0

hi everyone,

i encounter problem when trying to create a form page to upload images to images folder and imagelocation will store information for the pathname where the image will be located ( will be used for display image in future)

the code below does not have any error when i trying to upload a image, but the images does not seems to appear in images folder and did not insert new row in mysql. appreciate if you could advice me where went wrong? sorry i am really new to php.

<?php
// Require the database connection:
require ('./includes/config.inc.php');
require (MYSQL);

if ($_SERVER['REQUEST_METHOD'] == 'POST'){    
	// cleaning title field    
	$title = ($_POST['title']);  
	$author = ($_POST['author']);
	$isbn = ($_POST['isbn']);
	$description = ($_POST['description']);
	$publisher = ($_POST['publisher']);
	$year = ($_POST['year']);
	$stock = ($_POST['stock']);
	$price = ($_POST['price']);
	$sold = ($_POST['sold']);
	
	$imagelocation = './images/';
if ($title == '') // if title is not set        
		$title = '(empty title)';// use (empty title) string    

	if (isset($_FILES['imagelocation']))        
	{                       
		if (!isset($msg)) // If there was no error            
		{                
			// Preparing data to be used in MySQL query                
			mysql_query("INSERT INTO Product1 SET 

title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'");                
			$msg = 'Success: image uploaded';            
		}        
	}        
	elseif (isset($_GET['title']))      // isset(..title) needed            
		$msg = 'Error: file not loaded';
			// to make sure we've using                                            
			// upload form, not form                                            
			// for deletion           
	if (isset($_POST['del'])) // If used selected some photo to delete        
	{                         // in 'uploaded images form';            
		$id = intval($_POST['del']);            
		mysql_query("DELETE FROM {$table} WHERE id=$id");            
		$msg = 'Photo deleted';        
	}    
	
}
?>

<html><head>
<title>Administration Page</title>
</head>
<body>
<?php
if (isset($msg)) // this is special section for                 
		// outputing message
{
?>
<p style="font-weight: bold;"><?=$msg?>
<br>
<a href="admin-upload.php">reload page</a>
<!-- I've added reloading link, because     
	refreshing POST queries is not good idea -->
</p>
<?php
}
?>
<h1>Administration Page
</h1>
<h2>Uploaded images:</h2>


</form>
<h2>Upload new image:</h2>
<form action="admin-upload.php" method="POST" enctype="multipart/form-data">
<label for="title">Title:</label><br>
<input type="text" name="title" id="title" size="64"><br><br>
<label for="model">Author:</label><br>
<input type="text" name="author" id="author" size="64"><br><br>
<label for="year">ISBN:</label><br>
<input type="text" name="isbn" id="isbn" size="64"><br><br>
<label for="price">Description:</label><br>
<input type="text" name="description" id="description" size="64"><br><br>
<label for="location">Publisher:</label><br>
<input type="text" name="publisher" id="publisher" size="64"><br><br>
<label for="year">Year:</label><br>
<input type="text" name="year" id="year" size="64"><br><br>
<label for="photo">Stock:</label><br>
<input type="text" name="stock" id="stock"><br><br>
<label for="price">Price:</label><br>
<input type="text" name="price" id="price" size="64"><br><br>
<label for="photo">Sold:</label><br>
<input type="text" name="sold" id="sold"><br><br>


<label for="imagelocation">Photo:</label><br>
<input type="file" name="imagelocaton" id="imagelocation"><br><br>

<input type="submit" value="upload">
</form>
           
</body>
</html>
4
Contributors
6
Replies
8
Views
5 Years
Discussion Span
Last Post by diafol
0

Don't understand that bracket around variables:

$title = $_POST['title'];
$author = $_POST['author'];
$isbn = $_POST['isbn'];
$description = $_POST['description'];
$publisher = $_POST['publisher'];
$year = $_POST['year'];
$stock = $_POST['stock'];
$price = $_POST['price'];
$sold = $_POST['sold'];

But don't know if this is a Solution try to add or die after the query.
Like:

mysql_query("INSERT INTO Product1 SET title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'") or die(mysql_error());
0

Don't understand that bracket around variables:

The brackets around the variables is to do with the $_POST variable. When items are posted to a script they are all placed into an array. So these brackets state this part of the array.

