offsprg01

ok so here's how i figure i'll handle the first step (getting the search terms sent to the file where we are dong the searching) <form name="search" method="post" action="school_search.php"> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="SchoolName">School Name</option> <Option VALUE="SchoolDistrict">School District</option> <Option VALUE="State">State</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> that was cake. so here's how i think i should handle the searching of the database and returning the results back to joomla. <?php $searchdbhost = 'localhost'; $searchdbuser = 'blarg'; $searchdbpass = 'honk'; $searchdbname = 'listofschools'; $searchtable = 'SchoolList'; //Check to see if user actually submitted something //If they did not enter a search term we give them an error if ($_POST['find'] == ""){ echo "<p>You forgot to enter a search term</p>"; exit; } // Otherwise we connect to our Database mysql_connect($searchdbhost, $searchdbuser, $searchdbpass) or die(mysql_error()); mysql_select_db($searchdbname) or die(mysql_error()); // We preform a bit of filtering $find = $_POST['find']; $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); $field = $_POST['field']; //Now we search for the school in question $query = "SELECT * FROM $table WHERE upper($field) LIKE '%$find%' LIMIT 50"; $data = mysql_query($query) or die(mysql_error()); //And we return the results to the referring joomla page ?> <form onload="submitform()" action="<?php echo getenv("HTTP_REFERER"); ?>"> <input type="hidden" name="searching" value="yes" /> <?php foreach ($results as $key => $value){ echo '<input type="hidden" name="results[]" value="'.htmlspecialchars($value).'">'; } ?> </form>

ok so here the deal. i have to write a script that searches a giant database of school and returns the contact info for all schools matching the search term. no big deal it's cake to code something that simple... but wait there more! the search must be executed by a joomla page... we crap. joomla doesn't allow me to run php scripts... so i found a little plugin called jumi that lets me do just that. and it works great minus all the errors joomla spits out because the mysql_connect statement and the mysql_query statment are connecting to a different database than the one joomla is installed onand thus joomla thinks the tables i am searching don't exist so joomla outputs this 4 page long error code in a bright red box a the top of the page. so i tried turning off joomls error reporting.. no bueno. so i figured no problemo i'll just have the script call out to a .php file hosted else where on the server and pass the search terms to that file via $_POST. then have said file execute a quick search of the database and return the results back to the original joomla page from whence the search commenced via a nice tidy $_POST array. one problem how in hades do you pass around php arrays via $_POST?

ok so i need to handle a public access file uploader, that will be only allowing zipped files to be uploaded. the article these files will be attached to is going to be reviewed by a moderator before they are allowed to be viewed by the public, so if i wait until the mod ok's the article to chmod the uploaded file to 777 should that be enouigh security?

just to help clarify <?php $someVar = date('m-d-Y'); ?> <div class="someDiv"> Today is <?php echo $someVar ?>. </div> by the way i highly reccomend you use CSS tables are fast becoming out of date i'm going to miss tables. HTH

well i solved my issue i just needed to add the path to the file :doh: now chmod works fine. so it's chmod (../somepath/somefile.jpg , 0777); where as i was thinking it was magic and just needed chmod(somefile.jpg , 0777); ah if only we had magic code that knew exaclty what we wnated it to do. then life you be grand. AND WE'D HAVE NO MORE MISSING SEMI COLONS! ...semi-colons are the bane of my existance.

yes but it doesn't seem to be working there. i get the same permissions error

do i need to provide a url to the location of the file or just the file name? also where would chmod($filename, 0777); go in the following script? // Where the file is going to be placed $target_path = "../images/promo/"; $filename = basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; //now we save the file location and info in the database $startDateComp = $_POST['StartDateYear'] . '-' . $_POST['StartDateMonth'] . '-' . $_POST['StartDateDay']; $endDateComp = $_POST['EndDateYear'] . '-' . $_POST['EndDateMonth'] . '-' . $_POST['EndDateDay']; $filename = mysql_real_escape_string($filename); $startDateComp = mysql_real_escape_string(GetSQLValueString($startDateComp, "date")); $endDateComp = mysql_real_escape_string(GetSQLValueString($endDateComp, "date")); $default = GetSQLValueString($_POST['Default'], "int"); $leftRight = GetSQLValueString($_POST['LeftRight'], "int"); $id = GetSQLValueString($_POST['TITLE'], "int"); /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; if(is_uploaded_file($_FILES['uploadedfile']['tmp_name'])){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { chmod($filename, 0777); $uploadNotice = "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded.<br />"; $insertSQL = "UPDATE PromoImages SET FileName='$filename', StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'"; } else{ $uploadNotice = "There was an error moving the file, previous file still in use!<br />"; $insertSQL = "UPDATE PromoImages SET StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'"; } } else{ $uploadNotice = "You did not upload a file. Previous file will be used.<br />"; $insertSQL = "UPDATE PromoImages SET StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'"; }

