sandbudd Posted August 21, 2008 Share Posted August 21, 2008 I am getting this error and seem to figure it out so here I am turning the pros You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.fortwayneanodizing.com/rfq/upload/download.php?f=Hawaii2008_004634787' at line 1 This is to upload images... <?php $db_host = 'localhost'; // don't forget to change $db_user = ''; $db_pwd = ''; $database = ''; $table = ; if (!mysql_connect($db_host, $db_user, $db_pwd)) die("Can't connect to database"); if (!mysql_select_db($database)) die("Can't select database"); $Domain="http://".$_SERVER['HTTP_HOST']; ///////// $save_path="upload/"; ///////// $file = $_FILES['userfile']; $k = count($file['name']); for($i=0;$i< $k ;$i++) { if(isset($save_path) && $save_path!="") { $random_digit=rand(0000,9999999); $name = split('/',$file['name'][$i]); $name = str_replace("\\","",$name); $name = str_replace("'","",$name); $name = str_replace("","_",$name); $name = str_replace(" ","_",$name); $name = str_replace(".",$random_digit.".",$name); $name = str_replace(".",$random_digit.".",$name); if(move_uploaded_file($file['tmp_name'][$i], $save_path . $name[count($name)-1])) { //// download the file///// $finalfile.="<li><a href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>"; $list_files.="<li>".$name[count($name)-1]."</li>"; } } } ?> <?php $f_1 = $_FILES['userfile[0]']['name'] ; $f_2 = $_FILES['file2']['name'] ; $f_3 = $_FILES['file3']['name'] ; $f_4 = $_FILES['file4']['name'] ; $f_5 = $_FILES['file5']['name'] ; $f_6 = $_FILES['file6']['name'] ; $f_7 = $_FILES['file7']['name'] ; $f_8 = $_FILES['file8']['name'] ; $f_9 = $_FILES['file9']['name'] ; $f_10 = $_FILES['file10']['name'] ; $f_11 = $_FILES['file11']['name'] ; $f_12 = $_FILES['file12']['name'] ; $f_13 = $_FILES['file13']['name'] ; $f_14 = $_FILES['file14']['name'] ; $f_15 = $_FILES['file15']['name'] ; $f_16 = $_FILES['file16']['name'] ; $f_17 = $_FILES['file17']['name'] ; $f_18 = $_FILES['file18']['name'] ; $f_19 = $_FILES['file19']['name'] ; $f_20 = $_FILES['file20']['name'] ; $customer = $_POST['customer']; $company = $_POST['company']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip_code = $_POST['zip_code']; $email = $_POST['email']; $phone = $_POST['phone']; $fax = $_POST['fax']; $type2 = $_POST['type2']; $type3 = $_POST['type3']; $burnish = $_POST['burnish']; $chromate = $_POST['chromate']; $hex = $_POST['hex']; $impregnation = $_POST['impregnation']; $strip = $_POST['strip']; $part = $_POST['part']; $description = $_POST['description']; $alloy = $_POST['alloy']; $quantity = $_POST['quantity']; $spec = $_POST['spec']; $color = $_POST['color']; $repeat_customer = $_POST['repeat_customer']; $isearch = $_POST['isearch']; $internet_directory = $_POST['internet_directory']; $referral = $_POST['referral']; $yellow_pages = $_POST['yellow_pages']; $trade = $_POST['trade']; $other = $_POST['other']; $notes = $_POST['notes']; mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes,finalfile) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes','$finalfile')") or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
lemmin Posted August 21, 2008 Share Posted August 21, 2008 You most likely have a character like a quote breaking the syntax. Run mysql_real_escape_string() on all of your variables that you put in the query. Also, you might want to consider normalizing your database, it would make it a lot easier to catch errors like this. Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 21, 2008 Author Share Posted August 21, 2008 lemmin I ran it and get this error Parse error: syntax error, unexpected T_VARIABLE in /home/anodizi/public_html/rfq/include2.php on line 60 here is line 60 and 61 $finalfile.="<li><a href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>"; $list_files.="<li>".$name[count($name)-1]."</li>"; Quote Link to comment Share on other sites More sharing options...
