outerror;
$out;
?>
</p>

<p class="content">
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data">
<table>
<tr>
<td style="vertical-align: middle"><b>NAME</b></td>
<td><input type="text" name="gal_name" class="upload" maxlength="60" value="" /></td>
</tr>
<tr>
<td style="vertical-align: middle"><b>FILE</b></td>
<td><input type="file" name="file" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Submit" /></td>
</tr>
</table>
</form>
</p>

 

enigma1




msg:3913474
 12:00 pm on May 14, 2009 (gmt 0)

Is this a parsing problem? because you are missing a closing curly bracket where the php portion ends. So it should been

$out .= "<img src=\"".$url['gal_url']."\">";
}
}

geeklike




msg:3913537
 1:56 pm on May 14, 2009 (gmt 0)

That was definitely a problem, but now I fixed that, and it uploads - it just doesn't add it to the database :/

dreamcatcher




msg:3913546
 2:10 pm on May 14, 2009 (gmt 0)

To see where the query is failing do:

$result=mysql_query($query) or die(mysql_error());

Might be a single quote in your gallery name? Always wrap incoming post data using mysql_real_escape_string [uk.php.net].

$_POST = array_map('mysql_real_escape_string',$_POST);

dc

enigma1




msg:3913568
 2:37 pm on May 14, 2009 (gmt 0)

can you make sure your are using the same values from the form?

instead of
$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$galname')";

should been

$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$gal_name')";
assuming register globals are on. Also in terms of security you should do some filtering on the posted data as mentioned.

geeklike




msg:3914257
 10:38 am on May 15, 2009 (gmt 0)

Thanks, it's working now - except that when it uploads to the database, it doesn't put anything in the name-column.

My PHP now looks like this (HTML is still the same);
session_start();
//if($_GET['c']==1) unset($_SESSION['state']);

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))
{
$valid="yes";
// Check uploaded file
if($_FILES['file']['type']!="image/jpeg")
{
$outerror .= "Wrong type.<br />";
$valid="no";
}
if($_FILES['file']['size'] > 50000)
{
$outerror .= "Too big.<br />";
$valid="no";
}
if(file_exists("img/".$_FILES['file']['name']))
{
$outerror .= "File's there already.<br/>";
$valid="no";
}

if($valid=="yes")
{
move_uploaded_file($_FILES['file']['tmp_name'], "img/".$_FILES['file']['name']);
$outerror .= "Well done.";
// add to database
$path = "img/" . $_FILES['file']['name'];

include("inc/db_connect.inc");
$query="INSERT INTO gallery(gal_id, gal_img, gal_name) VALUES ('', '$path', '$gal_name')";
$result=mysql_query($query) or die(mysql_error());
$last_id=mysql_insert_id();

$img_query="SELECT * FROM gallery WHERE gal_id='$last_id'";
$img_result=mysql_query($img_query);
$img_data=mysql_fetch_assoc($img_result);
$out .= "<img src=\"".$url['gal_url']."\">";

}
}

enigma1




msg:3914882
 8:38 am on May 16, 2009 (gmt 0)

try after this
$path = "img/" . $_FILES['file']['name'];

to load the $gal_name like
$gal_name = mysql_real_escape_string($_POST['gal_name']);

geeklike




msg:3914902
 10:50 am on May 16, 2009 (gmt 0)

It now says;

"Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in /usr/home/server/public_html/thingy.php on line 32

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /usr/home/server/public_html/thingy.php on line 32"

-line 32 being "$gal_name = mysql_real_escape_string($_POST['gal_name']);"

[edited by: dreamcatcher at 7:31 am (utc) on May 17, 2009]
[edit reason] Removed specifics [/edit]

dreamcatcher




msg:3915266
 7:30 am on May 17, 2009 (gmt 0)

Your connection information is incorrect. The script cannot connect to the database.

dc

geeklike




msg:3915277
 9:32 am on May 17, 2009 (gmt 0)

It could connect and put things into the database before I put the mysql_real_escape_string()-line in there. I didn't change anything about the connection information; it's in another file entirely, so that doesn't make sense.

enigma1




msg:3915278
 9:42 am on May 17, 2009 (gmt 0)

Ok can you move that line

$gal_name = mysql_real_escape_string($_POST['gal_name']);

after the db connect, I presume after this line

include("inc/db_connect.inc");

max4




msg:3915306
 1:16 pm on May 17, 2009 (gmt 0)

Hello,

The mysql_real_escape_string() function should be placed in the query. Try this:
[fixed]
$gal_name = $_POST['gal_name'];
$query="INSERT INTO gallery (gal_id, gal_img, gal_name) VALUES ('', '$path', '" . mysql_real_escape_string($gal_name) . "')";
[/fixed]

geeklike




msg:3915320
 3:08 pm on May 17, 2009 (gmt 0)

I tried what you guys suggested, but it still doesn't put a name in the database :/

max4




msg:3915493
 10:14 pm on May 17, 2009 (gmt 0)

This part looks a little off to me:

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))

What happens if you try this instead:

if(!isset($_SESSION['state']))
{
$_SESSION['state'] = 0;
}
else
{
Rest of stuff
}

geeklike




msg:3915758
 1:34 pm on May 18, 2009 (gmt 0)

Still doesn't work better than before :/

max4




msg:3915772
 1:58 pm on May 18, 2009 (gmt 0)

Is it working though? And what happens with the script? How was it working before and how would you like it to work now?

geeklike




msg:3915800
 2:47 pm on May 18, 2009 (gmt 0)

It's kinda working, yea. It's not working better or worse than before - it's still uploading the images to the right folder, and putting things into the database, it just doesn't add whatever was put into the field Name. The script is working, except for that tiny little detail.

dreamcatcher




msg:3915812
 3:08 pm on May 18, 2009 (gmt 0)

It could connect and put things into the database before I put the mysql_real_escape_string()-line in there. I didn't change anything about the connection information; it's in another file entirely, so that doesn't make sense.

mysql_real_escape_string assumes a database connection is in place. You must have placed the code before the connection.

Try looking at your post array when you process to see whats coming in:

echo '<pre>';
print_r($_POST);
echo '</pre>';

Do you see the gal_name array key? Also, is your database field the correct field type to accept text?

dc

max4




msg:3915879
 4:53 pm on May 18, 2009 (gmt 0)

Where do you define $gal_name? As enigma pointed out, it should be defined after your connection include because as dreamcatcher stated the mysql_real_escape_string() function assumes a database connection is in place.

geeklike




msg:3915941
 6:58 pm on May 18, 2009 (gmt 0)

max4, thanks - that was actually what was missing for this to work. Thanks, everybody! (:

max4




msg:3916152
 1:35 am on May 19, 2009 (gmt 0)

You're quite welcome geeklike. I'm glad that it is working now, and I'm happy that I could help.

Good luck,
Mohamed

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved