0

Anyone can help me with this code?
I try to make it upload the photo but its cannot save and get this error..

Warning: fopen(Waterfall.jpg) [function.fopen]: failed to open stream: No such file or directory in C:\AppServ\www\pqs\hra\data_entry.php on line 13

Warning: filesize() [function.filesize]: stat failed for Waterfall.jpg in C:\AppServ\www\pqs\hra\data_entry.php on line 13

Warning: fread(): supplied argument is not a valid stream resource in C:\AppServ\www\pqs\hra\data_entry.php on line 13

Can anyone explain it to me what exactly my error?I really cannot find it..
This is my code..

data_entry.php

<head>
<script src="datetimepicker_css.js"></script></head>

<?
if (isset($_POST['submit'])){
if (isset($_POST['Marriage_status'])){
if (isset($_POST['Skill_status'])){
if (isset($_POST['Company'])){

$link = mysql_connect("localhost","root","root") or die ("Could not connect to the Database Server!");
$db = mysql_select_db("pqs", $link) or die ("Could not select Database!");

$data = addslashes(fread(fopen($picture, "r"), filesize($picture)));

		$pjpeg="image/pjpeg";
		$jpeg="image/jpeg";
		$gif="image/gif";
		$png="image/png";
		$bmp="image/bmp";
		
if ($picture_type == $pjpeg OR $picture_type == $jpeg OR $picture_type == $gif OR $picture_type == $png OR $picture_type == $bmp)
{
		
mysql_query("INSERT INTO contractworkerdb (Name,Ic_no,Address,Contact_no,Department,Marriage_status,Date_join,Skill_status,Qualification,Experience,Company,spouse_name,spouse_contact_no,spouse_address,barcode_id,bin_data,filename,filesize,filetype) VALUES  ('$Name','$Ic_no','$Address','$Contact_no','$Department','$Marriage_status','$Date_join','$Skill_status','$Qualification','$Experience','$Company','$spouse_name','$spouse_contact_no','$spouse_address','$barcode_id','$data','$picture_name','$picture_size','$picture_type')");

}
$db_close=mysql_close();}}}}
?>

<script type="text/javascript">
function show_alert()
{
var msg = "Successful : Your data saved";
alert(msg);
}
</script>

<br> <script>
/*Current date script credit: 
JavaScript Kit (www.javascriptkit.com)
Over 200+ free scripts here!
*/
var mydate=new Date()
var year=mydate.getYear()
if (year < 1000)
year+=1900
var day=mydate.getDay()
var month=mydate.getMonth()
var daym=mydate.getDate()
if (daym<10)
daym="0"+daym
var dayarray=new Array("Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday")
var montharray=new Array("January","February","March","April","May","June","July","August","September","October","November","December")
document.write("&nbsp;<small><font color='black' face='Tahoma'><b>"+dayarray[day]+", "+daym+" "+montharray[month]+" "+year+" </b></font></small>")
        </script></br><p></p>

