petezaman

Thanks for the replies. I've tested the values being passed and they appear to work so I've just added another page with a manual redirect. It works

Hi all, I have two php pages, the first allows the user to select a directory in which to view the images and make selections to delete from that directory. The first page "imageoverviewselect" has this forms details <form action="imagesoverview.php" method="post" name="imageoption"> Thes second page "imagesoverview.php" uses the following snippets of code. <?php $upclass = $_POST['imageoption']; switch ($upclass) { case 1: $temphead = "Staff Profile Overview"; $tempdir = "../images/staff/"; break; case 2: $temphead = "Dolphins Class Activity Overview"; $tempdir = "../images/activities/dolphins/"; break; case 3: $temphead = "Dolphins Class Display Overview"; $tempdir = "../images/displays/dolphins/"; break; case 4: $temphead ="SeaHorses Class Activity Overview"; $tempdir = "../images/activities/seahorses/"; break; case 5: $temphead ="SeaHorses Class Display Overview"; $tempdir = "../images/displays/seahorses/"; break; case 6: $temphead ="Sharks Class Activity Overview"; $tempdir = "../images/activities/sharks/"; break; case 7: $temphead ="Sharks Class Display Overview"; $tempdir = "../images/displays/sharks/"; break; case 8: $temphead ="Turtles Class Activity Overview"; $tempdir = "../images/activities/turtles/"; break; case 9: $temphead = "Turtles Class Display Overview"; $tempdir = "../images/displays/turtles/"; break; case 10: $temphead = "Whales Class Activity Overview"; $tempdir = "../images/activities/whales/"; break; case 11: $temphead ="Whales Class Display Overview"; $tempdir = "../images/displays/whales/"; break; case 12: $temphead = "Trip/Visits Overview"; $tempdir = "../images/trips/"; break; } print '<h1>'. $temphead .'</h1> <p> Please Select Image Or Images To Delete Then Press The Submit Button At The Bottom Of The Page </p>'; ?> This gives the tempdir variable a name to work with. I then have this code to unlink the file. <?php $path = $_POST['tempdir']; if(isset($_POST['file']) && is_array($_POST['file'])){ foreach($_POST['file'] as $file) { unlink($path . "/" . $file) or die( "Unable To Delete File. Please Try Again Later" ); }}?> Followed by the following code to show the images. <form name="form1" method="post"> <?php $path = $tempdir; $dir_handle = @opendir($path) or die("Unable to open folder"); while (false !== ($file = readdir($dir_handle))) { if($file == "index.php") continue; if($file == ".") continue; if($file == "..") continue; if ($file == "getalbumpics.php") continue; echo "<input type='CHECKBOX' name='file[]' value='$file'>"; echo "Select <br>"; echo "<img src=\""; echo $path; echo $file; echo "\" width=\"160\" height=\"120\" ><br />"; } closedir($dir_handle); ?> <input type="hidden" name="tempdir" value="<?php echo $tempdir ?>" /> <input type="submit" name="Delete" value="Delete"></form> Now, on initially selecting the directory, a load of images are displayed correctly with a selection box and the delete button. However, after pressing delete, I would like the images to be shown again. It just shows the text and the Unable to Open Folder (from the die routine). If I remove the die command, the button shows back up. Any ideas? Cheers Pete

Hi, is there anybody who can point me towards a php script which will allow me to upload a file with the .pub extension and convert it to pdf or anything else which can be viewed on a web page? I know the person could just save the file as something else but they are quite stuck in their ways and dont like change. Cheers Pete

Thanks again for the speedy reply Alex, I will implement what you have said tomorrow. I need a break from this pc lol. I've been looking at the max file size stuff and I'm getting confused. Maybe a break will cure that. Cheers again Pete

Thanks for that Alex. Which of these would these be correct now? $name = mysql_real_escape_string($_POST['var']); or $name = (mysql_real_escape_string($_POST['var'])); If its the top one would I be correct in presuming the next three are right. $information = mysql_real_escape_string( $_POST['information']); stripslashes( mysql_real_escape_string( $information ) ); $user_name = mysql_real_escape_string( ($_POST['user_name']); I'm gathering that they are the only fields which are being passed to mysql in the code I've given so does that mean the code is fine, security wise? I'll have a look at the link you have provided and hopefully will be able to work out what I have to do. Thanks a million. Pete

Hi all, I have an image and text upload script which leads from a form where a user has been chosen from a combobox, this stores the link to the image and the text in a MySQL database. I have amended the form and script so that it works perfectly for files up to 3 meg in size but fails sometimes on files over that size. However, I have been asked to ensure the form is totally foolproof , i.e. maximum upload size, make sure only an image is uploaded, prevent sql injections. This is where I am struggling. Any help is greatly appreciated. Here is the selection code // Connect to the database $con = mysql_connect("localhost",$user,$password) or die ('Could not connect: ' . mysql_error()); mysql_select_db($database, $con); // Create the form, post to the same file echo "<form method='post' action='staffedit.php'>"; // Form a query to populate the combo-box $query = "SELECT id, name FROM staff ORDER BY name;"; // Successful query? if($result = mysql_query($query)) { // If there are results returned, prepare combo-box if($success = mysql_num_rows($result) > 0) { // Start combo-box echo "<select name='staffmember'>\n"; echo "<option>name</option>\n"; // For each item in the results... while ($row = mysql_fetch_array($result)) // Add a new option to the combo-box echo "<option value='$row[name]'>$row[name]</option>\n"; // End the combo-box echo "</select>\n"; } // No results found in the database else { echo "No results found."; } } // Error in the database else { echo "Failed to connect to database."; } // Add a submit button to the form echo "<input type='submit' value='Submit' /></form>"; ?> This then leads to an image and text upload form, shown below: I've tried to stop files over 3meg from being uploaded but it just prints "You have uploaded a photo of "JOE BLOGGS" and then does nothing else, ideally I'd like it to give a warning and return to the select picture form. <?php $name = $_POST['staffmember']; echo "<h1> Please Select A Photo of ". $name ."</h1>"; echo "Maximum File Size = 3 Megabytes"; echo "</br>"; echo "Larger Files Take Longer To Upload"; echo"</br>"; echo "Image and Text Must Be Completed Before Pressing Submit"; ?> <form method="post" action="staffshowedits.php" enctype="multipart/form-data" name="form1"> <input type="hidden" name="var" value="<?php echo $name?>" /> <p> <!-- MAX_FILE_SIZE must precede the file input field --> <input type="hidden" name="MAX_FILE_SIZE" value="30000" /> <input name="Photo" type="file" id="Photo"><br> </p> <?php echo "<h1>Insert some information about ". $name . "</h1>"; ?> <p> <textarea name="information" cols="60" rows="10" type="text" /> </textarea> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> The final page, which resizes the image and stores the link and staff members info in the database is below: <?php $name = $_POST['var']; $information = $_POST['information']; stripslashes( mysql_real_escape_string( $information ) ); $user_name = ($_POST['user_name']); echo "<h1> You have uploaded the following photo of ". $name ."</h1>"; ?> <div id="info"> <?php if ($_FILES['Photo'] != "") { //***************START OF RESIZE IMAGE******************** // The file $filename = $_FILES['Photo']['tmp_name']; // Set a maximum height and width $width = 160; $height = 120; // Get new dimensions list($width_orig, $height_orig) = getimagesize($filename); if ($width && ($width_orig < $height_orig)) { $width = ($height / $height_orig) * $width_orig; } else { $height = ($width / $width_orig) * $height_orig; } // Resample $image_p = imagecreatetruecolor($width, $height); $image = imagecreatefromjpeg($filename); imagecopyresampled($image_p, $image, 0, 0, 0, 0, $width, $height, $width_orig, $height_orig); // Output imagejpeg($image_p, $filename, 100); //***************END OF RESIZE IMAGE******************** //RENAME PHOTO AND MOVE TO PROPER FOLDER $randomnumber = rand(1,100000); $id = "staff"; //This must be the name of the file on the corresponding webpage $extension = strrchr($_FILES['Photo']['name'],'.'); $extension = strtolower($extension); $save_path = '../images/staff/'; //path to original file to be replaced $NewPhotoName = $id . $extension; $filename = $save_path . $id . $randomnumber . $extension; move_uploaded_file($_FILES['Photo']['tmp_name'],$filename); $TimeStamp = (date( "His" )); /*update records according to name */ $db="DATABASE_NAME"; $link = mysql_connect('localhost', 'USERNAME', PASSWORD'); if (! $link) die(mysql_error()); mysql_select_db($db , $link) or die("Select Error: ".mysql_error()); $update=mysql_query("UPDATE staff SET imagelink='$filename', info='$information' WHERE name='$name'")or die(mysql_error()); mysql_close($link); /* Show the changes */ $db="DATABASE_NAME"; $link = mysql_connect('localhost', 'USERNAME', 'PASSWORD'); if (! $link) die(mysql_error()); mysql_select_db($db , $link) or die("Select Error: ".mysql_error()); $classname=mysql_query("SELECT classname FROM staff WHERE name='$name'"); $row = mysql_fetch_array( $classname ); echo "<img src=\"$filename?$TimeStamp\">"; echo "<br>"; echo "<h1>and the following text to the website</h1>"; echo stripslashes($information); echo "<br>"; echo "<a href=\"staffselect.php\">Click Here To Amend Another Member Of Staff</a>"; echo "<br>"; echo "<a href=\"../"; echo $row['classname']; echo "staff.php\" target =\"blank\">Click Here To View The Amended Web Page(Opens in new window)</a>"; mysql_close($link); } ?> </div> As you can see, I have tried to implement some security and restrict the upload size but could do with a few pointers or maybe some critical evaluation. (Not too harsh, I'm only learning ) Cheers Pete

