PHP RSS PHP RSS

problem with my file upload

Reply

Join Date: Oct 2006
Posts: 90
Reputation: dami06 is an unknown quantity at this point 
Solved Threads: 0
dami06 dami06 is offline Offline
Junior Poster in Training

problem with my file upload

 
0
  #1
Feb 11th, 2008
Hi,
I'm trying to upload a some files to a webpage im trying to crete but its giving me an error once i click the upload button it gives me this type of error

Uploading information to the system from a file

Student data is being uploaded.
DATABASE ERRORExecuting SQL :: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

These are my codes for the upload
load/index.php
php Syntax (Toggle Plain Text) 
  1. <?php
  2. /**
  3.  * 
  4.  * Short Description of the file
  5.  * 
  6.  * Long Description of the file (if any)...
  7.  * 
  8.  * 
  9.  */
  10.  
  11.  //get the include file required
  12.  require_once("../../include/inc_global.php");
  13.  
  14.  //set the page information
  15. $UI->page_title = APP__NAME;
  16. $UI->menu_selected = 'Admin';
  17. $UI->breadcrumbs = array ('home' => null);
  18.  
  19. $UI->head();
  20. ?>
  21. <script type=“text/javascript”>
  22. function changeFormAction()
  23. {
  24. 	var strContentType = document.fileLoad.rdoFileContentType;
  25. 	var srtSeparator = document.fileLoad.rdoFileSeperator;
  26. 	document.getElementById("fileLoad").action = '../../tmp/readfile.php?rdoFileContentType=' + strContentType + '&rdoFileSeperator=' +rdoFileSeperator;
  27. 	return true;
  28. }
  29. </script>
  30. <?php
  31. $UI->body();
  32. $UI->content_start();
  33. //build the content to be written to the screen
  34.  
  35. $page_intro = 'You can upload the data the system requires from this page';
  36. $filename = 'Enter the file name to be used:';
  37. $filecontent = 'Select the type of information you are uploading:<br>(This must follow the rules for the files and not contain any column headings)';
  38. $filecontenttype = array(3);
  39. $filecontenttype[1] = array('screen'=>'<b>Student Data</b><br>[institutional_reference, user_id, lastname, forename, email, module_code, password]', 'value'=>'1',);
  40. $filecontenttype[2] = array('screen'=>'<b>Staff Data</b><br>[institutional_reference, user_id, lastname, forename, email, module_code, password, admin]', 'value'=>'2',);
  41. $filecontenttype[3] = array('screen'=>'<b>Module Data</b><br>[module_code, module_title]', 'value'=>'3',);
  42. $fileseparator = 'Select the type of file separator that has been used:';
  43. $separator = array(3);
  44. $separator[1] = array('screen'=> 'Comma separated', 'value'=>',',);
  45. $separator[2] = array('screen'=> 'Tab separated', 'value'=>'\t',);
  46. $separator[3] = array('screen'=> 'Semi-colon', 'value'=>';',);
  47.  
  48. $btn_name = 'Upload';
  49. $pasteinstruction ='Copy and paste the contents of the file you want to add to the system';
  50.  
  51. ?>
  52. <p><?php echo $page_intro; ?></p>
  53. <form id="fileLoad" enctype="multipart/form-data" action="../../tmp/readfile.php" method="POST" onsubmit="return changeFormAction()">
  54. <div class="content_box">
  55. <h2>Upload data via a file</h2>
  56. <input type="hidden" name="MAX_FILE_SIZE" value="500000" />
  57. 	<table class="option_list" style="width: 500px;">
  58. 	<tr>
  59. 		<td width='50%'>
  60. 			<?php echo $filename; ?>
  61. 		</td>
  62. 		<td>
  63. 			<input name="uploadedfile" type="file" />
  64. 		</td>
  65. 	</tr>
  66. 	<tr>
  67. 		<td>
  68. 			<?php echo $filecontent; ?>
  69. 		</td>
  70. 		<td>
  71. 			<?php 
  72. 				for($checkbox = 1; $checkbox<= count($filecontenttype)-1; $checkbox++){
  73.  
  74. 					echo '<input type="radio" name="rdoFileContentType" value="';
  75. 					echo $filecontenttype[$checkbox]['value']; 	
  76. 					echo '">';
  77. 					echo $filecontenttype[$checkbox]['screen'];
  78. 					echo '<br/>';
  79. 				}	
  80. 			?>
  81. 		</td>
  82. 	</tr>
  83. 	<tr>
  84. 		<td>
  85. 			<?php echo $fileseparator; ?>
  86. 		</td>
  87. 		<td>
  88. 			<?php 
  89. 				for($checkbox = 1; $checkbox<= count($filecontenttype)-1; $checkbox++){
  90. 					echo '<input type="radio" name="rdoFileSeperator" value="';
  91. 					echo $separator[$checkbox]['value']; 	
  92. 					echo '">';
  93. 					echo $separator[$checkbox]['screen'];
  94. 					echo '<br/>';
  95. 				}	
  96. 			?>
  97. 		</td>
  98. 	</tr>
  99. 	<tr>
  100. 		<td>
  101. 		</td>
  102. 		<td>
  103. 	  		<input type="submit" name="btnUpload" value="<?php echo $btn_name; ?>"/>
  104. 		</td>
  105. 	</tr>
  106. 	</table>
  107. </div>
  108. </form>
  109. <form action="pasteread.php" method="POST">
  110. <div class="content_box">
  111.  
  112.   <h2>Upload via 'cut and paste'</h2>
  113.  
  114. 	<table class="option_list" style="width: 500px;">
  115. 	<tr>
  116. 		<td>
  117. 			<?php echo $pasteinstruction; ?>
  118. 		</td>
  119. 		<td>
  120. 			<textarea name="txtPasteData" rows="10" cols="50"></textarea>
  121. 		</td>
  122. 	</tr>
  123. 	<tr>
  124. 		<td>
  125. 			<?php echo $filecontent; ?>
  126. 		</td>
  127. 		<td>
  128. 			<?php 
  129. 				for($checkbox = 1; $checkbox<= count($filecontenttype)-1; $checkbox++){
  130.  
  131. 					echo '<input type="radio" name="rdoFileContentType" value="';
  132. 					echo $filecontenttype[$checkbox]['value']; 	
  133. 					echo '">';
  134. 					echo $filecontenttype[$checkbox]['screen'];
  135. 					echo '<br/>';
  136. 				}	
  137. 			?>
  138. 		</td>
  139. 	</tr>
  140. 	<tr>
  141. 		<td>
  142. 		</td>
  143. 		<td>
  144. 	  		<input type="submit" name="btnUpload" value="<?php echo $btn_name; ?>"/>
  145. 		</td>
  146. 	</tr>
  147. 	</table>
  148. </div>
  149. </form>
  150. <?php
  151. $UI->content_end();
  152.  
  153. ?>

load/pasteread.php
php Syntax (Toggle Plain Text) 
  1. <?php
  2. /**
  3.  * 
  4.  * Take the information from the pasted information and add to the database
  5.  * 
  6.  * 
  7.  */
  8.  
  9.   //get the include file required
  10.  require_once("../../include/inc_global.php");
  11.  
  12.  
  13.  //functions
  14.  
  15.  /**
  16.   * Function separate
  17.   * 
  18.   * The function takes a string with two delimiters 
  19.   * One delimiter is for the end of a line / row
  20.   * The second delimiter is for the individual fields which make up a row
  21.   * The function then returns a 2D array of the results
  22.   * 
  23.   * @param string $orig_str
  24.   * @param chr $line_delimiter
  25.   * @param chr $field_delimiter
  26.   * 
  27.   * @return array | boolean 2D array of the rows and fields
  28.   */
  29.   function separate ($orig_str, $line_delimiter, $field_delimiter){
  30. 	 //get array of rows
  31.  
  32. 	 $rows = explode($line_delimiter, $orig_str);
  33.  
  34. 	 $num_rows = count($rows);
  35. 	 for($i = 0; $i<$num_rows; $i++){
  36. 	 	$rows[$i] = explode($field_delimiter, $rows[$i]);
  37. 	 }
  38.  
  39. 	 return $rows;
  40.  }
  41.  
  42.  /**
  43.   * Function identify_delimiter
  44.   * 
  45.   * function returns the delimiter if found or 0 is not found in the string
  46.   * 
  47.   * @param string $source
  48.   * @param chr	$delimiter
  49.   * 
  50.   * @return array | boolean
  51.   */
  52.  function identify_delimiter($source,$delimiter){
  53. 	if (!( strpos($source, $delimiter)) === false){
  54. 		return $delimiter;	 
  55.  	}
  56. }
  57.  
  58.  
  59.  /**
  60.   * Function to return the SQL to be run
  61.   * 
  62.   * @param array $row_result
  63.   * @param array $datatype
  64.   * @param int $data_type
  65.   * 
  66.   * @return array
  67.   */
  68.   function build_sql($row_result,$data_type, $datatype){
  69.   	 	$queryData = array();
  70.  
  71.  		switch ($data_type){
  72. 				case 1:	
  73. 				//student
  74. 					$queryData[0] = "user (user_type, institutional_reference, lastname, forename, email)";
  75. 					$queryData[1] =  $datatype[$data_type]. "','" . $row_result[0] . "','" . $row_result[1]. "','" . 
  76. 									 $row_result[2] . "','" . $row_result[3];
  77. 					$queryData[2] = $row_result[4];
  78. 					break;
  79. 				case  2:
  80. 				//staff
  81. 					$queryData[0] = "user (user_type, institutional_reference, lastname, forename, email)";
  82. 					$queryData[1] =  $datatype[$data_type]. "','" . $row_result[0] . "','" . $row_result[1]. "','" . 
  83. 									 $row_result[2] . "','" . $row_result[3];
  84. 					$queryData[2] = $row_result[4];
  85. 					break;
  86. 				case  3:
  87. 				//module
  88. 					$queryData[0] = "module (module_code, module_title)";
  89. 					$queryData[1] = $row_result[0] . "','" . $row_result[1];
  90. 					$queryData[2] = $row_result[4];
  91. 					break;
  92. 				default:
  93. 					$queryData[0] = "";
  94. 					$queryData[1] = "";
  95. 					$queryData[2] = "";
  96.  		}
  97.  
  98.  		return $queryData;
  99.  
  100.   }
  101.  
  102.  //set defined areas
  103.  $datatype = array (1=>'Student',
  104. 				   2=>'Staff',
  105. 				   3=>'Module',);
  106.  
  107.  $delimiter = "";
  108.  $line_terminal ="";
  109.  $find_tab = chr(9);
  110.  $find_linefeed = chr(10);
  111.  $find_carrage_return = chr(13);
  112.  $find_comma = chr(44);
  113.  
  114.  //strings for out put to the screen
  115.  $page_title = "Uploading data";
  116.  $page_intro = "The data is being read by capat.";
