Clinton

I just got on here and was going to post what I had then I saw what you guys had. :-) I used "if (($_FILES['userfile']['size']) > 60000)" then do it or else say it's too big. That's 60kb, right?

I just read that and am looking for an example on how to accomplish. But just in case someone beats me does n-e-one know where I might find one on how to do that?

Ok, gotcha. One more question about this... I see that I sent the MAX_FILE_SIZE but I don't see any reference to it on the imageup.php page. Does there need to be something that will error out if one has tried to upload a file too big?

I've used the code here to upload my image and everything works just fine. http://uk3.php.net/manual/en/features.file-upload.post-method.php <form enctype="multipart/form-data" action="imageup.php" method="POST"> <input type="hidden" name="MAX_FILE_SIZE" value="60000" /> Send this file: <input name="userfile" type="file" /><br /> <input type="submit" value="Save Logo" /> </form> imageup.php <?php $uploaddir = 'C:/xampp/htdocs/project/clogos/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); echo '<pre>'; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } echo 'Here is some more debugging info:'; print_r($_FILES); print "</pre>"; ?> My question is this... I could save the location and name of the uploaded file to a database but chances are that more than one individual has their logo named 'logo'. I don't want to check the db to see if that name already exists and then tell the user if it does to rename their logo simply because i'm sure some users will not know how to do that. Instead, I would rather change the name of the image that they uploaded to their username, which is stored as a session variable. What's the best way to go about this?

Ok, I guess I'll go that route. I'm sure I'll be needing help with script here in a few. :-)

Hey folks, I've read plenty of information on uploading images into MYSQL but I also ran into an article that said storing images into MySQL can result in headaches down the road if you have tons of people who all have logos. From what I gathered there is a way that one could upload the image onto the actual server and just save the location with MySQL. If this is possible which option do you recommend? And if you recommend saving it on the server and recalling the location do you know where there's any tutorials on how to do such a thing? I've been looking but no joy. Thanks,

Never Mind...

Thanks guys. I'm glad I'm not the only one who missed it... ;-)

Have I got this written wrong or does it not like the ***? if ((!empty($_POST['dtype']) OR ($_POST['dtype'] == "***SELECT***")) { $dtype = $_POST['dtype']; } else { $errors[] = '<font color="red">You did not enter a degree type.</font>'; } phpDesigner is saying unexpected {.

"That's it, I'm out of ideas. We're closed. Hot air balloon? Too expensive. Giant slingshot? Too conspicuous. Enormous wooden horse? Too Greek!" I know it's got to be something in that realm but I don't have the expertise like the rest of these guys. Sorry it didn't work.

$rest = substr("abcdef", 2, -1); // returns "cde" So.... try... $domain = substr("$domain", 7, 0); // The "" May not be right because it's a variable so you might have to change it to '' or none at all depending on its use but give that a shot. http://us3.php.net/manual/en/function.substr.php

Hmmm.... I know this one I just don't know how to answer it. I know there's like a substring or string something where you can edit the results and take out the http://.... let me see if I can find it....

Did you try ASC instead of DESC?

Ahhhhhhhhhhhhh... gotcha, gotcha. Thank you.

Ok, so it does a/b or in this case $i/2. $i starts off as 0 so 0/2 = 0 and it's the first style. Then it adds one $i++ so then it's 1/2, which is different then 0. But then we add one more, right??? Which then becomes 2/2... which equals 1... which is not 0... so how does the script work (and it does work, thank you.)???

How do I get every other result to highlight its background a different color? Here's me code: <table width="95%" border="0" cellspacing="0" cellpadding="1" class="boxtitle"> <?php $sql = "SELECT * FROM thelist WHERE username = '$uid' ORDER BY jpted"; $rs = mysql_query($sql); while($row = mysql_fetch_array($rs)) { extract($row); ?> <tr><td> <a href="editaj.php?jid=<?php echo $id; ?>"> <?php echo $jtitle; ?> </a></td> <td> <?php echo $city; ?>, <?php echo $state; ?> </td> <td><a href="editaj.php?jid=<?php echo $id; ?>"> Edit </a></td> <td><a href="editaj.php?jid=<?php echo $id; ?>&del=yes"> Delete </a></td> </td></tr> <?php } ?> </table>

Ok, it was the $clogo. Each organization within our office has their own logo and I was trying to take it from the users table and stick it in with the information table. It was reading the binary logo and echoing that so when it went to insert it into the db it was erroring out. I'll just recall the logo from the users table and go about it that way I guess.

I might have figured it out... which might bring me to another question...

Everything works up until it goes to insert it in the db and then it errors out. If the form is submitted, which submits to itself, and there is an error it echos out just fine. It's just when it goes to insert and, like I said, this is brand new. :-/ <?php session_start(); include 'connect/project.htm'; if(($_SESSION['logged_in'] == 1) && ($_SESSION['access_type'] == e)) { $uid = mysql_real_escape_string($_SESSION['user_id']); $query = mysql_query("SELECT * FROM employers WHERE username = '$uid'"); $row = mysql_fetch_assoc($query); extract($row); ?> <html> <head> <title>Welcome back <?php echo $prefix;?> <?php echo $lname;?></title> <link href="images/favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link rel="stylesheet" href="singlec.css" type="text/css" /> <link rel="stylesheet" href="constant.css" type="text/css" /> <SCRIPT> function clearDefaultandCSS(el) { if (el.defaultValue==el.value) el.value = "" } </SCRIPT> <style type="text/css"> #dhtmltooltip{ position: absolute; width: 150px; border: 2px solid black; padding: 2px; background-color: lightblue; color: darkblue; visibility: hidden; z-index: 100; /*Remove below line to remove shadow. Below line should always appear last within this CSS*/ filter: progid:DXImageTransform.Microsoft.Shadow(color=gray,direction=135); } </style> </head> <body> <div id="dhtmltooltip"></div> <script type="text/javascript"> /*********************************************** * Cool DHTML tooltip script- © Dynamic Drive DHTML code library (www.dynamicdrive.com) * This notice MUST stay intact for legal use * Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code ***********************************************/ var offsetxpoint=-60 //Customize x offset of tooltip var offsetypoint=20 //Customize y offset of tooltip var ie=document.all var ns6=document.getElementById && !document.all var enabletip=false if (ie||ns6) var tipobj=document.all? document.all["dhtmltooltip"] : document.getElementById? document.getElementById("dhtmltooltip") : "" function ietruebody(){ return (document.compatMode && document.compatMode!="BackCompat")? document.documentElement : document.body } function ddrivetip(thetext, thecolor, thewidth){ if (ns6||ie){ if (typeof thewidth!="undefined") tipobj.style.width=thewidth+"px" if (typeof thecolor!="undefined" && thecolor!="") tipobj.style.backgroundColor=thecolor tipobj.innerHTML=thetext enabletip=true return false } } function positiontip(e){ if (enabletip){ var curX=(ns6)?e.pageX : event.clientX+ietruebody().scrollLeft; var curY=(ns6)?e.pageY : event.clientY+ietruebody().scrollTop; //Find out how close the mouse is to the corner of the window var rightedge=ie&&!window.opera? ietruebody().clientWidth-event.clientX-offsetxpoint : window.innerWidth-e.clientX-offsetxpoint-20 var bottomedge=ie&&!window.opera? ietruebody().clientHeight-event.clientY-offsetypoint : window.innerHeight-e.clientY-offsetypoint-20 var leftedge=(offsetxpoint<0)? offsetxpoint*(-1) : -1000 //if the horizontal distance isn't enough to accomodate the width of the context menu if (rightedge<tipobj.offsetWidth) //move the horizontal position of the menu to the left by it's width tipobj.style.left=ie? ietruebody().scrollLeft+event.clientX-tipobj.offsetWidth+"px" : window.pageXOffset+e.clientX-tipobj.offsetWidth+"px" else if (curX<leftedge) tipobj.style.left="5px" else //position the horizontal position of the menu where the mouse is positioned tipobj.style.left=curX+offsetxpoint+"px" //same concept with the vertical position if (bottomedge<tipobj.offsetHeight) tipobj.style.top=ie? ietruebody().scrollTop+event.clientY-tipobj.offsetHeight-offsetypoint+"px" : window.pageYOffset+e.clientY-tipobj.offsetHeight-offsetypoint+"px" else tipobj.style.top=curY+offsetypoint+"px" tipobj.style.visibility="visible" } } function hideddrivetip(){ if (ns6||ie){ enabletip=false tipobj.style.visibility="hidden" tipobj.style.left="-1000px" tipobj.style.backgroundColor='' tipobj.style.width='' } } document.onmousemove=positiontip </script> <div id="tail"> <div class="main"> <div id="top"> <div id="logo"> <a href="index.php"><img src="images/logo.png" alt="" /></a> </div> <div class="right"> <div id="topmenuposition"> </div> <div id="topmenu"> <div class="module_s10"> <div> <div> <div> <ul class="menu-nav"> <li class="item60"><a href="index.php"><span><em>Home</em></span></a></li> <li class="item29"><a href="aboutus.php"><span><em>About Us</em></span></a></li> <li class="item54"><a href="resources.php"><span><em>Resources</em></span></a></li> <li class="item55"><a href="press.php"><span><em>Press/Media</em></span></a></li> <li class="item56"><a href="contact.php"><span><em>Contact Us</em></span></a></li></ul> </div> </div> </div> </div> </div> </div> </div> <div id="header"> <div class="bg-right"> <div class="bg-left"> <div class="space"><img src="images/banner.png" alt="" /></div> </div> </div> </div> <? if (isset($_POST['Submit'])) { $errors = array(); ///Checks for Errors/// if (!empty($_POST['jtitle'])) { $jtitle = $_POST['jtitle']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['dtype'])) { $dtype = $_POST['dtype']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['dmajorp'])) { $dmajorp = $_POST['dmajorp']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['cinfo'])) { $cinfo = $_POST['cinfo']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['city'])) { $city = $_POST['city']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['state'])) { $state = $_POST['state']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['status'])) { $status = $_POST['status']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['wexperience'])) { $wexperience = $_POST['wexperience']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['poverview'])) { $poverview = $_POST['poverview']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['pduties'])) { $pduties = $_POST['pduties']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['pqual'])) { $pqual = $_POST['pqual']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['salary'])) { $salary = $_POST['salary']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['benefits'])) { $benefits = $_POST['benefits']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['reloassist'])) { $reloassist = $_POST['reloassist']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['jobdecisiondate'])) { $jobdecisiondate = $_POST['jobdecisiondate']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['contactname'])) { $contactname = $_POST['contactname']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['contactnumber'])) { $contactnumber = $_POST['contactnumber']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } if (!empty($_POST['contactemail'])) { $contactemail = $_POST['contactemail']; } else { $errors[] = '<font color="red">You did not fill out this field.</font>'; } extract($_POST); if (empty($errors)) { $query = "INSERT INTO thelist (username, jtitle, dtype, dtypewc, dmajorp, dmajorc1, dmajorc2, dmajorc3, cname, cinfo, clogo, city, state, status, wexperience, wexperiencewc, careerlevel, contactname, contactnumber, contactemail, poverview, pduties, pqual, salary, benefits, reloassist, jobdecisiondate, extra, applyat) VALUES ('$username', '$jtitle', '$dtype', '$dtypewc', '$dmajorp', '$dmajorc1', '$dmajorc2', '$dmajorc3', '$cname', '$cinfo', '$clogo', '$city', '$state', '$status', '$wexperience', '$wexperiencewc', '$careerlevel', '$contactname', '$contactnumber', '$contactemail', '$poverview', '$pduties', '$pqual', '$salary', '$benefits', '$reloassist', '$jobdecisiondate', '$extra', '$applyat')"; ////IF THE JOB POSTS SUCCESFULLY//// ?> <div id="breadcrumb"> <div class="module_breadcrumb"> <div> <div> <div> <span class="breadcrumbs pathway"> <? $result = @mysql_query($query); ///IF I VIEW PAGE SOURCE THIS IS WHERE THE ERROR IS SHOWING/// if (mysql_affected_rows() == 1) { ?> Congratulations <?php echo $prefix;?> <?php echo $lname;?>. </span> </div> </div> </div> </div> </div> <div id="wrapper"> <div class="indent"> <div id="right"> <?php include 'mmenu.php'; ?> <?php include 'linmenu.php'; ?> </div> <div id="content"> <div class="content-tl"> <div class="content-tr"> <div class="width"> <div id="boxes"> <div id="box1"> <div class="module"> <div class="first"> <div class="sec min-height"> <div class="box-indent"> <div class="width"> <h3><span>Now What?</span></h3> <table width="95%" border="0" cellspacing="0" cellpadding="1" class="boxtitle"> <thead> <tr> <td>Post another?<br /> </td> </tr> </thead> <tr><td> <a href="emember.php">Click Here</a>. </td></tr> </table> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <div id="footer"> <div class="bg"> <div class="right-bg"> <div class="left-bg"> <div class="space"> © 2009 </div> </div> </div> </div> </div> </body> </html>

But i reverted back to an old file. Where is the corruption? In the db? The localhost? What a pain.

My scripts been working just fine and all of a sudden this popped up: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '9‡Nßoñ P»>XožžbRé:hárP¢ñýýý^5˜Éd' at line 1 I couldn't figure it out so I reverted back to a previously saved page that I know worked but I'm still getting the same error. I'm not sure why since the page is submitting to itself. ??? ANy ideas?

db connect include then an sql statement... <?php $sql = "SELECT * FROM $tbl_name WHERE (dtype = '$dtype' OR dtypewc = '$dtype') AND (dmajorp = '$smajor' OR dmajorc1 = '$smajor' OR dmajorc2 = '$smajor' OR dmajorc3 = '$smajor') $state_where $city_where ORDER BY jpted LIMIT $start, $limit"; $result = mysql_query($sql); ?>

Yea, what he said. :-)

Ok, how can code be injected if it's just querying?

Thanks beau. That worked perfectly. I didn't know that existed. Time to look it up.