Hi all, I'm afraid I'm stuck again. Is there a tutorial available or any snippets which will walk me through uploading a number of fields to a database. The fields I want to add are: ID - auto increment Name - Text Only Class - Taken from a combobox with fields already filled in Role - Taken from a combobox with fields already filled in Image - Uploaded and resized to a certain size (either stored in the database or linked to it) Info - 1000 characters including , and ' At the moment I have a page which can list and edit all the fields, I also have a page which can upload and resize an image. Is it possible to combine the two? Regards Pete

Thanks Jay and Cags, I've changed the div to a class and it works perfectly. You guys are stars. Now I can try and figure out how to store the image link in the database after an image has been uploaded. Thanks again Pete

Hi all, I'm pretty new to php and MySql and have hit a problem. I am able to display data in a table using the following code: <?php $database="MYDATABASE"; mysql_connect ("localhost", "MYUSERNAME", "MYPASSWORD"); @mysql_select_db($database) or die( "Unable to select database"); $result = mysql_query( "SELECT field1, field2, field3 FROM staff WHERE `group` = 'group1' ORDER BY `role` " ) or die("SELECT Error: ".mysql_error()); $num_rows = mysql_num_rows($result); print "There are $num_rows records.<P>"; print "<table width=200 border=1>\n"; while ($get_info = mysql_fetch_row($result)){ print "<tr>\n"; foreach ($get_info as $field) print "\t<td><font face=arial size=1/>$field</font></td>\n"; print "</tr>\n"; } print "</table>\n"; ?> However, I would like to display the results using the following format: <div id="info"><!--this is a div contanier for info"--> <h1> field1 </h1> <img src="field2" class="floatLeft" /><p>field3</p> </div><!--close info div--> Obviously, if there was more than one row of results, it would repeat the above format for each row. Any help would be greatly appreciated Thanks Pete