Jump to content

btr4

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

btr4's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. btr4
    Solved it, thanks for the help.
  2. btr4
    Update: I changed the code, and the file still uploads to the right location, though the filename is still not put into the database. This time, however, I do receive the error : "There was an error uploading the file, please try again!", which is defined by the final else statement. Code: <?php /* Where the file is going to be placed */ $target_path = "../images/"; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['staffpic']['name']); $target_path = "../images/"; $target_path = $target_path . basename( $_FILES['staffpic']['name']); $filename = $_FILES['staffpic']['name']; move_uploaded_file($_FILES['staffpic']['tmp_name'], $target_path) ; require_once('../Connections/hcc.php'); if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $colname_rsStaff = "-1"; if (isset($_GET['id'])) { $colname_rsStaff = $_GET['id']; } mysql_select_db($database_hcc, $hcc); $query_rsStaff = sprintf("SELECT * FROM cms_staff WHERE staffid = %s", GetSQLValueString($colname_rsStaff, "int")); $rsStaff = mysql_query($query_rsStaff, $hcc) or die(mysql_error()); $row_rsStaff = mysql_fetch_assoc($rsStaff); $totalRows_rsStaff = mysql_num_rows($rsStaff); if ((isset($_POST["submit"])) && ($_POST["submit"] == "form1")) { $updateSQL = sprintf("UPDATE cms_staff SET staffpic='$filename' WHERE staffid=%s", GetSQLValueString($_POST['staffid'], "int")); mysql_select_db($database_hcc, $hcc); $Result1 = mysql_query($updateSQL, $hcc) or die(mysql_error()); $updateGoTo = "staff_cp.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: staff_cp.php", $updateGoTo)); } else{ echo "There was an error uploading the file, please try again!"; } ?> I would appreciate any and all help. I feel like this script is very close to completion.
  3. btr4
    So, I'm trying to get a file to upload to a location, and then put the file name into a corresponding table in mysql. Code is as follows: <?php /* Where the file is going to be placed */ $target_path = "../images/"; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['staffpic']['name']); $target_path = "../images/"; $target_path = $target_path . basename( $_FILES['staffpic']['name']); if(move_uploaded_file($_FILES['staffpic']['tmp_name'], $target_path)) { require_once('../Connections/hcc.php'); if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE cms_staff SET staffname=%s, staffbio=%s, staffpos=%s WHERE staffid=%s", GetSQLValueString($_FILES['staffpic']['name'], "text"), GetSQLValueString($_POST['staffid'], "int")); mysql_select_db($database_hcc, $hcc); $Result1 = mysql_query($updateSQL, $hcc) or die(mysql_error()); $updateGoTo = "staff_cp.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: staff_cp.php", $updateGoTo)); } $colname_rsStaff = "-1"; if (isset($_GET['id'])) { $colname_rsStaff = $_GET['id']; } mysql_select_db($database_hcc, $hcc); $query_rsStaff = sprintf("SELECT * FROM cms_staff WHERE staffid = %s", GetSQLValueString($colname_rsStaff, "int")); $rsStaff = mysql_query($query_rsStaff, $hcc) or die(mysql_error()); $row_rsStaff = mysql_fetch_assoc($rsStaff); $totalRows_rsStaff = mysql_num_rows($rsStaff); } else{ echo "There was an error uploading the file, please try again!"; } ?> This will upload the file, and place it into the proper folder. After that, I get a blank screen, and the file name will not be put into the table. Any help?
  4. btr4
    I tried the code above to no avail, but I did some research, and came up with something like this: <?php require_once('../Connections/hcc.php'); ?> <?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 70000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("../admin/images/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "../admin/images/" . $_FILES["file"]["name"]); } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE cms_staff SET staffpic=%s WHERE staffid=%s", GetSQLValueString($_POST['staffpic'], "text"); mysql_select_db($database_hcc, $hcc); $Result1 = mysql_query($updateSQL, $hcc) or die(mysql_error()); $updateGoTo = "staff_cp.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: staff_cp.php", $updateGoTo)); } $colname_rsStaff = "-1"; if (isset($_GET['id'])) { $colname_rsStaff = $_GET['id']; } mysql_select_db($database_hcc, $hcc); $query_rsStaff = sprintf("SELECT * FROM cms_staff WHERE staffid = %s", GetSQLValueString($colname_rsStaff, "int")); $rsStaff = mysql_query($query_rsStaff, $hcc) or die(mysql_error()); $row_rsStaff = mysql_fetch_assoc($rsStaff); $totalRows_rsStaff = mysql_num_rows($rsStaff); ?> <?php mysql_free_result($rsStaff); ?> When I click 'upload' on the form, I'm returned with an error: Parse error: syntax error, unexpected ';' in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\HCC\admin\test.php on line 74, which most likely concerns the following block: if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE cms_staff SET staffpic=%s WHERE staffid=%s", GetSQLValueString($_POST['staffpic'], "text"); Am I at least on the right track?
  5. btr4
    Ok, so just to be clear: On the form, I want the post action to run the upload script first. Then, I want the database insertion to occur. So, something like this (assuming the post action is to run this): /* Session validation goes here */ require_once ('../admin/upload_staff.php') <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "addstaff")) { $insertSQL = sprintf("INSERT INTO cms_staff (staffname, staffbio, staffpic) VALUES (%s, %s, %s)", GetSQLValueString($_POST['staffname'], "text"), GetSQLValueString($_POST['staffbio'], "text"), GetSQLValueString($_POST['staffpic'], "text")); mysql_select_db($database_hcc, $hcc); $Result1 = mysql_query($insertSQL, $hcc) or die(mysql_error()); $insertGoTo = "success.html"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } ?> Now, I'm pretty sure that will upload the picture and post the staff name and bio into the database, but the picture location won't be put in. I'm a little confused as to how to get the location to insert.
  6. btr4
    Yeah, that's what I thought the issue may be. Now, is it possible to have a require_once pointing to the upload script, then carry on with the validation/inserting?
  7. btr4
    Hello again, and sorry for so many questions. I'm creating a staff management page, where you can insert (so far) the staff member's name, their biography, and a picture. So far, inserting the bio and name works fine, but I can't get the picture to upload, or have the filename show up in the database. Initially, I had a separate form for uploading a picture, and it worked, though I didn't have it set up to add the file to the database. I'm trying to condense the forms into one for simplicity for the user. Here's the code I have for inserting the information into the database: $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "addstaff")) { $insertSQL = sprintf("INSERT INTO cms_staff (staffname, staffbio, staffpic) VALUES (%s, %s, %s)", GetSQLValueString($_POST['staffname'], "text"), GetSQLValueString($_POST['staffbio'], "text"), GetSQLValueString($_POST['staffpic'], "text")); mysql_select_db($database_hcc, $hcc); $Result1 = mysql_query($insertSQL, $hcc) or die(mysql_error()); $insertGoTo = "upload_staff.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; The $insertGoTo will then try to process the following script (upload_staff.php): <?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 70000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("../images/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "../images/" . $_FILES["file"]["name"]); echo "Stored in: " . "../images/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } $insertGoTo = "success.html"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); ?> My guess is that after upload_staff.php loads, it no longer has the values from the form, so has nothing to upload/move/show. Any ideas on how to combine the upload script with the database inserting script? And how do I resolve the issue of the picture name not being put into the database?
  8. btr4
    Sorry for the quadruple post, but I believe I have solved my own issue. I changed the line: $query_rsStaff = sprintf("SELECT * FROM cms_staff WHERE staffid = %s", ($colname_rsStaff, "int")); to: $query_rsStaff = sprintf("SELECT * FROM cms_staff WHERE staffid > %s", ($colname_rsStaff, "int")); So, it turns out, the variables and queries were working properly, just that one line that said in order for an entry to appear, it HAD to have whatever value $colname_rsStaff had. Woot! once again, sorry for the quadruple post, and thank you mjdamato for your help!
  9. btr4
    Hmmm, if I change $colname_rsStaff = "-1"; to have a value of 1, it WILL pull through the first entry in the database. Is there a way to have it start from 1, and cycle to the last entry?
