Xtremer360 Posted October 3, 2008 Share Posted October 3, 2008 What I'm wanting to do with this code is make it to where the only type of files that can ONLY be uploaded are files that have the extention .jpg. I would also like to make it to where upon submission of the form the page reloads and automattically adds it to the table below. <?php /* addshowname.php */ /* This form after submission takes the results of the form and inserts the values into the database as a new show name is created. */ require ('database.php'); // Where the file is going to be placed $target_path = "../defiant/images/"; /* Add the original filename to our target path. Result is "images/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); //This code runs if the form has been submitted if (isset($_POST['submit'])) { if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ".basename( $_FILES['uploadedfile']['name'])." has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['showname'] = addslashes($_POST['showname']); } $showname = $_POST['showname']; $check = mysql_query("SELECT showname FROM shows WHERE showname = '$showname'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the show name '.$_POST['showname'].' is already in use.'); } // now we insert it into the database $insert = "INSERT INTO shows (showname, type, showimage, showlabel) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path','1')"; $add_show = mysql_query($insert) or die(mysql_error()); } echo '<form enctype="multipart/form-data" action="addshowname.php" method="post">'; echo '<input name="MAX_FILE_SIZE" type="hidden" value="100000">'; echo '<fieldset>'; echo '<legend>Enter the following information to add a show name:</legend>'; echo '<p>Enter Show Name:<input name="showname" type="text"></p>'; echo '<p>Show Type:<select name="type"><option></option><option>Weekly Show</option><option>Pay Per View</option></select></p>'; echo '<p>Upload Show Image:<input name="uploadedfile" type="file"></p>'; echo '<div align="center"><input name="submit" type="submit"><input name="sumbitted" type="hidden" value="TRUE"></div>'; echo '</fieldset>'; echo '</form>'; print '<center><h2><span style="color: #CC0000">Edit/Delete A Show</span></h2></center>'; print '<center><table width="50%" border="1">'; if(!isset($_GET['action']) && !isset($_POST['name'])) { //Define the query $query = "SELECT * FROM shows"; if ($r = mysql_query ($query)){ // Run the query. if (mysql_num_rows($r) > 0) { // Retrieve and print every record while ($row = mysql_fetch_array ($r)){ print '<tr><td>'.$row['showname'].'</td><td><a href="addshowname.php?action=edit&id='.$row['id'].'">Edit</a></td><td><a href="addshowname.php?action=delete&id='.$row['id'].'">Delete</a></td></tr>'; } } else { print "No Shows\n"; } } else { die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } //End of query IF print '</table></center>'; } if($_GET['action'] == 'edit') { $query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'"; $res = mysql_fetch_array(mysql_query($query)); print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">'); print('<table border=1 cellpadding=5 cellspacing=0 width=350>'); print('<tr><td>Name of show:</td><td><input type="text" name="name" value="'.$res['showname'].'"/></td></tr>'); print('<tr><td>Show Type Type:</td><td><select name="type">'); $types = array('Weekly Show','Pay Per View'); foreach($types as $type) { if($type == $res['type']) { print('<option value="'.$type.'" selected="selected">'.$type.'</option>'); } else { print('<option value="'.$type.'">'.$type.'</option>'); } } print('</select></td></tr>'); print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>'); } if(isset($_POST['name'])) { $query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['name'])."', location = '".mysql_real_escape_string($_POST['loc'])."', date = '".mysql_real_escape_string($_POST['date'])."' WHERE id = '".$_POST['id']."'"; if(mysql_query($query)) { echo "Show updated."; } else { die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } } if($_GET['action'] == 'delete') { $query = "DELETE FROM shows WHERE id = '".$_GET['id']."'"; if(mysql_query($query)) { echo "Deletion successful."; } else { die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>'); } } ?> Quote Link to comment Share on other sites More sharing options...
Third_Degree Posted October 3, 2008 Share Posted October 3, 2008 if ( $_FILES["uploadedfile"]["type"] == "image/jpeg" ) { Quote Link to comment Share on other sites More sharing options...
schilly Posted October 3, 2008 Share Posted October 3, 2008 also remember the image/pjpeg type as well. Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted October 3, 2008 Share Posted October 3, 2008 If you don't trust that you can get the proper Mime Type (since that one can be fooled, sometimes) using getimagesize(), or you can get the extension after the last period. $image = "picture.jpg"; list($w,$h,$m,$attr) = getimagesize($image); $m = image_type_to_mime_type($m); if($m == "image/jpeg"){ //continue... } //OR $extension = explode(".", $image); $extension = $extension[count($extension)-1]; if(strtolower($extension) == "jpg"){ //continue... } Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted October 3, 2008 Author Share Posted October 3, 2008 If I use this what do I do for //continue? If you don't trust that you can get the proper Mime Type (since that one can be fooled, sometimes) using getimagesize(), or you can get the extension after the last period. $image = "picture.jpg"; list($w,$h,$m,$attr) = getimagesize($image); $m = image_type_to_mime_type($m); if($m == "image/jpeg"){ //continue... } //OR $extension = explode(".", $image); $extension = $extension[count($extension)-1]; if(strtolower($extension) == "jpg"){ //continue... } Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted October 4, 2008 Share Posted October 4, 2008 There are two different methods there, split by the //OR So you can choose one or the other, or both. The continue comment means that it is a jpg extension and that you can successfully upload the image. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted October 4, 2008 Author Share Posted October 4, 2008 Say I use the bottom one where inside that new code I have do I insert it? Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted October 4, 2008 Share Posted October 4, 2008 Try this: <?php /* addshowname.php */ /* This form after submission takes the results of the form and inserts the values into the database as a new show name is created. */ require ('database.php'); // Where the file is going to be placed $target_path = "../defiant/images/"; /* Add the original filename to our target path. Result is "images/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); //This code runs if the form has been submitted if (isset($_POST['submit'])) { $extension = explode(".", $image); $extension = $extension[count($extension)-1]; if(strtolower($extension) == "jpg"){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ".basename( $_FILES['uploadedfile']['name'])." has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } }else{ //You can put an error saying that the file was not a jpg file here. } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['showname'] = addslashes($_POST['showname']); } $showname = $_POST['showname']; $check = mysql_query("SELECT showname FROM shows WHERE showname = '$showname'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the show name '.$_POST['showname'].' is already in use.'); } // now we insert it into the database $insert = "INSERT INTO shows (showname, type, showimage, showlabel) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path','1')"; $add_show = mysql_query($insert) or die(mysql_error()); } echo '<form enctype="multipart/form-data" action="addshowname.php" method="post">'; echo '<input name="MAX_FILE_SIZE" type="hidden" value="100000">'; echo '<fieldset>'; echo '<legend>Enter the following information to add a show name:</legend>'; echo '<p>Enter Show Name:<input name="showname" type="text"></p>'; echo '<p>Show Type:<select name="type"><option></option><option>Weekly Show</option><option>Pay Per View</option></select></p>'; echo '<p>Upload Show Image:<input name="uploadedfile" type="file"></p>'; echo '<div align="center"><input name="submit" type="submit"><input name="sumbitted" type="hidden" value="TRUE"></div>'; echo '</fieldset>'; echo '</form>'; print '<center><h2><span style="color: #CC0000">Edit/Delete A Show</span></h2></center>'; print '<center><table width="50%" border="1">'; if(!isset($_GET['action']) && !isset($_POST['name'])) { //Define the query $query = "SELECT * FROM shows"; if ($r = mysql_query ($query)){ // Run the query. if (mysql_num_rows($r) > 0) { // Retrieve and print every record while ($row = mysql_fetch_array ($r)){ print '<tr><td>'.$row['showname'].'</td><td><a href="addshowname.php?action=edit&id='.$row['id'].'">Edit</a></td><td><a href="addshowname.php?action=delete&id='.$row['id'].'">Delete</a></td></tr>'; } } else { print "No Shows\n"; } } else { die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } //End of query IF print '</table></center>'; } if($_GET['action'] == 'edit') { $query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'"; $res = mysql_fetch_array(mysql_query($query)); print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">'); print('<table border=1 cellpadding=5 cellspacing=0 width=350>'); print('<tr><td>Name of show:</td><td><input type="text" name="name" value="'.$res['showname'].'"/></td></tr>'); print('<tr><td>Show Type Type:</td><td><select name="type">'); $types = array('Weekly Show','Pay Per View'); foreach($types as $type) { if($type == $res['type']) { print('<option value="'.$type.'" selected="selected">'.$type.'</option>'); } else { print('<option value="'.$type.'">'.$type.'</option>'); } } print('</select></td></tr>'); print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>'); } if(isset($_POST['name'])) { $query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['name'])."', location = '".mysql_real_escape_string($_POST['loc'])."', date = '".mysql_real_escape_string($_POST['date'])."' WHERE id = '".