lemmin Posted August 21, 2008 Share Posted August 21, 2008 I think the error is actually going to be in the command that comes immediately before the one on like 60. Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 21, 2008 Author Share Posted August 21, 2008 lemmin I dont think that I am putting this mysql_real_escape_string() in the right place...where do I put that in the code please? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted August 21, 2008 Share Posted August 21, 2008 around every variable that needs the function performed on it. probably every variable you use in the SQL. $customer = mysql_real_escape_string($_POST['customer']); $company = mysql_real_escape_string($_POST['company']); $address =mysql_real_escape_string( $_POST['address']); // etc. Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 21, 2008 Author Share Posted August 21, 2008 If this helps the actual name of the file that uploaded to the server was Hawaii2008_00463478766347876.jpg don't know if it is not showing the entire file because the file was uploaded? and it wont display http://www.fortwayneanodizing.com/rfq/upload/download.php?f=Hawaii2008_00463478766347876.jpg but I can download off the server and the image is there? Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 21, 2008 Author Share Posted August 21, 2008 http://www.fortwayneanodizing.com/rfq/upload/download.php?f=Hawaii2008_00463478766347876.jpg http://www.fortwayneanodizing.com/rfq/upload/Hawaii2008_00463478766347876.jpg this does work and can view if this helps Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 22, 2008 Author Share Posted August 22, 2008 friendly bump...does anyone have any suggestions? Quote Link to comment Share on other sites More sharing options...
lemmin Posted August 22, 2008 Share Posted August 22, 2008 Are you still getting the error on line 60? If so, can you post more code from above it? Otherwise, did you escape all of your variables? Can you post the code where you did that? Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 25, 2008 Author Share Posted August 25, 2008 here is what I did to the code and I get this error.... Fatal error: Cannot use string offset as an array in /home/anodizi/public_html/rfq/test.php on line 37 this is line 37 $name = mysql_real_escape_string(split('/',$file['name'][$i])); <?php $db_host = ''; $db_user = ''; $db_pwd = ''; $database = 'anodizi_pass'; $table = 'ae_gallery'; if (!mysql_connect($db_host, $db_user, $db_pwd)) die("Can't connect to database"); if (!mysql_select_db($database)) die("Can't select database"); $Domain="http://".$_SERVER['HTTP_HOST']; ///////// $save_path=mysql_real_escape_string("upload/"); ///////// $file = mysql_real_escape_string($_FILES['userfile']); $k = mysql_real_escape_string(count($file['name'])); for($i=0;$i< $k ;$i++) { if(isset($save_path) && $save_path!="") { $random_digit=mysql_real_escape_string(rand(0000,9999999)); $name = mysql_real_escape_string(split('/',$file['name'][$i])); $name = mysql_real_escape_string(str_replace("\\","",$name)); $name = mysql_real_escape_string(str_replace("'","",$name)); $name = mysql_real_escape_string(str_replace("","_",$name)); $name = mysql_real_escape_string(str_replace(" ","_",$name)); $name = mysql_real_escape_string(str_replace(".",$random_digit.".",$name)); $name = mysql_real_escape_string(str_replace(".",$random_digit.".",$name)); if(move_uploaded_file($file['tmp_name'][$i], $save_path . $name[count($name)-1])) { //// download the file///// $finalfile.="<li><a href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>"; $list_files.="<li>".$name[count($name)-1]."</li>"; } } } ?