offsprg01

ok so here's how i figure i'll handle the first step (getting the search terms sent to the file where we are dong the searching) <form name="search" method="post" action="school_search.php"> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="SchoolName">School Name</option> <Option VALUE="SchoolDistrict">School District</option> <Option VALUE="State">State</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> that was cake. so here's how i think i should handle the searching of the database and returning the results back to joomla. <?php $searchdbhost = 'localhost'; $searchdbuser = 'blarg'; $searchdbpass = 'honk'; $searchdbname = 'listofschools'; $searchtable = 'SchoolList'; //Check to see if user actually submitted something //If they did not enter a search term we give them an error if ($_POST['find'] == ""){ echo "<p>You forgot to enter a search term</p>"; exit; } // Otherwise we connect to our Database mysql_connect($searchdbhost, $searchdbuser, $searchdbpass) or die(mysql_error()); mysql_select_db($searchdbname) or die(mysql_error()); // We preform a bit of filtering $find = $_POST['find']; $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); $field = $_POST['field']; //Now we search for the school in question $query = "SELECT * FROM $table WHERE upper($field) LIKE '%$find%' LIMIT 50"; $data = mysql_query($query) or die(mysql_error()); //And we return the results to the referring joomla page ?> <form onload="submitform()" action="<?php echo getenv("HTTP_REFERER"); ?>"> <input type="hidden" name="searching" value="yes" /> <?php foreach ($results as $key => $value){ echo '<input type="hidden" name="results[]" value="'.htmlspecialchars($value).'">'; } ?> </form>

ok so here the deal. i have to write a script that searches a giant database of school and returns the contact info for all schools matching the search term. no big deal it's cake to code something that simple... but wait there more! the search must be executed by a joomla page... we crap. joomla doesn't allow me to run php scripts... so i found a little plugin called jumi that lets me do just that. and it works great minus all the errors joomla spits out because the mysql_connect statement and the mysql_query statment are connecting to a different database than the one joomla is installed onand thus joomla thinks the tables i am searching don't exist so joomla outputs this 4 page long error code in a bright red box a the top of the page. so i tried turning off joomls error reporting.. no bueno. so i figured no problemo i'll just have the script call out to a .php file hosted else where on the server and pass the search terms to that file via $_POST. then have said file execute a quick search of the database and return the results back to the original joomla page from whence the search commenced via a nice tidy $_POST array. one problem how in hades do you pass around php arrays via $_POST?

ok so i need to handle a public access file uploader, that will be only allowing zipped files to be uploaded. the article these files will be attached to is going to be reviewed by a moderator before they are allowed to be viewed by the public, so if i wait until the mod ok's the article to chmod the uploaded file to 777 should that be enouigh security?

just to help clarify <?php $someVar = date('m-d-Y'); ?> <div class="someDiv"> Today is <?php echo $someVar ?>. </div> by the way i highly reccomend you use CSS tables are fast becoming out of date i'm going to miss tables. HTH

well i solved my issue i just needed to add the path to the file :doh: now chmod works fine. so it's chmod (../somepath/somefile.jpg , 0777); where as i was thinking it was magic and just needed chmod(somefile.jpg , 0777); ah if only we had magic code that knew exaclty what we wnated it to do. then life you be grand. AND WE'D HAVE NO MORE MISSING SEMI COLONS! ...semi-colons are the bane of my existance.

yes but it doesn't seem to be working there. i get the same permissions error

do i need to provide a url to the location of the file or just the file name? also where would chmod($filename, 0777); go in the following script? // Where the file is going to be placed $target_path = "../images/promo/"; $filename = basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; //now we save the file location and info in the database $startDateComp = $_POST['StartDateYear'] . '-' . $_POST['StartDateMonth'] . '-' . $_POST['StartDateDay']; $endDateComp = $_POST['EndDateYear'] . '-' . $_POST['EndDateMonth'] . '-' . $_POST['EndDateDay']; $filename = mysql_real_escape_string($filename); $startDateComp = mysql_real_escape_string(GetSQLValueString($startDateComp, "date")); $endDateComp = mysql_real_escape_string(GetSQLValueString($endDateComp, "date")); $default = GetSQLValueString($_POST['Default'], "int"); $leftRight = GetSQLValueString($_POST['LeftRight'], "int"); $id = GetSQLValueString($_POST['TITLE'], "int"); /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; if(is_uploaded_file($_FILES['uploadedfile']['tmp_name'])){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { chmod($filename, 0777); $uploadNotice = "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded.<br />"; $insertSQL = "UPDATE PromoImages SET FileName='$filename', StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'"; } else{ $uploadNotice = "There was an error moving the file, previous file still in use!<br />"; $insertSQL = "UPDATE PromoImages SET StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'"; } } else{ $uploadNotice = "You did not upload a file. Previous file will be used.<br />"; $insertSQL = "UPDATE PromoImages SET StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'"; }