$_POST['id']."'"; if(mysql_query($query)) { echo "Show updated."; } else { die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } } if($_GET['action'] == 'delete') { $query = "DELETE FROM shows WHERE id = '".$_GET['id']."'"; if(mysql_query($query)) { echo "Deletion successful."; } else { die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>'); } } ?> Basically you just put it before you upload the file, after the submit. Because you want to check the extension before you upload it. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted October 4, 2008 Author Share Posted October 4, 2008 Works great it brings up the error message and doesn't put it in the folder however it still makes a new record in the database table. What should I add to it to prevent it from make a record if the image upload failed as well as if the file upload went through then to automatically refresh the page to show the new show in the table below. Page is located here: http://kansasoutlawwrestling.com/backstage/addshowname.php Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted October 4, 2008 Share Posted October 4, 2008 Extend the else... <?php /* addshowname.php */ /* This form after submission takes the results of the form and inserts the values into the database as a new show name is created. */ require ('database.php'); // Where the file is going to be placed $target_path = "../defiant/images/"; /* Add the original filename to our target path. Result is "images/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); //This code runs if the form has been submitted if (isset($_POST['submit'])) { $extension = explode(".", $image); $extension = $extension[count($extension)-1]; if(strtolower($extension) == "jpg"){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ".basename( $_FILES['uploadedfile']['name'])." has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['showname'] = addslashes($_POST['showname']); } $showname = $_POST['showname']; $check = mysql_query("SELECT showname FROM shows WHERE showname = '$showname'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the show name '.$_POST['showname'].' is already in use.'); } // now we insert it into the database $insert = "INSERT INTO shows (showname, type, showimage, showlabel) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path','1')"; $add_show = mysql_query($insert) or die(mysql_error()); }else{ //You can put an error saying that the file was not a jpg file here. } } echo '<form enctype="multipart/form-data" action="addshowname.php" method="post">'; echo '<input name="MAX_FILE_SIZE" type="hidden" value="100000">'; echo '<fieldset>'; echo '<legend>Enter the following information to add a show name:</legend>'; echo '<p>Enter Show Name:<input name="showname" type="text"></p>'; echo '<p>Show Type:<select name="type"><option></option><option>Weekly Show</option><option>Pay Per View</option></select></p>'; echo '<p>Upload Show Image:<input name="uploadedfile" type="file"></p>'; echo '<div align="center"><input name="submit" type="submit"><input name="sumbitted" type="hidden" value="TRUE"></div>'; echo '</fieldset>'; echo '</form>'; print '<center><h2><span style="color: #CC0000">Edit/Delete A Show</span></h2></center>'; print '<center><table width="50%" border="1">'; if(!isset($_GET['action']) && !isset($_POST['name'])) { //Define the query $query = "SELECT * FROM shows"; if ($r = mysql_query ($query)){ // Run the query. if (mysql_num_rows($r) > 0) { // Retrieve and print every record while ($row = mysql_fetch_array ($r)){ print '<tr><td>'.$row['showname'].'</td><td><a href="addshowname.php?action=edit&id='.$row['id'].'">Edit</a></td><td><a href="addshowname.php?action=delete&id='.$row['id'].'">Delete</a></td></tr>'; } } else { print "No Shows\n"; } } else { die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } //End of query IF print '</table></center>'; } if($_GET['action'] == 'edit') { $query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'"; $res = mysql_fetch_array(mysql_query($query)); print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">'); print('<table border=1 cellpadding=5 cellspacing=0 width=350>'); print('<tr><td>Name of show:</td><td><input type="text" name="name" value="'.$res['showname'].'"/></td></tr>'); print('<tr><td>Show Type Type:</td><td><select name="type">'); $types = array('Weekly Show','Pay Per View'); foreach($types as $type) { if($type == $res['type']) { print('<option value="'.$type.'" selected="selected">'.$type.'</option>'); } else { print('<option value="'.$type.'">'.$type.'</option>'); } } print('</select></td></tr>'); print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>'); } if(isset($_POST['name'])) { $query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['name'])."', location = '".mysql_real_escape_string($_POST['loc'])."', date = '".mysql_real_escape_string($_POST['date'])."' WHERE id = '".