  117.  $none_delimiter = "There are no recognised separators in the text supplied";
  118.  $fail_separate = "It has not been possible to read the information";
  119.  $fail_read = "It has not been possible to read the information pasted";
  120.  $sucess = "The data has been loaded sucessfully.";
  121.  $no_module_match = "It has not been possible to match the user with a module you will need to do this separately.";
  122.  
  123.  
  124.  //get the info from the post
  125.  $paste_text = $_POST['txtPasteData'];
  126.  $data_type = $_POST['rdoFileContentType'];
  127.  
  128.  
  129. $UI->page_title = APP__NAME;
  130. $UI->menu_selected = 'Admin';
  131. $UI->breadcrumbs = array ('home' => null);
  132. $UI->head();
  133. $UI->body();
  134. $UI->content_start();
  135.  ?>
  136.  <div class="content_box">
  137.  <?php 
  138.  //look for the delimiter between the fields
  139.  //see if it is a tab character
  140.  $delimiter = identify_delimiter($paste_text,$find_tab);
  141.  
  142.  if ($delimiter === 0){
  143.  	//see if it is a comma
  144.  	 $delimiter = identify_delimiter($paste_text,$find_comma);
  145.  	  if ($delimiter === 0){
  146.  	  	echo '<div class="error_box"><p>' . $none_delimiter . '</p></div>';
  147.  	  }
  148.  }
  149.  
  150.  //look for the delimiter between the rows
  151.  //see if there is a line feed
  152.  $line_terminal = identify_delimiter($paste_text,$find_linefeed);
  153.  
  154.  if ($line_terminal === 0){
  155.  	//see if it is a carrage return
  156.  	 $line_terminal = identify_delimiter($paste_text,$find_carrage_return);
  157.  
  158.  	  if ($line_terminal === 0){
  159.  	  	echo '<div class="error_box"><p>' . $none_delimiter . ' rows</p></div>';
  160.  	  }
  161.  
  162.  }
  163.  
  164.  //break string into an array
  165.  if ($line_terminal && $delimiter){
  166.  
  167.  	$result = separate($paste_text, $line_terminal, $delimiter);
  168.  
  169.  	//with the results we need to id the type of data being uploaded
  170.  	echo 'The data being lodaded is: ' . $datatype[$data_type];
  171.  
  172.  	$total_results = count($result);
  173.  
  174.  	for ($results = 0; $results < $total_results; $results++){
  175.  		$row_result = array();
  176.  		$row_result = $result[$results];
  177.  
  178.  		$query = build_sql($row_result,$data_type, $datatype);
  179.  
  180.  		if (!$query[2]==""){
  181.  			$SQL = "INSERT INTO ". $query[0] ." VALUES ('". $query[1] ."');";
  182.  
  183. 			$execute = $DB->execute($SQL);
  184.  
  185. 			$insert_pos = $DB->get_insert_id();
  186.  
  187. 			//get the module ID
  188. 			$SQL = "SELECT module_id FROM module WHERE module_code = '" . $query[2]."';";
  189. 			$returned = $DB->fetch_row($SQL);
  190.  
  191.  
  192. 			//handle their being no module ID
  193. 			if (!is_array($returned)){
  194. 				echo '<div class="error_box"><p>' . $no_module_match . '</p></div>';
  195. 			}else{
  196. 				//import the user module info
  197. 				$insert = "INSERT INTO user_module (user_id, module_id) VALUES ('" .  $insert_pos . "','" . $returned['module_id'] . "');";
  198. 				$comp = $DB->execute($insert);	
  199. 			}
  200.  
  201.  		}else{
  202.  			$SQL = "INSERT INTO module (module_code, module_title) VALUES ('". $row_result[0] ."','". mysql_real_escape_string($row_result[1]) ."');";
  203. 			$insert = $DB->execute($SQL);
  204.  		}
  205. 	}
  206.  
  207.  	echo '<p>' . $sucess . '</p>';
  208.  
  209.  }else{
  210.  	echo '<div class="error_box"><p>' . $fail_separate . '</p></div>';
  211.  }
  212.  ?></div><?php
  213. $UI->content_end(); 
  214. ?>

