954,580 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
4 Months Ago
0

problem with upload image path to mysql

hi everyone,

i encounter problem when trying to create a form page to upload images to images folder and imagelocation will store information for the pathname where the image will be located ( will be used for display image in future)

the code below does not have any error when i trying to upload a image, but the images does not seems to appear in images folder and did not insert new row in mysql. appreciate if you could advice me where went wrong? sorry i am really new to php.

<?php
// Require the database connection:
require ('./includes/config.inc.php');
require (MYSQL);

if ($_SERVER['REQUEST_METHOD'] == 'POST'){    
	// cleaning title field    
	$title = ($_POST['title']);  
	$author = ($_POST['author']);
	$isbn = ($_POST['isbn']);
	$description = ($_POST['description']);
	$publisher = ($_POST['publisher']);
	$year = ($_POST['year']);
	$stock = ($_POST['stock']);
	$price = ($_POST['price']);
	$sold = ($_POST['sold']);
	
	$imagelocation = './images/';
if ($title == '') // if title is not set        
		$title = '(empty title)';// use (empty title) string    

	if (isset($_FILES['imagelocation']))        
	{                       
		if (!isset($msg)) // If there was no error            
		{                
			// Preparing data to be used in MySQL query                
			mysql_query("INSERT INTO Product1 SET 

title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'");                
			$msg = 'Success: image uploaded';            
		}        
	}        
	elseif (isset($_GET['title']))      // isset(..title) needed            
		$msg = 'Error: file not loaded';
			// to make sure we've using                                            
			// upload form, not form                                            
			// for deletion           
	if (isset($_POST['del'])) // If used selected some photo to delete        
	{                         // in 'uploaded images form';            
		$id = intval($_POST['del']);            
		mysql_query("DELETE FROM {$table} WHERE id=$id");            
		$msg = 'Photo deleted';        
	}    
	
}
?>

<html><head>
<title>Administration Page</title>
</head>
<body>
<?php
if (isset($msg)) // this is special section for                 
		// outputing message
{
?>
<p style="font-weight: bold;"><?=$msg?>

<a href="admin-upload.php">reload page</a>
<!-- I've added reloading link, because     
	refreshing POST queries is not good idea -->
</p>
<?php
}
?>
<h1>Administration Page
</h1>
<h2>Uploaded images:</h2>


</form>
<h2>Upload new image:</h2>
<form action="admin-upload.php" method="POST" enctype="multipart/form-data">
<label for="title">Title:</label>
<input type="text" name="title" id="title" size="64">
<label for="model">Author:</label>
<input type="text" name="author" id="author" size="64">
<label for="year">ISBN:</label>
<input type="text" name="isbn" id="isbn" size="64">
<label for="price">Description:</label>
<input type="text" name="description" id="description" size="64">
<label for="location">Publisher:</label>
<input type="text" name="publisher" id="publisher" size="64">
<label for="year">Year:</label>
<input type="text" name="year" id="year" size="64">
<label for="photo">Stock:</label>
<input type="text" name="stock" id="stock">
<label for="price">Price:</label>
<input type="text" name="price" id="price" size="64">
<label for="photo">Sold:</label>
<input type="text" name="sold" id="sold">


<label for="imagelocation">Photo:</label>
<input type="file" name="imagelocaton" id="imagelocation">

<input type="submit" value="upload">
</form>
           
</body>
</html>
issaru07
Light Poster
40 posts since Jan 2012
Reputation Points: 10
Solved Threads: 0
 
4 Months Ago
0

Don't understand that bracket around variables:

$title = $_POST['title'];
$author = $_POST['author'];
$isbn = $_POST['isbn'];
$description = $_POST['description'];
$publisher = $_POST['publisher'];
$year = $_POST['year'];
$stock = $_POST['stock'];
$price = $_POST['price'];
$sold = $_POST['sold'];

But don't know if this is a Solution try to addor die after the query.
Like:

mysql_query("INSERT INTO Product1 SET title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'") or die(mysql_error());
desup
Newbie Poster
24 posts since Jan 2012
Reputation Points: 10
Solved Threads: 5
 
4 Months Ago
0
Don't understand that bracket around variables:


The brackets around the variables is to do with the $_POST variable. When items are posted to a script they are all placed into an array. So these brackets state this part of the array.

mikulucky
Junior Poster in Training
85 posts since Jan 2012
Reputation Points: 41
Solved Threads: 13
 
4 Months Ago
0

I don't get the brackets thing either.