$_POST['id']."'"; if(mysql_query($query)) { echo "Show updated."; } else { die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } } if($_GET['action'] == 'delete') { $query = "DELETE FROM shows WHERE id = '".$_GET['id']."'"; if(mysql_query($query)) { echo "Deletion successful."; } else { die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>'); } } ?> Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted October 4, 2008 Author Share Posted October 4, 2008 I'm not sure what happened but now it won't accept my jpg images. Comes back saying it isn't a valid jpg file when it is. Here's my code again. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted October 4, 2008 Author Share Posted October 4, 2008 <?php /* addshowname.php */ /* This form after submission takes the results of the form and inserts the values into the database as a new show name is created. */ require ('database.php'); require ('style.css'); // Where the file is going to be placed $target_path = "../defiant/images/"; /* Add the original filename to our target path. Result is "images/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); //This code runs if the form has been submitted if (isset($_POST['submit'])) { $extension = explode(".", $image); $extension = $extension[count($extension)-1]; if(strtolower($extension) == "jpg"){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ".basename( $_FILES['uploadedfile']['name'])." has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['showname'] = addslashes($_POST['showname']); } $showname = $_POST['showname']; $check = mysql_query("SELECT showname FROM shows WHERE showname = '$showname'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the show name '.$_POST['showname'].' is already in use.'); } // now we insert it into the database $insert = "INSERT INTO shows (showname, type, showimage, showlabel) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path','1')"; $add_show = mysql_query($insert) or die(mysql_error()); }else{ echo "File was not a valid jpg. Try again."; } } echo '<form enctype="multipart/form-data" action="addshowname.php" method="post">'; echo '<input name="MAX_FILE_SIZE" type="hidden" value="100000">'; echo '<fieldset>'; echo '<legend>Enter the following information to add a show name:</legend>'; echo '<p>Enter Show Name:<input name="showname" type="text"></p>'; echo '<p>Show Type:<select name="type"><option></option><option>Weekly Show</option><option>Pay Per View</option></select></p>'; echo '<p>Upload Show Image:<input name="uploadedfile" type="file"></p>'; echo '<div align="center"><input name="submit" type="submit"><input name="sumbitted" type="hidden" value="TRUE"></div>'; echo '</fieldset>'; echo '</form>'; print '<center><table width="60%">'; print '<tr><td><u><center>ID</center></u></td><td><u><center>Type</center></u></td><td><u><center>Show Name</center></u></td><td><u><center>Show Image</center></u></td><td><u><center>Edit</center></u></td><td><u><center>Delete</center></u></td></tr>'; if(!isset($_GET['action']) && !isset($_POST['name'])) { //Define the query $query = "SELECT * FROM shows"; if ($r = mysql_query ($query)){ // Run the query. if (mysql_num_rows($r) > 0) { // Retrieve and print every record while ($row = mysql_fetch_array ($r)){ print '<tr><td><center>'.$row['id'].'</center></td><td><center>'.$row['type'].'</center></td><td><center>'.$row['showname'].'</center></td><td><center>'.$row['showimage'].'</center></td><td><a href="addshowname.php?action=edit&id='.$row['id'].'"<center>Edit</center></a></td><td><a href="addshowname.php?action=delete&id='.$row['id'].'"><center>Delete</center></a></td></tr>'; } } else { print "No Shows\n"; } } else { die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } //End of query IF print '</table></center>'; } if($_GET['action'] == 'edit') { $query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'"; $res = mysql_fetch_array(mysql_query($query)); print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">'); print('<table border=1 cellpadding=5 cellspacing=0 width=350>'); print('<tr><td>Name of show:</td><td><input type="text" name="name" value="'.$res['showname'].'"/></td></tr>'); print('<tr><td>Show Type Type:</td><td><select name="type">'); $types = array('Weekly Show','Pay Per View'); foreach($types as $type) { if($type == $res['type']) { print('<option value="'.$type.'" selected="selected">'.$type.'</option>'); } else { print('<option value="'.$type.'">'.$type.'</option>'); } } print('</select></td></tr>'); print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>'); } if(isset($_POST['name'])) { $query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['name'])."', location = '".mysql_real_escape_string($_POST['loc'])."', date = '".mysql_real_escape_string($_POST['date'])."' WHERE id = '".$_POST['id']."'"; if(mysql_query($query)) { echo "Show updated."; } else { die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } } if($_GET['action'] == 'delete') { $query = "DELETE FROM shows WHERE id = '".