Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 Okay well it placed the showname and type in a new row in my table correctly however it didn't put an integer automatically in the id spot which is obviously the primary key and it didn't put the filename.extention in the showimage field in the table nor has it yet to place the image itself into the directory. It's like its still out in outerspace and not going into the folder. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 dont worry about the stuff going into the db yet i am uploading stuff and it seems to be going into the correct folder Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 Nevermind on it not posting the image into the folder. I had to correct the php.ini file and delete the part of the max size of what an image coudl be to upload. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 so is it working or not???? Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 It inserts the file into the correct folder yes. Okay well it placed the showname and type in a new row in my table correctly however it didn't put an integer automatically in the id spot which is obviously the primary key and it didn't put the filename.extention in the showimage field in the table. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 have u set the id in your database table to auto_increment?? Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 yes I have. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 log into ur phpmyadmin and show me the structure of the table... Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 Nevermind I forgot to but did now. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 clear the contents of ur images folder Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 Why do you want me to clear all my images? I have the id (autoincrement) field working properly now. So now the only thing that needs fixed is it taking the filename.extention part of the upload and placing that string into the database entry. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 ok heres what u need change ur query too $insert = "INSERT INTO shows (showname, type, showimage) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path')"; Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 That part works however now of a sudden it won't put it in the folder. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 Nevermind it just took a while. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 LOL this is getting silly also... you should reduce your uploader to only images or the file type you want them to upload becuase that means users can upload anything!!! this leaves your site open for attacks and vunrability to your db Gaz Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 Okay problem is now every once in a while it just deletes the table. Why is that? Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 because as i have just explained..... you should limit ur upload to the file types you want to uploade such as .jpg or .gif otherwise some smart alick twat a.k.a meeee has just uploaded a file into your images folder that can delete any table i specify.... i can even delete the whole database if i wanted to.... this just shows how easy an attacker can destroy your website.. i am not that cruel thus why i have left ur database bar 1 table!! Garry Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 Okay now with my code how to limit the uploads to only .jpg files. Quote Link to comment Share on other sites More sharing options...
gaza165 Posted September 30, 2008 Share Posted September 30, 2008 from my knowledge, u need an array of file types and then an if function to check if your file type matches the file types in the array - if not throw an error Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted September 30, 2008 Author Share Posted September 30, 2008 // break filename into parts $parts = explode ('.', $file); $ext = $parts[count ($parts) - 1]; // check extension if ($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'gif') { What else am I missing? Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted October 1, 2008 Author Share Posted October 1, 2008 Also I would like to have a table underneath that form that displays all the records with the showname and an edit and delete option for editing each of those shows info. And also as soon as the form is submitted the page automattically adds that new show to the bottom of the list below. Here is a copy of what I was going to add to the bottom of the script we worked on earlier today. <?php require ('database.php'); print '<center><h2><span style="color: #CC0000">Edit/Delete A Show</span></h2></center>'; print '<center><table width="50%" border="1">'; if(!isset($_GET['action']) && !isset($_POST['showname'])) { //Define the query $query = "SELECT * FROM shows"; if ($r = mysql_query ($query)){ // Run the query. if (mysql_num_rows($r) > 0) { // Retrieve and print every record while ($row = mysql_fetch_array ($r)){ print '<tr><td>'.$row['showname'].'</td><td><a href="addshowname.php?action=edit&id='.$row['id'].'">Edit</a></td><td><a href="addshowname.php?action=delete&id='.$row['id'].'">Delete</a></td></tr>'; } } else { print "No Shows\n"; } } else { die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } //End of query IF print '</table></center>'; } if($_GET['action'] == 'edit') { $query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'"; $res = mysql_fetch_array(mysql_query($query)); print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">'); print('<table border=1 cellpadding=5 cellspacing=0 width=350>'); print('<tr><td>Name of show:</td><td><input type="text" name="showname" value="'.$res['showname'].'"/></td></tr>'); print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>'); } if(isset($_POST['name'])) { $query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['showname'])."' WHERE id = '".$_POST['id']."'"; if(mysql_query($query)) { echo "Show updated."; } else { die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } } if($_GET['action'] == 'delete') { $query = "DELETE FROM shows WHERE id = '".$_GET['id']."'"; if(mysql_query($query)) { echo "Deletion successful."; } else { die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>'); } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.