Forum Moderators: coopster
Please could somebody help me out with this script.
I want it to upload all the details into the db, and the image into a folder, storing the image name, size and path on server into db.
For some reason though, it doesn't upload the image, or store any of the image details in db, just the other details.
Here is the code...
<?php require_once('../../Connections/localhost.php');?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc()? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string")? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue!= "")? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue!= "")? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue!= "")? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue!= "")? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue!= "")? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$target_path = "../plants/";
$target_path = $target_path . basename( $_FILES['userfile']['image_name']);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['userfile']['image_name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
if(isset($_POST['upload']))
{
$fileImagename = $_FILES['userfile']['image_name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileImagesize = $_FILES['userfile']['image_size'];
$fileImagetype = $_FILES['userfile']['image_type'];
$filePlantname = $_POST['userfile']['plant_name'];
$filePlanttype = $_POST['userfile']['plant_type'];
$filePlantmonth = $_POST['userfile']['planting_months'];
$fileBloomseason = $_POST['userfile']['blooming_season'];
$filePlantdesc = $_POST['userfile']['plant_description'];
}
$filePath = $uploadDir . $fileImagename;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
if(!get_magic_quotes_gpc())
{
$fileImagename = addslashes($fileImagename);
$filePath = addslashes($filePath);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "upload")) {
$insertSQL = sprintf("INSERT INTO plants (image_name, image_type, image_size, path, plant_name, plant_type, planting_months, blooming_season, plant_description) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['plant_name'], "text"),
GetSQLValueString($_POST['plant_type'], "text"),
GetSQLValueString($_POST['planting_months'], "text"),
GetSQLValueString($_POST['blooming_season'], "text"),
GetSQLValueString($_POST['plant_description'], "text"));
mysql_select_db($database_localhost, $localhost);
$Result1 = mysql_query($insertSQL, $localhost) or die(mysql_error());
$insertGoTo = "plants.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?'))? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
<?php
mysql_select_db($database_localhost, $localhost);
$query_Recordset1 = "SELECT plant_name, plant_type, planting_months, blooming_season, plant_description FROM plants";
$Recordset1 = mysql_query($query_Recordset1, $localhost) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<link href="../../css/stylesheet.css" rel="stylesheet" type="text/css">
<form action="<?php echo $editFormAction;?>" method="POST" enctype="multipart/form-data" name="upload" id="upload">
<p align="center"><span class="bottomnav">Plant Name</span><br>
<input name="plant_name" type="text" class="logintext" id="plant_name" size="20" maxlength="50">
</p>
<p align="center"><span class="bottomnav">Plant Type </span><br>
<input name="plant_type" type="text" class="logintext" id="plant_type" size="20" maxlength="50">
</p>
<p align="center"><span class="bottomnav">Planting Month(s)</span><br>
<input name="planting_months" type="text" class="logintext" id="planting_months" size="20" maxlength="20">
</p>
<p align="center"><span class="bottomnav">Blooming Season</span><br>
<input name="blooming_season" type="text" class="logintext" id="blooming_season" size="20" maxlength="20">
</p>
<p align="center"><span class="bottomnav">Plant Description</span><br>
<textarea name="plant_description" cols="40" rows="6" class="logintext" id="plant_description"></textarea>
</p>
<p align="center"><span class="bottomnav">Image</span><br>
<input name="userfile" type="file" class="loginbutton" id="userfile">
</p>
<p align="center">
<input name="Submit" type="submit" class="loginbutton" value="Submit">
</p>
<input type="hidden" name="MM_insert" value="upload">
</form>
<?php
mysql_free_result($Recordset1);
?>
Many Thanks,
Steve
You're using sprintf to assemble your sql statement but you're only giving it 5 arguments.
It should read more like:
$insertSQL = sprintf("INSERT INTO plants (image_name, image_type, image_size, path, plant_name, plant_type, planting_months, blooming_season, plant_description) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)",
$fileImagename,
$fileImagetype,
$fileImagesize,
$filePath,
GetSQLValueString($_POST['plant_name'], "text"),
GetSQLValueString($_POST['plant_type'], "text"),
GetSQLValueString($_POST['planting_months'], "text"),
GetSQLValueString($_POST['blooming_season'], "text"),
GetSQLValueString($_POST['plant_description'], "text"));
The output messages should give you some tips about the part of the code where the problem occurs.
Can you provide any of those?