$_GET['id']."'"; if(mysql_query($query)) { echo "Deletion successful."; } else { die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>'); } } ?> Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted October 4, 2008 Author Share Posted October 4, 2008 It won't let me modify my posts anymore that's odd but when I submit the form it isn't putting the file into the directory also it still adds a record in the database regardless if the submitted file wasn't a jpg file. <?php /* addshowname.php */ /* This form after submission takes the results of the form and inserts the values into the database as a new show name is created. */ require ('database.php'); require ('style.css'); // Where the file is going to be placed $target_path = "../defiant/images/"; /* Add the original filename to our target path. Result is "images/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); //This code runs if the form has been submitted if (isset($_POST['submit'])) { $extension = explode(".", $image); $extension = $extension[count($extension)-1]; if(strtolower($extension) == "jpg"){ if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ".basename( $_FILES['uploadedfile']['name'])." has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } }else { echo "The file you chose to upload wasn't a valid jpg file, please try again!"; } // checks if the show name is in use if (!get_magic_quotes_gpc()) { $_POST['showname'] = addslashes($_POST['showname']); } $showname = $_POST['showname']; $check = mysql_query("SELECT showname FROM shows WHERE showname = '$showname'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the show name '.$_POST['showname'].' is already in use.'); } // now we insert it into the database $insert = "INSERT INTO shows (showname, type, showimage, showlabel) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path','1')"; $add_show = mysql_query($insert) or die(mysql_error()); } echo '<form enctype="multipart/form-data" action="addshowname.php" method="post">'; echo '<input name="MAX_FILE_SIZE" type="hidden" value="100000">'; echo '<fieldset>'; echo '<legend>Enter the following information to add a show name:</legend>'; echo '<p>Enter Show Name:<input name="showname" type="text"></p>'; echo '<p>Show Type:<select name="type"><option></option><option>Weekly Show</option><option>Pay Per View</option></select></p>'; echo '<p>Upload Show Image:<input name="uploadedfile" type="file"></p>'; echo '<div align="center"><input name="submit" type="submit"><input name="sumbitted" type="hidden" value="TRUE"></div>'; echo '</fieldset>'; echo '</form>'; print '<center><table width="60%">'; print '<tr><td><u><center>ID</center></u></td><td><u><center>Type</center></u></td><td><u><center>Show Name</center></u></td><td><u><center>Show Image</center></u></td><td><u><center>Edit</center></u></td><td><u><center>Delete</center></u></td></tr>'; if(!isset($_GET['action']) && !isset($_POST['name'])) { //Define the query $query = "SELECT * FROM shows"; if ($r = mysql_query ($query)){ // Run the query. if (mysql_num_rows($r) > 0) { // Retrieve and print every record while ($row = mysql_fetch_array ($r)){ print '<tr><td><center>'.$row['id'].'</center></td><td><center>'.$row['type'].'</center></td><td><center>'.$row['showname'].'</center></td><td><center>'.$row['showimage'].'</center></td><td><a href="addshowname.php?action=edit&id='.$row['id'].'"<center>Edit</center></a></td><td><a href="addshowname.php?action=delete&id='.$row['id'].'"><center>Delete</center></a></td></tr>'; } } else { print "No Shows\n"; } } else { die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } //End of query IF print '</table></center>'; } if($_GET['action'] == 'edit') { $query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'"; $res = mysql_fetch_array(mysql_query($query)); print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">'); print('<table border=1 cellpadding=5 cellspacing=0 width=350>'); print('<tr><td>Name of show:</td><td><input type="text" name="name" value="'.$res['showname'].'"/></td></tr>'); print('<tr><td>Show Type Type:</td><td><select name="type">'); $types = array('Weekly Show','Pay Per View'); foreach($types as $type) { if($type == $res['type']) { print('<option value="'.$type.'" selected="selected">'.$type.'</option>'); } else { print('<option value="'.$type.'">'.$type.'</option>'); } } print('</select></td></tr>'); print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>'); } if(isset($_POST['name'])) { $query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['name'])."', location = '".mysql_real_escape_string($_POST['loc'])."', date = '".mysql_real_escape_string($_POST['date'])."' WHERE id = '".$_POST['id']."'"; if(mysql_query($query)) { echo "Show updated."; } else { die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>'); } } if($_GET['action'] == 'delete') { $query = "DELETE FROM shows WHERE id = '".$_GET['id']."'"; if(mysql_query($query)) { echo "Deletion successful."; } else { die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>'); } } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.