> <?php $f_1 = mysql_real_escape_string($_FILES['userfile[0]']['name']) ; $f_2 = mysql_real_escape_string($_FILES['file2']['name']) ; $f_3 = mysql_real_escape_string($_FILES['file3']['name']) ; $f_4 = mysql_real_escape_string($_FILES['file4']['name']) ; $f_5 = mysql_real_escape_string($_FILES['file5']['name']) ; $f_6 = mysql_real_escape_string($_FILES['file6']['name']) ; $f_7 = mysql_real_escape_string($_FILES['file7']['name']) ; $f_8 = mysql_real_escape_string($_FILES['file8']['name']) ; $f_9 = mysql_real_escape_string($_FILES['file9']['name']) ; $f_10 = mysql_real_escape_string($_FILES['file10']['name']) ; $f_11 = mysql_real_escape_string($_FILES['file11']['name']) ; $f_12 = mysql_real_escape_string($_FILES['file12']['name']) ; $f_13 = mysql_real_escape_string($_FILES['file13']['name']) ; $f_14 = mysql_real_escape_string($_FILES['file14']['name']) ; $f_15 = mysql_real_escape_string($_FILES['file15']['name']) ; $f_16 = mysql_real_escape_string($_FILES['file16']['name']) ; $f_17 = mysql_real_escape_string($_FILES['file17']['name']) ; $f_18 = mysql_real_escape_string($_FILES['file18']['name']) ; $f_19 = mysql_real_escape_string($_FILES['file19']['name']) ; $f_20 = mysql_real_escape_string($_FILES['file20']['name']) ; $customer = mysql_real_escape_string($_POST['customer']); $company = mysql_real_escape_string($_POST['company']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip_code = mysql_real_escape_string($_POST['zip_code']); $email = mysql_real_escape_string($_POST['email']); $phone = mysql_real_escape_string($_POST['phone']); $fax = mysql_real_escape_string($_POST['fax']); $type2 = mysql_real_escape_string($_POST['type2']); $type3 = mysql_real_escape_string($_POST['type3']); $burnish = mysql_real_escape_string($_POST['burnish']); $chromate = mysql_real_escape_string($_POST['chromate']); $hex = mysql_real_escape_string($_POST['hex']); $impregnation = mysql_real_escape_string($_POST['impregnation']); $strip = mysql_real_escape_string($_POST['strip']); $part = mysql_real_escape_string($_POST['part']); $description = mysql_real_escape_string($_POST['description']); $alloy = mysql_real_escape_string($_POST['alloy']); $quantity = mysql_real_escape_string($_POST['quantity']); $spec = mysql_real_escape_string($_POST['spec']); $color = mysql_real_escape_string($_POST['color']); $repeat_customer = mysql_real_escape_string($_POST['repeat_customer']); $isearch = mysql_real_escape_string($_POST['isearch']); $internet_directory = mysql_real_escape_string($_POST['internet_directory']); $referral = mysql_real_escape_string($_POST['referral']); $yellow_pages = mysql_real_escape_string($_POST['yellow_pages']); $trade = mysql_real_escape_string($_POST['trade']); $other = mysql_real_escape_string($_POST['other']); $notes = mysql_real_escape_string($_POST['notes']); mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes,finalfile) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes','$finalfile')") or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
trq Posted August 25, 2008 Share Posted August 25, 2008 Yeah, split returns an array, while mysql_real_esacpe_string() expects a string. Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 25, 2008 Author Share Posted August 25, 2008 thanks thorpe I changed back to this and still get the same error? Fatal error: Cannot use string offset as an array in /home/anodizi/public_html/rfq/test2.php on line 37 <?php $db_host = ''; $db_user = ''; $db_pwd = ''; $database = ''; $table = ''; if (!mysql_connect($db_host, $db_user, $db_pwd)) die("Can't connect to database"); if (!mysql_select_db($database)) die("Can't select database"); $Domain="http://".$_SERVER['HTTP_HOST']; ///////// $save_path=mysql_real_escape_string("upload/"); ///////// $file = mysql_real_escape_string($_FILES['userfile']); $k = mysql_real_escape_string(count($file['name'])); for($i=0;$i< $k ;$i++) { if(isset($save_path) && $save_path!="") { $random_digit=mysql_real_escape_string(rand(0000,9999999)); $name = split('/',$file['name'][$i]); $name = str_replace("\\","",$name); $name = str_replace("'","",$name); $name = str_replace("","_",$name); $name = str_replace(" ","_",$name); $name = str_replace(".",$random_digit.".",$name); $name = str_replace(".",$random_digit.".",$name); if(move_uploaded_file($file['tmp_name'][$i], $save_path . $name[count($name)-1])) { //// download the file///// $finalfile.="<li><a href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>"; $list_files.="<li>".$name[count($name)-1]."</li>"; } } } ?