Welcome to WebmasterWorld Guest from 54.198.87.238

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Upload picture in PHP

     
11:34 am on May 14, 2009 (gmt 0)

5+ Year Member



Hi,

I have a problem with uploading pictures to the site, as well as adding them to the database. I had a working script for just uploading a picture, and was trying to implement a text-field so you could add a name for the picture too, but now it won't work, no matter what I do. Help, anyone?

The PHP-bit;
session_start();
//if($_GET['c']==1) unset($_SESSION['state']);

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))
{
$valid="yes";
// Check uploaded file
if($_FILES['file']['type']!="image/jpeg")
{
$outerror .= "Wrong type.<br />";
$valid="no";
}
if($_FILES['file']['size'] > 50000)
{
$outerror .= "Too big.<br />";
$valid="no";
}
if(file_exists("img/".$_FILES['file']['name']))
{
$outerror .= "File's there already.<br/>";
$valid="no";
}

if($valid=="yes")
{
move_uploaded_file($_FILES['file']['tmp_name'], "img/".$_FILES['file']['name']);
$outerror .= "Well done.";
// add to database
$path = "img/" . $_FILES['file']['name'];

include("inc/db_connect.php");
$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$galname')";
$result=mysql_query($query);
$last_id=mysql_insert_id();

$img_query="SELECT * FROM gallery WHERE gal_id='$last_id'";
$img_result=mysql_query($img_query);
$img_data=mysql_fetch_assoc($img_result);
$out .= "<img src=\"".$url['gal_url']."\">";
}

The HTML-bit;
<p class="head">
<?php
echo $outerror;
$out;
?>
</p>

<p class="content">
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data">
<table>
<tr>
<td style="vertical-align: middle"><b>NAME</b></td>
<td><input type="text" name="gal_name" class="upload" maxlength="60" value="" /></td>
</tr>
<tr>
<td style="vertical-align: middle"><b>FILE</b></td>
<td><input type="file" name="file" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Submit" /></td>
</tr>
</table>
</form>
</p>

12:00 pm on May 14, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Is this a parsing problem? because you are missing a closing curly bracket where the php portion ends. So it should been

$out .= "<img src=\"".$url['gal_url']."\">";
}
}

1:56 pm on May 14, 2009 (gmt 0)

5+ Year Member



That was definitely a problem, but now I fixed that, and it uploads - it just doesn't add it to the database :/
2:10 pm on May 14, 2009 (gmt 0)

WebmasterWorld Senior Member dreamcatcher is a WebmasterWorld Top Contributor of All Time 10+ Year Member



To see where the query is failing do:

$result=mysql_query($query) or die(mysql_error());

Might be a single quote in your gallery name? Always wrap incoming post data using mysql_real_escape_string [uk.php.net].

$_POST = array_map('mysql_real_escape_string',$_POST);

dc

2:37 pm on May 14, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



can you make sure your are using the same values from the form?

instead of
$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$galname')";

should been

$query="INSERT INTO gallery(gal_id, gal_url, gal_name) VALUES ('', '$path', '$gal_name')";
assuming register globals are on. Also in terms of security you should do some filtering on the posted data as mentioned.

10:38 am on May 15, 2009 (gmt 0)

5+ Year Member



Thanks, it's working now - except that when it uploads to the database, it doesn't put anything in the name-column.

My PHP now looks like this (HTML is still the same);
session_start();
//if($_GET['c']==1) unset($_SESSION['state']);

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))
{
$valid="yes";
// Check uploaded file
if($_FILES['file']['type']!="image/jpeg")
{
$outerror .= "Wrong type.<br />";
$valid="no";
}
if($_FILES['file']['size'] > 50000)
{
$outerror .= "Too big.<br />";
$valid="no";
}
if(file_exists("img/".$_FILES['file']['name']))
{
$outerror .= "File's there already.<br/>";
$valid="no";
}

if($valid=="yes")
{
move_uploaded_file($_FILES['file']['tmp_name'], "img/".$_FILES['file']['name']);
$outerror .= "Well done.";
// add to database
$path = "img/" . $_FILES['file']['name'];

include("inc/db_connect.inc");
$query="INSERT INTO gallery(gal_id, gal_img, gal_name) VALUES ('', '$path', '$gal_name')";
$result=mysql_query($query) or die(mysql_error());
$last_id=mysql_insert_id();