any help would be really appreciated..thanks
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 84
Reputation: johnsquibb is an unknown quantity at this point 
Solved Threads: 14
johnsquibb's Avatar
johnsquibb johnsquibb is offline Offline
Junior Poster in Training

Re: problem with my file upload

 
0
  #2
Feb 11th, 2008
I don't really have the time to read through all your code, but I will tell you that I usually get this error as the result of special characters inside of my sql statements (i.e. a -,&,%, !, etc where they don't belong). This could also be due to a stray apostrophe, quote, etc. Make sure you filter your posted data from the form input for apostrophes, like so:

PHP Syntax (Toggle Plain Text) 
  1.  
  2.  //get the info from the post
  3.  $paste_text = addslashes($_POST['txtPasteData']);
  4.  $data_type = addslashes($_POST['rdoFileContentType']);

there may be something else awry, but it could be as simple as that
Reply With Quote Quick reply to this message  
Join Date: Oct 2006
Posts: 90
Reputation: dami06 is an unknown quantity at this point 
Solved Threads: 0
dami06 dami06 is offline Offline
Junior Poster in Training

Re: problem with my file upload

 
0
  #3
Feb 12th, 2008
ok i'll try that..thanks
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the PHP Forum
Thread Tools Search this Thread



.htaccess alexa apache api array beginner beneath binary broadband broken cakephp checkbox class cms code convert cron curl database date display dynamic echo email emptydisplayvalue encode error fcc file files folder form forms function functions google howtowriteathesis href htaccess html image images include insert ip javascript joomla key keywords limit link login mail mail() memberships menu mlm multiple multipletables mysql mysql_real_escape_string network oop open passwords paypal pdf php provider query radio random redirect remote rss script search securephp server sessions smtp source space sql strip_tags syntax system table template tutorial update upload url user validator variable video voteup web youtube
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC