Hey everyone,

So I know you all are probably getting tired me posting questions and are wanting me to look this up. I have looked and searched to my wits end.. I want to be able to gather my post id's (pid)'s and my album id's from different tables to go into the url. my albums that I created are stored as album id's and posts that I post as post id's.

My ultimate goal is to have a form that lets me upload pictures and select an album for those pictures to go into, (which work fine). As well as a select menu that lists all the blog titles that I have created, So I can select the correct blog to go with the picture. It's the select menu with the blog title that doesn't work. I need to able to pass both the post id and the album id in the url and I Don't know how to do it with the code that I have. Please help!

upload_image.php:

<?php
include('core/init.inc.php');
include 'init.php';

if(!logged_in()){
    header('Location: index.php');
    exit();
}

include 'template/header.php';
?>

<h3>Upload Image</h3>

<?php

if(isset($_FILES['image'], $_POST['album_id'])){
    $image_name = $_FILES['image']['name'];
    $image_size = $_FILES['image']['size'];
    $image_temp = $_FILES['image']['tmp_name'];

    $allowed_ext = array('jpg', 'jpeg', 'png', 'gif');
    $image_ext = strtolower(end(explode('.', $image_name)));

    $album_id = $_POST['album_id'];

    $errors = array();

    if (empty($image_name) || empty($album_id)){
        $errors[] = 'Something is missing';
    } else {

        if(in_array($image_ext, $allowed_ext) === false){
            $errors[] = 'File type not allowed';
        }

        if($image_size > 2097152){
            $errors[] = 'Maximum file size is 2MB'; 
        }

        if(album_check($album_id) === false){
            $errors[] = 'Couldn\'t upload to that album';
        }

    }

    if(!empty($errors)){
        foreach ($errors as $error){
            echo $error, '<br />';
        }
    } else {
        upload_image($image_temp, $image_ext, $album_id);
        header('Location: view_album.php?album_id='.$album_id.&"pid="{$_GET['pid']);
        exit();
    }
}
$posts = get_posts();
$albums = get_albums();

if(empty($albums)){
    echo '<p>You don\'t have any albums. <a href="create_album.php">Create an album</a></p>';
} else {



?>

<form action="" method="post" enctype="multipart/form-data">
    <p>Choose a file:<br /><input type="file" name="image" /></p>
    <p>
    Choose an album:<br />
    <select name="album_id">
        <?php 
        foreach ($albums as $album){
            echo '<option value="', $album['id'], '">', $album['name'], '</option>';

        }
        ?>
    </select><br /><br />
    Choose an blog:<br />
    <select name="post_id">
        <?php

        foreach ($posts as $post){
            echo '<option value="', $post['id'], '">', $post['title'], '</option>';
        }
        ?>
    </select>
    </p>
    <p><input type="submit" value="Upload" /></p>
</form>

<?php
}

include 'template/footer.php';
?>

posts.inc.php:

<?php

//checks if the given post id is in the table
function valid_pid($pid) {
    $pid = (int)$pid;

    $total = mysql_query("SELECT COUNT(`post_id`) FROM `posts` WHERE `post_id` = {$pid}");
    $total = mysql_result($total, 0);

    if ($total != 1) {
        return false;
    }else{
        return true;
    }
}

//gets a summary of all blog posts
function get_posts() {
    $sql = "SELECT
                `posts`.`post_id` AS `id`,
                `posts`.`post_title` AS `title`,
                LEFT(`posts`.`post_body`, 512) AS `preview`,
                `posts`.`post_user` AS `user`,
                DATE_FORMAT(`posts`.`post_date`, '%m-%d-%Y %H:%i:%s') AS `date`,
                `comments`.`total_comments`,
                DATE_FORMAT(`comments`.`last_comment`, '%m-%d-%Y %H:%i:%s') AS `last_comment`
            FROM `posts`
            LEFT JOIN(
                SELECT
                    `post_id`,
                    COUNT(`comment_id`) AS `total_comments`,
                    MAX(`comment_date`) AS `last_comment`
                FROM `comments`
                GROUP BY `post_id`
            ) AS `comments`
            ON `posts`.`post_id` = `comments`.`post_id`
            ORDER BY `posts`.`post_date` DESC";

    $posts = mysql_query($sql);

 $rows = array();
        while (($row = mysql_fetch_assoc($posts)) !== false) {
                $rows[] = array(
                        'id'                       => $row['id'],
                        'title'                   => $row['title'],
                        'preview'             => $row['preview'],
                        'user'                   => $row['user'],
                        'date'                   => $row['date'],
                        'total_comments' => ($row['total_comments'] === null) ? 0 : $row['total_comments'],
                        'last_comment'     => ($row['last_comment'] === null) ? 'none' : $row['last_comment']
                );
    }

    return $rows;
}

//gets a single post from the table
function get_post($pid) {
    $pid = (int)$pid;

    $sql = "SELECT
                `post_title` AS `title`,
                `post_body` AS `body`,
                `post_user` AS `user`,
                `post_date` AS `date`
            FROM `posts`
            WHERE `post_id` = {$pid}";

    $post = mysql_query($sql);
    $post = mysql_fetch_assoc($post);

    $post['comments'] = get_comments($pid);

    return $post;
}

//adds a new blog entry
function add_post($name, $title, $body) {
    $name = mysql_real_escape_string(htmlentities($name));
    $title = mysql_real_escape_string(htmlentities($title));
    $body = mysql_real_escape_string(nl2br(htmlentities($body)));

    mysql_query("INSERT INTO `posts` (`post_user`, `post_title`, `post_body`, `post_date`) VALUES ('{$name}', '{$title}', '{$body}', NOW())");
}

?>

comments.inc.php:

<?php

//gets all of the comments for a given blog post
function get_comments($pid){
    $pid = (int)$pid;

    $sql = "SELECT
                `comment_body` AS `body`,
                `comment_user` AS `user`,
                DATE_FORMAT(`comment_date`, '%m-%d-%Y %H:%i:%s') AS `date`
            FROM `comments`
            WHERE `post_id` = {$pid}";

    $comments = mysql_query($sql);

    $return = array();
    while(($row = mysql_fetch_assoc($comments)) !== false) {
        $return[] = $row;
    }
    return $return;
}

//adds a comment
function add_comment($pid, $user, $body) {
    if (valid_pid($pid) === false) {
        return false;
    }

    $pid    = (int)$pid;
    $user   = mysql_real_escape_string(htmlentities($user));
    $body   = mysql_real_escape_string(nl2br(htmlentities($body)));

    mysql_query("INSERT INTO `comments` (`post_id`, `comment_user`, `comment_body`, `comment_date`) VALUES ({$pid}, '{$user}', '{$body}', NOW())");

    return true;
}

?>

sorry for the long code..I don't know what you guys need to help me figure this out. Thanks for any help and your patience!

-geneh23

Recommended Answers

All 14 Replies

Once you have done whatever it is you need to do with your posted data (that part of your code isn't shown and you currently have to action specified in your form), just add your values to the url:

header('location: your_page.php?post_id={$_POST['post_id}&album_id={$_POST['album_id']}');

@simplepixie, It gives me this error when I do that "Parse error: syntax error, unexpected T_STRING in C:\Program Files (x86)\EasyPHP-5.3.9\www\Image Upload\upload_image.php on line 53"

Here is what I put:

header('location: view_album.php?post_id={$_POST['pid'}&album_id={$_POST['album_id']}');

missing a ] after pid

header('location: view_album.php?post_id={$_POST['pid']}&album_id={$_POST['album_id']}');

After you will use a get method on another page.

echo 
$pid = $_GET['pid'] /
$aid = $_GET['album_id'];

and check for int if you like.

@reco21, I still have the "Parse error: syntax error, unexpected T_STRING in C:\Program Files (x86)\EasyPHP-5.3.9\www\Image Upload\upload_image.php on line 53" after correcting the header direct.

What is line 53 - it may be nothing to do with the header redirect?

@simplypixie, line 53 is the line where the header is but here is the whole function with line 53 included as the header:

    if(!empty($errors)){
        foreach ($errors as $error){
            echo $error, '<br />';
        }
    } else {
        upload_image($image_temp, $image_ext, $album_id);
        header('location: view_album.php?post_id={$_POST['pid']}&album_id={$_POST['album_id']}');
        exit();
    }

I think it's the ' symbol. Put the value of your $_POST data in another variable. Or try escaping characters.

Tray correcting this:

echo $error, '<br />';

To

echo $error.'<br />';

@Javvy, Sorry but I don't understand..I tryied escaping the "'" but it didn't change anythign..

nevermind Javvy, for some reason the error went away. but now I get a "Fatal error: Call to undefined function valid_pid() in C:\Program Files (x86)\EasyPHP-5.3.9\www\Image Upload\view_album.php on line 32"

I don't understand why I am getting this since I included the functions file that contains the valid id()

Here is the file that the form sends the user to when clicking upload which contains the valid_pid() error:

<?php
include 'init.php';

if(!logged_in()){
    header('Location: index.php');
    exit();
}

if(!isset($_GET['album_id']) || empty($_GET['album_id']) || album_check($_GET['album_id']) === false){
    header('Location: albums.php');
    exit();
}

include 'template/header.php';

$album_id = $_GET['album_id'];
$album_data = album_data($album_id, 'name', 'description');

echo '<h3>', $album_data['name'], '</h3><p>', $album_data['description'], '</p>';