<form name="frm" Action="index.php?page=data_entry.php" Method="post">
<div class="data entry">
  <p>&nbsp;</p>
  <table width="575" border="0" align="center">
    <tr>
      <th colspan="3" scope="col">Data For Contract Worker </th>
    </tr>
    <tr>
      <th width="153" scope="row"><div align="right"><strong>Name</strong></div></th>
      <td width="5"><div align="center"><strong>:</strong></div></td>
      <td width="403"><div align="left">
        <input name="Name" type="text" id="Name" size="50">
      </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>IC No. </strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <input name="Ic_no" type="text" id="Ic_no" size="50">
      </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right">Picture</div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><input type="hidden" name="MAX_FILE_SIZE" value="10485760">
	<input type="file" name="picture"  size="40"> <font size="1" face="Arial"> Maxsize 1MB</font>&nbsp;</td>
    </tr>
    <tr>
      <th scope="row"><div align="right">Barcode Id No. </div></th>
      <td><strong>:</strong></td>
      <td><input name="barcode_id" type="text" id="barcode_id" size="50" /></td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>Contact No. </strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <input name="Contact_no" type="text" id="Contact_no" size="50">
      </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>Address</strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <textarea name="Address" cols="50" id="Address"></textarea>
      </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>Marriage Status </strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <select name="Marriage_status" id="Marriage_status">
          <option value="-">Please Select</option>
          <option value="single">Single</option>
          <option value="married">Married</option>
        </select>
        </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>Spouse Name </strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <input name="spouse_name" type="text" id="spouse_name" size="50">
      </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right">Spouse Contact No. </div></th>
      <td><strong>:</strong></td>
      <td><input name="spouse_contact_no" type="text" id="spouse_contact_no" /></td>
    </tr>
    <tr>
      <th scope="row"><div align="right">Spouse Address </div></th>
      <td><strong>:</strong></td>
      <td><textarea name="spouse_address" cols="50" id="spouse_address"></textarea></td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>Date Join </strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <input name="Date_join" type="text" id="Date_join" size="30">
		<a href="javascript:NewCssCal('Date_join','yyyymmdd','arrow')" title="Click on the calendar to enter date"> <img src="../images/cal.gif" width="16" height="16" alt="Pick a date" /></a>
      </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>Qualification</strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <textarea name="Qualification" cols="50" id="Qualification"></textarea>
      </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>Experience</strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <textarea name="Experience" cols="50" id="Experience"></textarea>
      </div></td>
    </tr>
    <tr>
      <th scope="row"><div align="right">Skills Status </div></th>
      <td><strong>:</strong></td>
      <td><select name="Skill_status" id="Skill_status">
        <option value="-">Please Select</option>
        <option value="skill">Skill</option>
        <option value="non">Non - skill</option>
      </select>      </td>
    </tr>
    <tr>
      <th scope="row"><div align="right">Company</div></th>
      <td><strong>:</strong></td>
      <td><select name="Company" id="Company">
        <option value="-">Please Select</option>
        <option value="sumacom">Sumacom</option>
        <option value="tentraman">Tentraman</option>
        <option value="terassari">Teras Sari</option>
      </select>      </td>
    </tr>
    <tr>
      <th scope="row"><div align="right"><strong>Department</strong></div></th>
      <td><div align="center"><strong>:</strong></div></td>
      <td><div align="left">
        <input name="Department" type="text" id="Department" size="50">
      </div></td>
    </tr>
    <tr>
      <th colspan="3" scope="row"><div align="center"></div></th>
    </tr>
    <tr>
      <th colspan="3" scope="row"><input name="submit" type="submit" id="submit" value="Submit"  onClick="show_alert()"/>
      <input name="reset" type="reset" id="reset" value="Reset"/>
      <input name="back" type="submit" id="back" value="Back"/></th>
    </tr>
  </table>
  <p>&nbsp;</p>
</div>
</form>
2
Contributors
3
Replies
4
Views
6 Years
Discussion Span
Last Post by aecha
0

It looks like you're just starting out with php, so a good lesson to learn right from the start is data validation. Your code as is right now is almost scary.

I'm going to try to give you a few snippets in separate sections to make it easy to understand. Here a code for image upload and saving the name of the image in the database for later reference. It has basic validations for an image file. Plug this in and change as necessary.

if((!empty($_FILES["picture"])) && ($_FILES['picture']['error'] == 0)) {
			
			// Set maximum allowable size
			if($_FILES['picture']['size'] > 250000) {
				echo $_FILES['picture']['name']." is too large. Max allowed size is 250kb";
				exit();
			}
			
			// Create blacklist of disallowed extensions, then check for those in the uploaded file
			$blacklist = array(".php", ".phtml", ".php3", ".php4", ".php5", ".html", ".xhtml", ".exe", ".py", ".pl");
			foreach ($blacklist as $item) {
			   if(preg_match("/$item\$/i", $_FILES['picture']['name'])) {
				echo $_FILES['picture']['name']." is not a valid image file. Only jpg, gif and png's are allowed";
				exit();
			   }
			}
			
			$imageinfo = getimagesize($_FILES['picture']['tmp_name']);
	
			if($imageinfo['mime'] != "image/gif" &&  $imageinfo['mime'] != "image/jpeg" && $imageinfo['mime'] != "image/jpg"){
				echo $_FILES['picture']['name']." is not a valid image file. Only jpg, gif and png's are allowed";
				exit();
			}
			
			// Set relative path to the image directory where you want the images to be stored
			$uploaddir = 'images/';
			// You can skip this step if you like, but I throw in a small snippet to rename the image
			$encodedname = md5(rand(999,20000)).$_FILES['picture']['name'];
			
			$uploadfile = $uploaddir . basename($encodedname);
			if (move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile)) {
				
				//Save image data in db
				$img_data = "INSERT INTO tbl_name (image_name) VALUES ('".$encodedname."')";
				$img_data_query = mysql_query($img_data);
				
				if($img_data_query){
					echo $_FILES['picture']['name']." has been successfully uploaded";
					exit();
				}
			} else {
				echo "Uploading of ".$_FILES['picture']['name']." failed.  Please try again";
				exit();
			}
	} else {
		echo "Please select a file before clicking \"Upload\"";
		exit();
	}

Second, I would recommend a function that "cleans" your posted values before database insertion.

You can use something like this:

function clean($data) {
		$data = trim($data);
		$data = htmlentities($data);
		if(get_magic_quotes_gpc()) {
			$data = stripslashes($data);
		}
		$data = mysql_real_escape_string($data);
		return $data;
	}

and then clean your values with

$company = clean($_POST['Company']);

Hope that helps a bit.

0

Is it the insert statement for database not same with the image?

0

It looks like you're just starting out with php, so a good lesson to learn right from the start is data validation. Your code as is right now is almost scary.

I'm going to try to give you a few snippets in separate sections to make it easy to understand. Here a code for image upload and saving the name of the image in the database for later reference. It has basic validations for an image file. Plug this in and change as necessary.

if((!empty($_FILES["picture"])) && ($_FILES['picture']['error'] == 0)) {
			
			// Set maximum allowable size
			if($_FILES['picture']['size'] > 250000) {
				echo $_FILES['picture']['name']." is too large. Max allowed size is 250kb";
				exit();
			}
			
			// Create blacklist of disallowed extensions, then check for those in the uploaded file
			$blacklist = array(".php", ".phtml", ".php3", ".php4", ".php5", ".html", ".xhtml", ".exe", ".py", ".pl");
			foreach ($blacklist as $item) {
			   if(preg_match("/$item\$/i", $_FILES['picture']['name'])) {
				echo $_FILES['picture']['name']." is not a valid image file. Only jpg, gif and png's are allowed";
				exit();
			   }
			}
			
			$imageinfo = getimagesize($_FILES['picture']['tmp_name']);
	
			if($imageinfo['mime'] != "image/gif" &&  $imageinfo['mime'] != "image/jpeg" && $imageinfo['mime'] != "image/jpg"){
				echo $_FILES['picture']['name']." is not a valid image file. Only jpg, gif and png's are allowed";
				exit();
			}
			
			// Set relative path to the image directory where you want the images to be stored
			$uploaddir = 'images/';
			// You can skip this step if you like, but I throw in a small snippet to rename the image
			$encodedname = md5(rand(999,20000)).$_FILES['picture']['name'];
			
			$uploadfile = $uploaddir . basename($encodedname);
			if (move_uploaded_file($_FILES['picture']['tmp_name'], $uploadfile)) {
				
				//Save image data in db
				$img_data = "INSERT INTO tbl_name (image_name) VALUES ('".$encodedname."')";
				$img_data_query = mysql_query($img_data);
				
				if($img_data_query){
					echo $_FILES['picture']['name']." has been successfully uploaded";
					exit();
				}
			} else {
				echo "Uploading of ".$_FILES['picture']['name']." failed.  Please try again";
				exit();
			}
	} else {
		echo "Please select a file before clicking \"Upload\"";
		exit();
	}

Second, I would recommend a function that "cleans" your posted values before database insertion.

You can use something like this:

function clean($data) {
		$data = trim($data);
		$data = htmlentities($data);
		if(get_magic_quotes_gpc()) {
			$data = stripslashes($data);
		}
		$data = mysql_real_escape_string($data);
		return $data;
	}

and then clean your values with

$company = clean($_POST['Company']);

Hope that helps a bit.

Thanks for your help.
I have already try your code.
My problem is the data of image is not save in database.
Can you help me some explanation about my problem?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.