0

I don't get the brackets thing either.

Anyway - you MUST clean your input ($_POST variables) before inserting them into an SQL query.

0

sorryfor the confusion.
was doing $title = trim(sql_safe($_POST)); earlier..

there is no message or any error when i clickthe upload button.

<?php
// Require the database connection:
require ('./includes/config.inc.php');
require (MYSQL);

if ($_SERVER['REQUEST_METHOD'] == 'POST'){    
	// cleaning title field    
	$title = $_POST['title'];  
	$author = $_POST['author'];
	$isbn = $_POST['isbn'];
	$description = $_POST['description'];
	$publisher = $_POST['publisher'];
	$year = $_POST['year'];
	$stock = $_POST['stock'];
	$price = $_POST['price'];
	$sold = $_POST['sold'];
	
	$imagelocation = './images/'
	or die(mysql_error());
	
if ($title == '') // if title is not set        
		$title = '(empty title)';// use (empty title) string    

	if (isset($_FILES['imagelocation']))        
	{                       
		if (!isset($msg)) // If there was no error            
		{                
			// Preparing data to be used in MySQL query                
			mysql_query("INSERT INTO Product1 SET 

title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'");                
			$msg = 'Success: image uploaded';            
		}        
	}        
	elseif (isset($_GET['title']))      // isset(..title) needed            
		$msg = 'Error: file not loaded';
			// to make sure we've using                                            
			// upload form, not form                                            
			// for deletion           
	if (isset($_POST['del'])) // If used selected some photo to delete        
	{                         // in 'uploaded images form';            
		$id = intval($_POST['del']);            
		mysql_query("DELETE FROM {$table} WHERE id=$id");            
		$msg = 'Photo deleted';        
	}    
	
}
?>

<html><head>
<title>Administration Page</title>
</head>
<body>
<?php
if (isset($msg)) // this is special section for                 
		// outputing message
{
?>
<p style="font-weight: bold;"><?=$msg?>
<br>
<a href="admin-upload.php">reload page</a>
<!-- I've added reloading link, because     
	refreshing POST queries is not good idea -->
</p>
<?php
}
?>
<h1>Administration Page
</h1>
<h2>Uploaded images:</h2>


</form>
<h2>Upload new image:</h2>
<form action="admin-upload.php" method="POST" enctype="multipart/form-data">
<label for="title">Title:</label><br>
<input type="text" name="title" id="title" size="64"><br><br>
<label for="model">Author:</label><br>
<input type="text" name="author" id="author" size="64"><br><br>
<label for="year">ISBN:</label><br>
<input type="text" name="isbn" id="isbn" size="64"><br><br>
<label for="price">Description:</label><br>
<input type="text" name="description" id="description" size="64"><br><br>
<label for="location">Publisher:</label><br>
<input type="text" name="publisher" id="publisher" size="64"><br><br>
<label for="year">Year:</label><br>
<input type="text" name="year" id="year" size="64"><br><br>
<label for="photo">Stock:</label><br>
<input type="text" name="stock" id="stock"><br><br>
<label for="price">Price:</label><br>
<input type="text" name="price" id="price" size="64"><br><br>
<label for="photo">Sold:</label><br>
<input type="text" name="sold" id="sold"><br><br>


<label for="imagelocation">Photo:</label><br>
<input type="file" name="imagelocaton" id="imagelocation"><br><br>

<input type="submit" value="upload">
</form>
           
</body>
</html>
0

was doing $title = trim(sql_safe($_POST)); earlier..

But it doesn't seem like you're doing it now. Not cleaning your vars can stop your script from working without telling you why. So clean them and them move on to the next logical problem.

In addition, I would strongly recommend that you DON'T send form data to the same page as this plays havoc with refreshing and the back button. I'd send all forms to a general or dedicated formhandler script (file).

Edited by diafol: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.