Anyway - you MUST clean your input ($_POST variables) before inserting them into an SQL query.

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
4 Months Ago
0

Oh I'm sorry, I miss read, didn't see the curved brackets. Yeah they don't make sense.

mikulucky
Junior Poster in Training
85 posts since Jan 2012
Reputation Points: 41
Solved Threads: 13
 
4 Months Ago
0

sorryfor the confusion.
was doing $title = trim(sql_safe($_POST['title'])); earlier..

there is no message or any error when i clickthe upload button.

<?php
// Require the database connection:
require ('./includes/config.inc.php');
require (MYSQL);

if ($_SERVER['REQUEST_METHOD'] == 'POST'){    
	// cleaning title field    
	$title = $_POST['title'];  
	$author = $_POST['author'];
	$isbn = $_POST['isbn'];
	$description = $_POST['description'];
	$publisher = $_POST['publisher'];
	$year = $_POST['year'];
	$stock = $_POST['stock'];
	$price = $_POST['price'];
	$sold = $_POST['sold'];
	
	$imagelocation = './images/'
	or die(mysql_error());
	
if ($title == '') // if title is not set        
		$title = '(empty title)';// use (empty title) string    

	if (isset($_FILES['imagelocation']))        
	{                       
		if (!isset($msg)) // If there was no error            
		{                
			// Preparing data to be used in MySQL query                
			mysql_query("INSERT INTO Product1 SET 

title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'");                
			$msg = 'Success: image uploaded';            
		}        
	}        
	elseif (isset($_GET['title']))      // isset(..title) needed            
		$msg = 'Error: file not loaded';
			// to make sure we've using                                            
			// upload form, not form                                            
			// for deletion           
	if (isset($_POST['del'])) // If used selected some photo to delete        
	{                         // in 'uploaded images form';            
		$id = intval($_POST['del']);            
		mysql_query("DELETE FROM {$table} WHERE id=$id");            
		$msg = 'Photo deleted';        
	}    
	
}
?>

<html><head>
<title>Administration Page</title>
</head>
<body>
<?php
if (isset($msg)) // this is special section for                 
		// outputing message
{
?>
<p style="font-weight: bold;"><?=$msg?>

<a href="admin-upload.php">reload page</a>
<!-- I've added reloading link, because     
	refreshing POST queries is not good idea -->
</p>
<?php
}
?>
<h1>Administration Page
</h1>
<h2>Uploaded images:</h2>


</form>
<h2>Upload new image:</h2>
<form action="admin-upload.php" method="POST" enctype="multipart/form-data">
<label for="title">Title:</label>
<input type="text" name="title" id="title" size="64">
<label for="model">Author:</label>
<input type="text" name="author" id="author" size="64">
<label for="year">ISBN:</label>
<input type="text" name="isbn" id="isbn" size="64">
<label for="price">Description:</label>
<input type="text" name="description" id="description" size="64">
<label for="location">Publisher:</label>
<input type="text" name="publisher" id="publisher" size="64">
<label for="year">Year:</label>
<input type="text" name="year" id="year" size="64">
<label for="photo">Stock:</label>
<input type="text" name="stock" id="stock">
<label for="price">Price:</label>
<input type="text" name="price" id="price" size="64">
<label for="photo">Sold:</label>
<input type="text" name="sold" id="sold">


<label for="imagelocation">Photo:</label>
<input type="file" name="imagelocaton" id="imagelocation">

<input type="submit" value="upload">
</form>
           
</body>
</html>
issaru07
Light Poster
40 posts since Jan 2012
Reputation Points: 10
Solved Threads: 0
 
4 Months Ago
0
was doing $title = trim(sql_safe($_POST['title'])); earlier..

But it doesn't seem like you're doing it now. Not cleaning your vars can stop your script from working without telling you why. So clean them and them move on to the next logical problem.

In addition, I would strongly recommend that you DON'T send form data to the same page as this plays havoc with refreshing and the back button. I'd send all forms to a general or dedicated formhandler script (file).

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed