Cenobitez

I am adding an image rating, privacy and comments system into my image upload script. Because I can handle a variable amount of file uploads, I pass a hidden variable called 'count' to tell me how many was uploaded. I then use a cluster of arrays to do what I need. The code looks messy, and I expect may turn into a disaster. This isnt for general public use, its more a way for me to upload and add images to my own gallery that just me, and a few friends will use, also not added any security to check the data is what I expect as I want to get it working first Currently the script workings when I pass it the info, but wondering if anyone could suggest a better way ? <?php if (isset($_POST['subcom'])) { //subcap $count = $_POST['count']; include('./includes/mysql_connect.inc.php'); for ($i = 1; $i <= $count; $i++) { $caption[$i] = $_POST["caption$i"]; $rate[$i] = $_POST["rate$i"]; $visible[$i] = $_POST["visible$i"]; if($visible[$i] =="" or $visible[$i] == "off") { $visible[$i] = 0; }else{ $visible[$i] = 1; } $file[$i] = $_POST["file$i"]; $query[$i] = "UPDATE images SET img_caption = '$caption[$i]', img_rating = '$rate[$i]', img_visible = '$visible[$i]' WHERE img_filename = '$file[$i]'"; $result[$i] = mysql_query($query[$i]); if($result[$i]) { //result if($debug[$i] =="1") { //debug echo "Result $i: " . $result[$i] . "<br>\n"; echo "Query $i: " . $query[$i] . "<br>\n"; echo "Caption $i: " . $caption[$i] . "<br>\n"; echo "File $i: " . $file[$i] . "<br>\n"; echo "Visible $i: " . $visible[$i] . "<br>\n"; echo "Rate $i: " . $rate[$i] . "<br>\n"; } //debug echo "Comments Sucessfully Added for $file[$i] <br />\n"; } else { //result echo "Database Entry Error<br/> \n"; echo mysql_errno($result[$i]) . ": " . mysql_error($result[$i]) . "<br/> \n"; } //result } //file } //end subcap ?>

Well 3 hours later and 3:30AM, i got it :) My $debugged 2nd was inside the while statement (I accidentally moved it, when copying and pasting my code into the window here, and i missed a $result = mysql_query ($query); so the while statement never activated, making it always say 1st, once i fixed that, i emptied the IF statement and introduced each line one by one still it stopped work, then realised what i had done. I marked the missing line with //<<<<< THIS LINE MISSING >>>>> in its any use to anyone else. However i am not convinced this is the best way to do this :) [code=php:0]If (is_numeric($_GET['id'])) {   $id = $_GET['id'];   require('./mysql_connect.php'); // connect to the DB   $query = "SELECT * FROM mod WHERE id='" . $id . "' LIMIT 1";     $debugged = '1st Pass';   $result = mysql_query ($query); //run it   $numrow = mysql_num_rows($result);   if($numrow == 0) { //if all ok       $id = 1; //default id for now       $query = "SELECT * FROM mod WHERE id='" . $id . "' LIMIT 1";       $result = mysql_query ($query); //<<<<< THIS LINE MISSING >>>>>           $debugged = '2nd Pass';         while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {           $name = $row[name];         } //while ok 1   } else {     while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {       $name = $row[name];     } //while ok 2   } //numrow ok   mysql_free_result($result); //free resources   mysql_close(); //close db conn } //if numeric[/code]

A friend of mine wrote a mobile phone photo blog program, some time ago, basically all he did was set a cronjob to execute a script, the script read his inbox, parsed the mail, extracted what he needed, write the html and images to the relevant folders, and site was updated. There is no reason that cant be done to write to a DB as well. The timed is a cron job task tho :)

Scott look into ways of reading pop email, would need a dedicated email account, and know how to parse that email as well.

Like i said procode, I have never used it, or any others back in the day, i used ubb and phorum, but not used IPB, looks very like an SQL Injection dropped their tables, which leads to believe its insecure.

You host should have a daily back up, and prob a weekly back up, its as well to set a cronjob to backup ur DB every few days as well :) If your going to reinstall go with phpbb or smf, just for extra security, but i have never really used other say better or worse, i have just never needed anything else :) http://www.phpbb.com or http://www.simplemachines.org/

Looks like some has deleted ur database, prob an injection hack, contact your host see if they have a back up they give you from a few days ago, or whenever it last worked. Also update to latest forum software, personally i only use PHPBB and SMF (PHP Freaks uses the latter)

Bugger, I always miss that one :( Unfortunately thats not the error :( I have just set $debugged = '1st'; and $debugged = '2nd'; after the 2 queries, and regardless of what id number i enter it stil says '1st'. however if i output the value of numrow it is set to 0 when no record and 1 when a record, so it has to be that if statement you pointed out. Going to try putting 's or "s around the 0, as its got to be something simple :( [code=php:0] if($numrow == 0) { //if all ok [/code]

Your PHP should really BEFORE your form. And use the IF Submit Button Set process form, else display the form, and if submit fails then clear the submit var and re-display the form, then you could use the ternary operator like [code=php:0]<input type="text" name="username" size="24" maxlength="24" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" />[/code] in your form, which would show pre-set vars from previous submit or empty if no submit happened :)

I don't seem to be able to get this to work right... Basically the user enters a URL like script.php?id=1 my script then ensures that the data is clean my only accepting numeric data, which i hope is enough, it then queries the db, for the record that matches that ID, and gets the ID's name, then displays the ID later in the script. All works find upto here, Now if someon enters an ID that doesnt exist, it still shows a blank later on in the script, so i want to check the ID, and no name exists (record doesnt exist), it then sets to the default ID of the time, which at the moment is 1, thenre-queries and gets the name of the backup item. I dont seem to be able to get this to work. [code=php:0]If (is_numeric($_GET['id'])) {   $id = $_GET['id'];   require('./mysql_connect.php'); // connect to the DB   $query = "SELECT * FROM mod WHERE id='" . $id . "' LIMIT 1";   $result = mysql_query ($query); //run it   $numrow = mysql_num_rows($result);   if($numrow = 0) { //if all ok       $id = '1'; //default id for now       $query = "SELECT * FROM mod WHERE id='" . $id . "' LIMIT 1";         while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {           $name = $row[name];         } //while ok 1   } else {     while($row = mysql_fetch_array($result, MYSQL_ASSOC)) {       $name = $row[name];     } //while ok 2   } //numrow ok   mysql_free_result($result); //free resources   mysql_close(); //close db conn } //if numeric[/code] Where have i gone wrong, or is there a neater way to do this ? p.s. I hope to turn this into a re-useable function once its up and running, so my script needs to do this in one block :) p.s. Sorry if this should have been in the mysql area, but i figured was more a PHP issue :) Thanks