> <?php $f_1 = mysql_real_escape_string($_FILES['userfile[0]']['name']) ; $f_2 = mysql_real_escape_string($_FILES['file2']['name']) ; $f_3 = mysql_real_escape_string($_FILES['file3']['name']) ; $f_4 = mysql_real_escape_string($_FILES['file4']['name']) ; $f_5 = mysql_real_escape_string($_FILES['file5']['name']) ; $f_6 = mysql_real_escape_string($_FILES['file6']['name']) ; $f_7 = mysql_real_escape_string($_FILES['file7']['name']) ; $f_8 = mysql_real_escape_string($_FILES['file8']['name']) ; $f_9 = mysql_real_escape_string($_FILES['file9']['name']) ; $f_10 = mysql_real_escape_string($_FILES['file10']['name']) ; $f_11 = mysql_real_escape_string($_FILES['file11']['name']) ; $f_12 = mysql_real_escape_string($_FILES['file12']['name']) ; $f_13 = mysql_real_escape_string($_FILES['file13']['name']) ; $f_14 = mysql_real_escape_string($_FILES['file14']['name']) ; $f_15 = mysql_real_escape_string($_FILES['file15']['name']) ; $f_16 = mysql_real_escape_string($_FILES['file16']['name']) ; $f_17 = mysql_real_escape_string($_FILES['file17']['name']) ; $f_18 = mysql_real_escape_string($_FILES['file18']['name']) ; $f_19 = mysql_real_escape_string($_FILES['file19']['name']) ; $f_20 = mysql_real_escape_string($_FILES['file20']['name']) ; $customer = mysql_real_escape_string($_POST['customer']); $company = mysql_real_escape_string($_POST['company']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip_code = mysql_real_escape_string($_POST['zip_code']); $email = mysql_real_escape_string($_POST['email']); $phone = mysql_real_escape_string($_POST['phone']); $fax = mysql_real_escape_string($_POST['fax']); $type2 = mysql_real_escape_string($_POST['type2']); $type3 = mysql_real_escape_string($_POST['type3']); $burnish = mysql_real_escape_string($_POST['burnish']); $chromate = mysql_real_escape_string($_POST['chromate']); $hex = mysql_real_escape_string($_POST['hex']); $impregnation = mysql_real_escape_string($_POST['impregnation']); $strip = mysql_real_escape_string($_POST['strip']); $part = mysql_real_escape_string($_POST['part']); $description = mysql_real_escape_string($_POST['description']); $alloy = mysql_real_escape_string($_POST['alloy']); $quantity = mysql_real_escape_string($_POST['quantity']); $spec = mysql_real_escape_string($_POST['spec']); $color = mysql_real_escape_string($_POST['color']); $repeat_customer = mysql_real_escape_string($_POST['repeat_customer']); $isearch = mysql_real_escape_string($_POST['isearch']); $internet_directory = mysql_real_escape_string($_POST['internet_directory']); $referral = mysql_real_escape_string($_POST['referral']); $yellow_pages = mysql_real_escape_string($_POST['yellow_pages']); $trade = mysql_real_escape_string($_POST['trade']); $other = mysql_real_escape_string($_POST['other']); $notes = mysql_real_escape_string($_POST['notes']); mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes,finalfile) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes','$finalfile')") or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 26, 2008 Author Share Posted August 26, 2008 wow added error_reporting(E_ALL); and get all this now? Notice: Undefined index: userfile in /home/anodizi/public_html/rfq/test2.php on line 29 Notice: Undefined index: userfile[0] in /home/anodizi/public_html/rfq/test2.php on line 72 Notice: Undefined index: type2 in /home/anodizi/public_html/rfq/test2.php on line 101 Notice: Undefined index: type3 in /home/anodizi/public_html/rfq/test2.php on line 102 Notice: Undefined index: burnish in /home/anodizi/public_html/rfq/test2.php on line 103 Notice: Undefined index: chromate in /home/anodizi/public_html/rfq/test2.php on line 104 Notice: Undefined index: hex in /home/anodizi/public_html/rfq/test2.php on line 105 Notice: Undefined index: impregnation in /home/anodizi/public_html/rfq/test2.php on line 106 Notice: Undefined index: strip in /home/anodizi/public_html/rfq/test2.php on line 107 Notice: Undefined index: repeat_customer in /home/anodizi/public_html/rfq/test2.php on line 114 Notice: Undefined index: isearch in /home/anodizi/public_html/rfq/test2.php on line 115 Notice: Undefined index: yellow_pages in /home/anodizi/public_html/rfq/test2.php on line 118 Notice: Undefined variable: finalfile in /home/anodizi/public_html/rfq/test2.php on line 122 <?php error_reporting(E_ALL); ?> <?php $db_host = ''; $db_user = ''; $db_pwd = ''; $database = ''; $table = ''; if (!mysql_connect($db_host, $db_user, $db_pwd)) die("Can't connect to database"); if (!mysql_select_db($database)) die("Can't select database"); $Domain="http://".$_SERVER['HTTP_HOST']; ///////// $save_path="upload/"; ///////// $file = $_FILES['userfile']; $k = count($file['name']); for($i=0;$i< $k ;$i++) { if(isset($save_path) && $save_path!="") { $random_digit=rand(0000,9999999); $name = split('/',$file['name'][$i]); $name = str_replace("\\","",$name); $name = str_replace("'","",$name); $name = str_replace("","_",$name); $name = str_replace(" ","_",$name); $name = str_replace(".",$random_digit.".",$name); $name = str_replace(".",$random_digit.".",$name); if(move_uploaded_file($file['tmp_name'][$i], $save_path . $name[count($name)-1])) { //// download the file///// $finalfile.="<li><a href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>"; $list_files.="<li>".$name[count($name)-1]."</li>"; } } } ?> <?php $f_1 = mysql_real_escape_string($_FILES['userfile[0]']['name']) ; $f_2 = mysql_real_escape_string($_FILES['file2']['name']) ; $f_3 = mysql_real_escape_string($_FILES['file3']['name']) ; $f_4 = mysql_real_escape_string($_FILES['file4']['name']) ; $f_5 = mysql_real_escape_string($_FILES['file5']['name']) ; $f_6 = mysql_real_escape_string($_FILES['file6']['name']) ; $f_7 = mysql_real_escape_string($_FILES['file7']['name']) ; $f_8 = mysql_real_escape_string($_FILES['file8']['name']) ; $f_9 = mysql_real_escape_string($_FILES['file9']['name']) ; $f_10 = mysql_real_escape_string($_FILES['file10']['name']) ; $f_11 = mysql_real_escape_string($_FILES['file11']['name']) ; $f_12 = mysql_real_escape_string($_FILES['file12']['name']) ; $f_13 = mysql_real_escape_string($_FILES['file13']['name']) ; $f_14 = mysql_real_escape_string($_FILES['file14']['name']) ; $f_15 = mysql_real_escape_string($_FILES['file15']['name']) ; $f_16 = mysql_real_escape_string($_FILES['file16']['name']) ; $f_17 = mysql_real_escape_string($_FILES['file17']['name']) ; $f_18 = mysql_real_escape_string($_FILES['file18']['name']) ; $f_19 = mysql_real_escape_string($_FILES['file19']['name']) ; $f_20 = mysql_real_escape_string($_FILES['file20']['name']) ; $customer = mysql_real_escape_string($_POST['customer']); $company = mysql_real_escape_string($_POST['company']); $address = mysql_real_escape_string($_POST['address']); $city = mysql_real_escape_string($_POST['city']); $state = mysql_real_escape_string($_POST['state']); $zip_code = mysql_real_escape_string($_POST['zip_code']); $email = mysql_real_escape_string($_POST['email']); $phone = mysql_real_escape_string($_POST['phone']); $fax = mysql_real_escape_string($_POST['fax']); $type2 = mysql_real_escape_string($_POST['type2']); $type3 = mysql_real_escape_string($_POST['type3']); $burnish = mysql_real_escape_string($_POST['burnish']); $chromate = mysql_real_escape_string($_POST['chromate']); $hex = mysql_real_escape_string($_POST['hex']); $impregnation = mysql_real_escape_string($_POST['impregnation']); $strip = mysql_real_escape_string($_POST['strip']); $part = mysql_real_escape_string($_POST['part']); $description = mysql_real_escape_string($_POST['description']); $alloy = mysql_real_escape_string($_POST['alloy']); $quantity = mysql_real_escape_string($_POST['quantity']); $spec = mysql_real_escape_string($_POST['spec']); $color = mysql_real_escape_string($_POST['color']); $repeat_customer = mysql_real_escape_string($_POST['repeat_customer']); $isearch = mysql_real_escape_string($_POST['isearch']); $internet_directory = mysql_real_escape_string($_POST['internet_directory']); $referral = mysql_real_escape_string($_POST['referral']); $yellow_pages = mysql_real_escape_string($_POST['yellow_pages']); $trade = mysql_real_escape_string($_POST['trade']); $other = mysql_real_escape_string($_POST['other']); $notes = mysql_real_escape_string($_POST['notes']); mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes,finalfile) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes','$finalfile')") or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 