so here's my problem, i've finally tracked down the soucre of my inability to access a file uploaded to my server with php's move file function. aparently the sys admin has the server set to not allow access to files that are uploaded. he says i need to write a script to chnage the permission on the fles i upload. problem is i don't have the slightest clue where to start. so can anyone point me to a good tutorial or show my how to set file permissions with php? i'm not to worried about security on this project as the end client as specified not to include security features in the web page code as they are going to be implimenting all security features once we turn the site over to them.

it's a permission problem. i changed the folder. problem solved

well i finally got the stupid image uploader working, now i'm having a hell of a time getting the image to show up. here's my code to pull the filename from the db and place it in a var to be echoed later mysql_select_db($database_TestDB, $TestDB); $cdate = date ('Y-m-d'); $query_PromoLeftSelect = "SELECT * FROM PromoImages ORDER BY StartDate DESC Limit 1"; $PromoLeftSelect = mysql_query($query_PromoLeftSelect, $TestDB) or die(mysql_error()); $row_PromoLeftSelect = mysql_fetch_assoc($PromoLeftSelect); $totalRows_PromoLeftSelect = mysql_num_rows($PromoLeftSelect); $leftPromo = $row_PromoLeftSelect['FileName']; $query_PromoRightSelect = "SELECT * FROM PromoImages ORDER BY EndDate DESC Limit 1"; $PromoRightSelect = mysql_query($query_PromoRightSelect, $TestDB) or die(mysql_error()); $row_PromoRightSelect = mysql_fetch_assoc($PromoRightSelect); $totalRows_PromoRightSelect = mysql_num_rows($PromoRightSelect); $rightPromo = $row_PromoRightSelect['FileName']; this this is the code to put the image in the site... <img src="admin/uploads/<?php echo $leftPromo; ?>" alt="promo1" width="349" height="64" /> <img src="admin/uploads/<?php echo $rightPromo; ?>" alt="promo2" width="349" height="64" /> [code] here's a link to the file http://www.harwoodmarketinggroup.com/WIP/ [/code]

craygo you would be correct. problem solved. thanks.

here's the error You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'coconut3.jpg''), StartDate=(''30-11-1999''), EndDate=(''30-11-1 here's the code $insertSQL = "UPDATE PromoImages SET FileName='$filename', StartDate='$startDateComp', EndDate='$endDateComp', `Default`='$default', LeftRight='$leftRight' WHERE ID='$id'";

<input name="uploadedfile" size="32" type="file" /> how do style the browse button that appears with this code? i every time i try to assign a class to it, the field gets styled, but not the button.

well i have not clue what fixed but after i tried your second suggestion and it did not work, my originaly code started working for no apparent reason. go figure. some times i think my compuer just likes to jack with me. especially when my deadline is 8am the next day.

i added your if statment, no error message, but still no file upload. shouldn't the first if statment keep the script from executing until after the form is submited? $uploadNotice = "No File Uploaded Yet"; if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { // Where the file is going to be placed $target_path = "/uploads/"; $filename = basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; if(is_uploaded_file($_FILES['uploadedfile']['tmp_name'])){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { $uploadNotice = "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded.<br />"; } else{ $uploadNotice = "There was an error uploading the file, please try again!<br />"; } } //now we save the file location and info in the database $insertSQL = sprintf("INSERT INTO PromoImages (FileName, StartDate, EndDate, `Default`, LeftRight) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($filename, "text"), GetSQLValueString($_POST['StartDate'], "date"), GetSQLValueString($_POST['EndDate'], "date"), GetSQLValueString($_POST['Default'], "int"), GetSQLValueString($_POST['LeftRight'], "int")); mysql_select_db($database_TestDB, $TestDB); $Result1 = mysql_query($insertSQL, $TestDB) or die(mysql_error()); $insertGoTo = "ticker_create.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); }