$img_query="SELECT * FROM gallery WHERE gal_id='$last_id'";
$img_result=mysql_query($img_query);
$img_data=mysql_fetch_assoc($img_result);
$out .= "<img src=\"".$url['gal_url']."\">";

}
}

8:38 am on May 16, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



try after this
$path = "img/" . $_FILES['file']['name'];

to load the $gal_name like
$gal_name = mysql_real_escape_string($_POST['gal_name']);

10:50 am on May 16, 2009 (gmt 0)

5+ Year Member



It now says;

"Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in /usr/home/server/public_html/thingy.php on line 32

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /usr/home/server/public_html/thingy.php on line 32"

-line 32 being "$gal_name = mysql_real_escape_string($_POST['gal_name']);"

[edited by: dreamcatcher at 7:31 am (utc) on May 17, 2009]
[edit reason] Removed specifics [/edit]

7:30 am on May 17, 2009 (gmt 0)

WebmasterWorld Senior Member dreamcatcher is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Your connection information is incorrect. The script cannot connect to the database.

dc

9:32 am on May 17, 2009 (gmt 0)

5+ Year Member



It could connect and put things into the database before I put the mysql_real_escape_string()-line in there. I didn't change anything about the connection information; it's in another file entirely, so that doesn't make sense.
9:42 am on May 17, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Ok can you move that line

$gal_name = mysql_real_escape_string($_POST['gal_name']);

after the db connect, I presume after this line

include("inc/db_connect.inc");

1:16 pm on May 17, 2009 (gmt 0)

5+ Year Member



Hello,

The mysql_real_escape_string() function should be placed in the query. Try this:

[fixed]
$gal_name = $_POST['gal_name'];
$query="INSERT INTO gallery (gal_id, gal_img, gal_name) VALUES ('', '$path', '" . mysql_real_escape_string($gal_name) . "')";
[/fixed]
3:08 pm on May 17, 2009 (gmt 0)

5+ Year Member



I tried what you guys suggested, but it still doesn't put a name in the database :/
10:14 pm on May 17, 2009 (gmt 0)

5+ Year Member



This part looks a little off to me:

if(!isset($_SESSION['state'])) $_SESSION['state'] = 0;
elseif(isset($_FILES))

What happens if you try this instead:

if(!isset($_SESSION['state']))
{
$_SESSION['state'] = 0;
}
else
{
Rest of stuff
}

1:34 pm on May 18, 2009 (gmt 0)

5+ Year Member



Still doesn't work better than before :/
1:58 pm on May 18, 2009 (gmt 0)

5+ Year Member



Is it working though? And what happens with the script? How was it working before and how would you like it to work now?
2:47 pm on May 18, 2009 (gmt 0)

5+ Year Member



It's kinda working, yea. It's not working better or worse than before - it's still uploading the images to the right folder, and putting things into the database, it just doesn't add whatever was put into the field Name. The script is working, except for that tiny little detail.
3:08 pm on May 18, 2009 (gmt 0)

WebmasterWorld Senior Member dreamcatcher is a WebmasterWorld Top Contributor of All Time 10+ Year Member



It could connect and put things into the database before I put the mysql_real_escape_string()-line in there. I didn't change anything about the connection information; it's in another file entirely, so that doesn't make sense.

mysql_real_escape_string assumes a database connection is in place. You must have placed the code before the connection.

Try looking at your post array when you process to see whats coming in:

echo '<pre>';
print_r($_POST);
echo '</pre>';

Do you see the gal_name array key? Also, is your database field the correct field type to accept text?

dc

4:53 pm on May 18, 2009 (gmt 0)

5+ Year Member



Where do you define $gal_name? As enigma pointed out, it should be defined after your connection include because as dreamcatcher stated the mysql_real_escape_string() function assumes a database connection is in place.
6:58 pm on May 18, 2009 (gmt 0)

5+ Year Member



max4, thanks - that was actually what was missing for this to work. Thanks, everybody! (:
1:35 am on May 19, 2009 (gmt 0)

5+ Year Member



You're quite welcome geeklike. I'm glad that it is working now, and I'm happy that I could help.

Good luck,
Mohamed

 

Featured Threads

Hot Threads This Week

Hot Threads This Month