so here's my problem, i've finally tracked down the soucre of my inability to access a file uploaded to my server with php's move file function. aparently the sys admin has the server set to not allow access to files that are uploaded. he says i need to write a script to chnage the permission on the fles i upload. problem is i don't have the slightest clue where to start. so can anyone point me to a good tutorial or show my how to set file permissions with php? i'm not to worried about security on this project as the end client as specified not to include security features in the web page code as they are going to be implimenting all security features once we turn the site over to them.

it's a permission problem. i changed the folder. problem solved

well i finally got the stupid image uploader working, now i'm having a hell of a time getting the image to show up. here's my code to pull the filename from the db and place it in a var to be echoed later mysql_select_db($database_TestDB, $TestDB); $cdate = date ('Y-m-d'); $query_PromoLeftSelect = "SELECT * FROM PromoImages ORDER BY StartDate DESC Limit 1"; $PromoLeftSelect = mysql_query($query_PromoLeftSelect, $TestDB) or die(mysql_error()); $row_PromoLeftSelect = mysql_fetch_assoc($PromoLeftSelect); $totalRows_PromoLeftSelect = mysql_num_rows($PromoLeftSelect); $leftPromo = $row_PromoLeftSelect['FileName']; $query_PromoRightSelect = "SELECT * FROM PromoImages ORDER BY EndDate DESC Limit 1"; $PromoRightSelect = mysql_query($query_PromoRightSelect, $TestDB) or die(mysql_error()); $row_PromoRightSelect = mysql_fetch_assoc($PromoRightSelect); $totalRows_PromoRightSelect = mysql_num_rows($PromoRightSelect); $rightPromo = $row_PromoRightSelect['FileName']; this this is the code to put the image in the site... <img src="admin/uploads/<?php echo $leftPromo; ?>" alt="promo1" width="349" height="64" /> <img src="admin/uploads/<?php echo $rightPromo; ?>" alt="promo2" width="349" height="64" /> [code] here's a link to the file http://www.harwoodmarketinggroup.com/WIP/ [/code]

craygo you would be correct. problem solved. thanks.

here's the error You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'coconut3.jpg''), StartDate=(''30-11-1999''), EndDate=(''30-11-1 here's the code $insertSQL = "UPDATE PromoImages SET FileName='$filename', StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'";

<input name="uploadedfile" size="32" type="file" /> how do style the browse button that appears with this code? i every time i try to assign a class to it, the field gets styled, but not the button.

well i have not clue what fixed but after i tried your second suggestion and it did not work, my originaly code started working for no apparent reason. go figure. some times i think my compuer just likes to jack with me. especially when my deadline is 8am the next day.

i added your if statment, no error message, but still no file upload. shouldn't the first if statment keep the script from executing until after the form is submited? $uploadNotice = "No File Uploaded Yet"; if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { // Where the file is going to be placed $target_path = "/uploads/"; $filename = basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; if(is_uploaded_file($_FILES['uploadedfile']['tmp_name'])){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { $uploadNotice = "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded.<br />"; } else{ $uploadNotice = "There was an error uploading the file, please try again!<br />"; } } //now we save the file location and info in the database $insertSQL = sprintf("INSERT INTO PromoImages (FileName, StartDate, EndDate, `Default`, LeftRight) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($filename, "text"), GetSQLValueString($_POST['StartDate'], "date"), GetSQLValueString($_POST['EndDate'], "date"), GetSQLValueString($_POST['Default'], "int"), GetSQLValueString($_POST['LeftRight'], "int")); mysql_select_db($database_TestDB, $TestDB); $Result1 = mysql_query($insertSQL, $TestDB) or die(mysql_error()); $insertGoTo = "ticker_create.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); }