here's the full code for another page with the same issue. it seems i can't get any dates to insert correctly. <? $FilePath = '../'; require ('../includes/header.inc'); ?> <?php require_once('../Connections/TestDB.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } $uploadNotice = "No File Uploaded Yet"; if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { // Where the file is going to be placed $target_path = "uploads/"; $filename = basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { $uploadNotice = "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded.<br />"; } else{ $uploadNotice = "There was an error uploading the file, please try again!<br />"; } //now we save the file location and info in the database $insertSQL = sprintf("INSERT INTO PromoImages (FileName, StartDate, EndDate, `Default`, LeftRight) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($filename, "text"), GetSQLValueString($_POST['StartDate'], "date"), GetSQLValueString($_POST['EndDate'], "date"), GetSQLValueString($_POST['Default'], "int"), GetSQLValueString($_POST['LeftRight'], "int")); mysql_select_db($database_TestDB, $TestDB); $Result1 = mysql_query($insertSQL, $TestDB) or die(mysql_error()); $insertGoTo = "ticker_create.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } ?> <div id="content"> <? require ('../includes/exploreNav.inc'); ?> <div id="mainContent"> <div align="left"><span class="contentHeader">UPLOAD A NEW TICKER</span></div> <br /> <img src="../images/common/dottedLine.gif" alt="dottedline" width="480" height="6" /><br /><br /> <p>Please fill out the information below.</p> <div class="mainContentHeading">Upload A New Ticker</div> <div class="mainContentBody" style="padding-top:5px; padding-bottom:5px; padding-right:30px; text-align:right"> <form enctype="multipart/form-data" method="post" name="form1" action="<?php echo $editFormAction; ?>"> <div style="float:right" align="left"> <input type="text" name="LeftRight" value="" size="32" /> <br /> <input type="hidden" name="URL" value="" size="32"> <input type="hidden" name="MAX_FILE_SIZE" value="100000" /> <input name="uploadedfile" size="32" type="file" /><br /> <?php if ($uploadNotice == "No File Uploaded Yet") { echo "File needs to be a .jpg or .gif (353 pixels wide and 65 pixels high)<br />"; } else { echo $uploadNotice; } ?> <input type="text" name="StartDate" value="<?php echo date('m-d-Y') ?>" size="32"><br /> <input type="text" name="EndDate" value="<?php echo date('m-d-Y') ?>" size="32" /><br /> <input type="text" name="Default" value="" size="32"><br /> <input type="hidden" name="MM_insert" value="form1"> </div> <div style="line-height:17pt; padding-top:3px"> Position Graphic: <br /> Choose file to upload: <br /><div style="line-height:15pt"><br /></div> Start Date: <br /> End Date: <br /> Default Image: </div> <br clear="all" /> <input type="submit" style="background-color:#000066; color:#FFFFFF; border:none; font-size:10px; margin-top:5px" value="Upload File"> </form> </div> <p> </p> <img src="../images/common/dottedLine.gif" alt="dottedline" width="480" height="6" /><br /> <p> </p> </div> <div id="contentOrangeBar"><img src="../images/common/inside_bar.gif" width="549" height="16" alt="inside bar" /></div> <!--This forces all content to scale with the medium--> <div style="clear:both;"> </div> </div> <? require ('../includes/footer.inc'); ?>