26, 2008 Author Share Posted August 26, 2008 hey guys got this working it uploads the file and displays it in the database...here is the problem I know that I need to put in some thing like this $name = split('/',$file['name'][$i]); $name = str_replace("\\","",$name); $name = str_replace("'","",$name); $name = str_replace("","_",$name); $name = str_replace(" ","_",$name); $name = str_replace(".",$random_digit.".",$name); $name = str_replace(".",$random_digit.".",$name); if(move_uploaded_file($file['tmp_name'][$i], $save_path . $name[count($name)-1])) Here is the complete code that is working... I hope someone can help me please. <?php $db_host = ''; $db_user = '; $db_pwd = ''; $database = ''; $table = ''; if (!mysql_connect($db_host, $db_user, $db_pwd)) die("Can't connect to database"); if (!mysql_select_db($database)) die("Can't select database"); $dest = 'upload/'; if(isset($_FILES) && !empty($_FILES) && is_array($_FILES)) { foreach($_FILES as $file) { $upload_msg[$file['name']] = move_upload($file, $dest); } } function move_upload( $file, $dest, $overwrite = false ) { $upload_feedback = ''; if ($file["error"] == UPLOAD_ERR_OK) { if(!file_exists( $dest.$file["name"] ) || $overwrite) { if(move_uploaded_file( $file["tmp_name"], $dest.$file["name"] )) { $upload_feedback .= "The file " . $file["name"] . " was successfully uploaded"; $error = FALSE; } else { $upload_feedback .= "The file " . $file["name"] . " could not be moved"; $error = TRUE; } } else { $upload_feedback .= "The file " . $file["name"] . " already exists, please check the overwrite option if you wish to replace it"; $error = TRUE; } } else { switch ($file["error"]) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $upload_feedback .= "The file " . $file["name"] . " is to large to be uploaded<br />"; $error = TRUE; break; case UPLOAD_ERR_PARTIAL: $upload_feedback .= "The file" . $file["name"] . " was interrupted while uploading, please try again<br />"; $error = TRUE; break; } } return array( "error" => $error, "feedback" => $upload_feedback ); //return message plus error status } ?> <?php $f_1 = $_FILES['file1']['name'] ; $f_2 = $_FILES['file2']['name'] ; $f_3 = $_FILES['file3']['name'] ; $f_4 = $_FILES['file4']['name'] ; $f_5 = $_FILES['file5']['name'] ; $f_6 = $_FILES['file6']['name'] ; $f_7 = $_FILES['file7']['name'] ; $f_8 = $_FILES['file8']['name'] ; $f_9 = $_FILES['file9']['name'] ; $f_10 = $_FILES['file10']['name'] ; $f_11 = $_FILES['file11']['name'] ; $f_12 = $_FILES['file12']['name'] ; $f_13 = $_FILES['file13']['name'] ; $f_14 = $_FILES['file14']['name'] ; $f_15 = $_FILES['file15']['name'] ; $f_16 = $_FILES['file16']['name'] ; $f_17 = $_FILES['file17']['name'] ; $f_18 = $_FILES['file18']['name'] ; $f_19 = $_FILES['file19']['name'] ; $f_20 = $_FILES['file20']['name'] ; $customer = $_POST['customer']; $company = $_POST['company']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip_code = $_POST['zip_code']; $email = $_POST['email']; $phone = $_POST['phone']; $fax = $_POST['fax']; $type2 = $_POST['type2']; $type3 = $_POST['type3']; $burnish = $_POST['burnish']; $chromate = $_POST['chromate']; $hex = $_POST['hex']; $impregnation = $_POST['impregnation']; $strip = $_POST['strip']; $part = $_POST['part']; $description = $_POST['description']; $alloy = $_POST['alloy']; $quantity = $_POST['quantity']; $spec = $_POST['spec']; $color = $_POST['color']; $repeat_customer = $_POST['repeat_customer']; $isearch = $_POST['isearch']; $internet_directory = $_POST['internet_directory']; $referral = $_POST['referral']; $yellow_pages = $_POST['yellow_pages']; $trade = $_POST['trade']; $other = $_POST['other']; $notes = $_POST['notes']; mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes')") or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
sandbudd Posted August 26, 2008 Author Share Posted August 26, 2008 oops sorry when it displays the results in the database and if there is a space it does not thow the url complete? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.