$images = get_images($album_id);

if(empty($images)){
    echo 'There are no images in this album';
} else {
    foreach ($images as $image){
        echo '<img src="uploads/thumbs/', $image['album'], '/', $image['id'], '.', $image['ext'], '" title="Uploaded ', date('D M Y / h:i', $image['timestamp']), '" /><br /> [<a href="delete_image.php?image_id=', $image['id'], '">x</a>] ';
    }
}


            if (isset($_GET['album_id']) === false || valid_pid($_GET['pid']) === false) {
                echo 'Invalid post ID.';
            }else{
                $post = get_post($_GET['pid']);

                ?>
                <h2><?php echo $post['title']; ?></h2>
                <h4>By <?php echo $post['user']; ?> on <?php echo $post['date']; ?> (<?php echo count($post['comments']); ?> comments)</h4>

                <hr />

                <p><?php echo $post['body']; ?></p>

                <hr />
                <?php

                foreach ($post['comments'] as $comment){
                    ?>
                    <p><?php echo $comment['body']; ?></p>
                    <h4>By <?php echo $comment['user']; ?> on <?php echo $comment['date']; ?></h4>
                    <hr />
                    <?php
                }

            }
include 'template/footer.php';
?>

This is wrong:

if (isset($_GET['album_id']) === false || valid_pid($_GET['pid']) === false)

It should be:

if (!isset($_GET['album_id']) || valid_pid($_GET['pid']) === false)

@simplypixie, Even after that fix with the if statement, I still get that error of "Fatal error: Call to undefined function valid_pid() in C:\Program Files (x86)\EasyPHP-5.3.9\www\Image Upload\view_album.php on line 32" from the previous code

Well valid_pid is not a PHP function unless you have made a function called valid_pid somewhere, in which case your file isn't getting that function as it needs to.

The errors you are getting are telling you exactly what your problems are and you need to work with them

@simplypixie, no you are right, valid_pid is not a php function. That function is a function I have in another file but I included that file with the one that has the error. says

"Warning: Missing argument 1 for valid_pid(), called in C:\Program Files (x86)\EasyPHP-5.3.9\www\Image Upload\blog_read.php on line 11 and defined in C:\Program Files (x86)\EasyPHP-5.3.9\www\Image Upload\core\inc\posts.inc.php on line 4

Notice: Undefined variable: pid in C:\Program Files (x86)\EasyPHP-5.3.9\www\Image Upload\core\inc\posts.inc.php on line 5"

Here is blog_read.php

<?php

include('core/init.inc.php');
include 'init.php';

if(!logged_in()){
    header('Location: index.php');
    exit();
}

echo valid_pid();

if (isset($_GET['pid'], $_POST['user'], $_POST['body'], $_GET['album_id'])) {
    if (add_comment($_GET['pid'], $_POST['user'], $_POST['body'])){
        header("Location: blog_read.php?pid={$_GET['pid']}&album_id={$_GET['album_id']}");
    }else{
        header('Location: blog_list.php');
    }
    die();

?>
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Blog</title>
    </head>
    <body>
        <div>
            <?php

            if (isset($_GET['pid']) === false || valid_pid($_GET['pid']) === false) {
                echo 'Invalid post ID.';
            }else{
                $post = get_post($_GET['pid']);

                ?>
                <h2><?php echo $post['title']; ?></h2>
                <h4>By <?php echo $post['user']; ?> on <?php echo $post['date']; ?> (<?php echo count($post['comments']); ?> comments)</h4>

                <hr />

                <p><?php foreach ($images as $image){
                        echo '<img src="uploads/thumbs/', $image['album'], '/', $image['id'], '.', $image['ext'], '" title="Uploaded ', date('D M Y / h:i', $image['timestamp']), '" /><br /> [<a href="delete_image.php?image_id=', $image['id'], '">x</a>] ';
                        } 
                        echo $post['body']; ?></p>

                <hr />
                <?php

                foreach ($post['comments'] as $comment){
                    ?>
                    <p><?php echo $comment['body']; ?></p>
                    <h4>By <?php echo $comment['user']; ?> on <?php echo $comment['date']; ?></h4>
                    <hr />
                    <?php
                }

                ?>
                <form action="" method="post">
                    <p>
                        <label for="user">Name</label>
                        <input type="text" name="user" id="user" />
                    </p>
                    <p>
                        <textarea name="body" rows="20" col="60"></textarea>
                    </p>
                    <p>
                        <input type="submit" value="Add Comment!" />
                    </p>
                </form>
                <?php
            }
        }
            ?>
        </div>
    </body>
</html>

Here is the function that is being used in other files..posts.inc.php:

function valid_pid($pid) {
    $pid = (int)$pid;

    $total = mysql_query("SELECT COUNT(`post_id`) FROM `posts` WHERE `post_id` = {$pid}");
    $total = mysql_result($total, 0);

    if ($total != 1) {
        return false;
    }else{
        return true;
    }
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.