here's the code. <? $FilePath = '../'; require ('../includes/header.inc'); ?> <?php require_once('../Connections/TestDB.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } $uploadNotice = "No File Uploaded Yet"; if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { // Where the file is going to be placed $target_path = "uploads/"; $filename = basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { $uploadNotice = "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded.<br />"; } else{ $uploadNotice = "There was an error uploading the file, please try again!<br />"; } //now we save the file location and info in the database $insertSQL = sprintf("INSERT INTO PromoImages (FileName, StartDate, EndDate, `Default`, LeftRight) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($filename, "text"), GetSQLValueString($_POST['StartDate'], "date"), GetSQLValueString($_POST['EndDate'], "date"), GetSQLValueString($_POST['Default'], "int"), GetSQLValueString($_POST['LeftRight'], "int")); mysql_select_db($database_TestDB, $TestDB); $Result1 = mysql_query($insertSQL, $TestDB) or die(mysql_error()); $insertGoTo = "ticker_create.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } ?> <div id="content"> <? require ('../includes/exploreNav.inc'); ?> <div id="mainContent"> <div align="left"><span class="contentHeader">UPLOAD A NEW TICKER</span></div> <br /> <img src="../images/common/dottedLine.gif" alt="dottedline" width="480" height="6" /><br /><br /> <p>Please fill out the information below.</p> <div class="mainContentHeading">Upload A New Ticker</div> <div class="mainContentBody" style="padding-top:5px; padding-bottom:5px; padding-right:30px; text-align:right"> <form enctype="multipart/form-data" method="post" name="form1" action="<?php echo $editFormAction; ?>"> <div style="float:right" align="left"> <input type="text" name="LeftRight" value="" size="32" /> <br /> <input type="hidden" name="URL" value="" size="32"> <input type="hidden" name="MAX_FILE_SIZE" value="100000" /> <input name="uploadedfile" size="32" type="file" /><br /> <?php if ($uploadNotice == "No File Uploaded Yet") { echo "File needs to be a .jpg or .gif (353 pixels wide and 65 pixels high)<br />"; } else { echo $uploadNotice; } ?> <input type="text" name="StartDate" value="<?php echo date('m-d-Y') ?>" size="32"><br /> <input type="text" name="EndDate" value="<?php echo date('m-d-Y') ?>" size="32" /><br /> <input type="text" name="Default" value="" size="32"><br /> <input type="hidden" name="MM_insert" value="form1"> </div> <div style="line-height:17pt; padding-top:3px"> Position Graphic: <br /> Choose file to upload: <br /><div style="line-height:15pt"><br /></div> Start Date: <br /> End Date: <br /> Default Image: </div> <br clear="all" /> <input type="submit" style="background-color:#000066; color:#FFFFFF; border:none; font-size:10px; margin-top:5px" value="Upload File"> </form> </div> <p> </p> <img src="../images/common/dottedLine.gif" alt="dottedline" width="480" height="6" /><br /> <p> </p> </div> <div id="contentOrangeBar"><img src="../images/common/inside_bar.gif" width="549" height="16" alt="inside bar" /></div> <!--This forces all content to scale with the medium--> <div style="clear:both;"> </div> </div> <? require ('../includes/footer.inc'); ?> here's the link please try and upload a file. http://www.harwoodmarketinggroup.com/WIP/admin/promoImage_create.php the file uploads to the temp arrays, but 'm guessing the break down is in the move_uploaded_file. the reason i say this is the file name goes in to the db correctly, but the file is not uploaded and an error is generated.

evern with a Y-m-d date is stil returns the defalt value.

can't use now() becuase the user can change the date from today's date. i'll try the Y-m-d thing. but theart director has specified the the date needs to be m-d-Y.

here's the scrpit that generates a date <?php echo date('m-d-Y'); ?> here's the script that puts it in the db function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE PressReleases SET Title=%s, Body=%s, PubDate=%s WHERE ID=%s", GetSQLValueString($_POST['Title'], "text"), GetSQLValueString($_POST['Copy'], "text"), GetSQLValueString($_POST['PubDate'], "text"), GetSQLValueString($_POST['PRID'], "int")); } but every time i run the script the date in the db is the default date. the db is set up to give a default value of 0000-00-00.

lol i'm retarded i forgot to incriment currentdate. lol thanks guys. and thanks double for cleaning yup the loop for me jessie. big help

here's the code <select name="YEAR" size="1" style="width:100px"> <?php $current_year = date("Y"); do {?> <option value="<?php echo $current_year; ?>" <?php if ($yearText == $current_year) {?> selected="selected"> <?php echo $current_year; ?> </option> <?php } while ($current_year != 2001); ?> </select> am i doing this correctly? i think i am but apparently i'm not.

lol i finally found the error. it was a stupid aphostrophe in the database. i just got rid of it. but for future refrence, how do you escape something coming from a db if you don't know it's there or if it is there where it will be? thanks for the help though.

well i found one problem it was this <?php require('/includes/tickerSQL.php'); ?> should have been this <?php require('includes/tickerSQL.php'); ?> but now i get no data in my variables check out http://www.harwoodmarketinggroup.com/WIP/index.php to see what i mean. the black box that says click here at the top of the screen.

well i tried declaring them but still got nothing. i may try rewritting my code to get rid of the loop. that would sure be a dirty way to do it though.