  10. btr4
    Update, this is the code Dreamweaver automatically put in: <?php require_once('../Connections/hcc.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = ""; $MM_donotCheckaccess = "true"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $colname_rsStaff = "-1"; if (isset($_GET['id'])) { $colname_rsStaff = $_GET['id']; } mysql_select_db($database_hcc, $hcc); $query_rsStaff = sprintf("SELECT * FROM cms_staff WHERE staffid = %s", ($colname_rsStaff, "int")); $rsStaff = mysql_query($query_rsStaff, $hcc) or die(mysql_error()); $row_rsStaff = mysql_fetch_assoc($rsStaff); $totalRows_rsStaff = mysql_num_rows($rsStaff); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/admin_temp.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <!-- InstanceBeginEditable name="doctitle" --> <title>Link Management System</title> <!-- InstanceEndEditable --> <link href="../style/admin_style.css" rel="stylesheet" type="text/css" /> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> </head> <body> <div id="wrapper"> <div id="header"> <p>Control Panel</p> <p> </p> </div> <div id="navigation"> <ul id="mainav"> <li></li> <li></li> <li><a href="logout.php">logout</a></li> <li id="front"><a href="../index.php" target="_blank">front</a></li> </ul> </div> <div id="container"><!-- InstanceBeginEditable name="edit_content" --> <p id="ptitle">Manage Staff</p> <p> </p> <p></p> <?php if ($totalRows_rsStaff > 0) { // Show if recordset not empty ?> <table border="0" cellpadding="0" cellspacing="0" id="tblrepeat"> <tr> <th>Staff Name</th> <th>Remove</th> <th>Edit</th> </tr> <?php do { ?> <tr> <td><?php echo $row_rsStaff['staffname']; ?></td> <td><a href="staff_delete.php?id=<?php echo $row_rsStaff['staffid']; ?>">Remove</a></td> <td><a href="staff_edit.php?id=<?php echo $row_rsStaff['staffid']; ?>">Edit</a></td> </tr> <?php } while ($row_rsStaff = mysql_fetch_assoc($rsStaff)); ?> </table> <?php } // Show if recordset not empty ?> <?php if ($totalRows_rsStaff == 0) { // Show if recordset empty ?> <p>Sorry, there are no records matching your searching criteria.</p> <?php } // Show if recordset empty ?> <a href="staff_add.php">Add Staff</a> <!-- InstanceEndEditable --></div> <div id="footer"><p>© Web Designer Justin Bell</p></div> </div> </body> <!-- InstanceEnd --></html> <?php mysql_free_result($rsStaff); ?> Sorry for the length, I just can't seem to isolate what would be causing this.
  11. btr4
    I removed the class settings like you suggested, went over the code, and it seemed a lot easier to get running. Thank you!
  12. btr4
    I changed the code, yet it gives me the same thing: a blank page with no staff members, even if they are in the database.
  13. btr4
    Ok, so here's a code I've been working on using Dreamweaver functions to insert/delete/update a database that contains staff information. This is one of the last hurdles I need to jump over to get the concept working the way it needs to. <?php if ($totalRows_rsStaff > 0) { // Show if recordset not empty ?> <table border="0" cellpadding="0" cellspacing="0" id="tblrepeat"> <tr> <th>Staff Name</th> <th>Remove</th> <th>Edit</th> </tr> <?php do { ?> <tr> <td><?php echo $row_rsStaff['staffname']; ?></td> <td><a href="staff_delete.php?id=<?php echo $row_rsStaff['staffid']; ?>">Remove</a></td> <td><a href="staff_edit.php?id=<?php echo $row_rsStaff['staffid']; ?>">Edit</a></td> </tr> <?php } while ($row_rsStaff = mysql_fetch_assoc($rsStaff)); ?> </table> <br /> <?php } // Show if recordset not empty ?> Now, what happens is, when I go to the staff control page, just the link I have for adding a staff member shows up, even though there is one staff entry in the database. Can I just make do without the "show if recordset is not empty" coding and get along fine? Or are there any other ways to code this that doesn't just involve deleting the function? Thanks!
  14. btr4
    Code for the systemcomponent.php file (password omitted) <?php class SystemComponent { var $settings; function getSettings() { /* System Variables */ $settings['siteDir'] = '/../linkexchangesystem/'; /* Database Variables */ $settings['dbhost'] = 'localhost'; $settings['dbusername'] = 'admin'; $settings['dbpassword'] = 'bloop'; $settings['dbname'] = 'dbhcc'; return $settings; } } ?>
  15. btr4
    Hmmm, still receiving the same errors.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.