Jump to content


Photo

It inserts an empty query even though all variables are set


  • Please log in to reply
7 replies to this topic

#1 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 29 July 2006 - 05:26 PM

I'm completely lost at this. This is my first time using a file-upload script, so bear with me.

Whenever I submit this, I get a huge error message which shows me all the arrays that are set. So I look at the query that is run, and it says something like:

INSERT INTO table (column, column2, column3) VALUES ('', '', '');

Even though I know all variables are set. Can anyone help here? This is the code I wrote:

<?php

// Date: July 24, 2006
// Description: Add a new Shop

$page_title = 'Add a New Item';

session_start();
$user = $_SESSION['user'];
$user_id = $_SESSION['id'];

// Includes header + database variables + Stuff
require_once('config.inc.php');
require_once('connect.php');
include('functions.php');
include('header.php');

loggedin();
if ($user !== 'lifeonmars') {
	echo 'You are not allowed to use administrative tools.';
	include('footer.php');
	die();
}

if (isset($_POST['submitted'])) {
	$errors = array();
	if (!empty($_FILES['upload'])) {
		$allowed = array('images/gif');
		if (in_array($_FILES['upload']['type'], $allowed)) {
			$image = "../items/{$_FILES['upload']['name']}";
			if (move_uploaded_file($_FILES['upload']['tmp_name'], "$image")) {
				echo 'File uploaded!';
			}
			else {
				switch ($_FILES['upload']['error']) {
					case 1:
						print 'The file exceeds the upload_max_filesize setting in php.ini.';
						break;
					case 2:
						print 'The file exceeds the MAX_FILE_SIZE setting in the HTML form.';
						break;
					case 3:
						print 'The file was only partially uploaded.';
						break;
					case 4:
						print 'No file was uploaded.';
						break;
					case 6:
						print 'No temporary folder was avaliable.';
						break;
					default:
						print 'A system error occured.';
						break;
				}
			}
		}
		else {
			echo 'Image must be in GIF Format.';
			unlink($_FILES['upload']['tmp_name']); // Deletes the file
		}
		if (empty($_POST['name'])) {
			$errors[] = 'You did not specify a name for the item.';
		}
		else {
			$name = escape_data($_POST['name']);
		}
		if (empty($_POST['descr'])) {
			$errors[] = 'You did not supply an item description.';
		}
		else {
			$desc = escape_data($_POST['descr']);
		}
		if (empty($_POST['value'])) {
			$errors[] = 'You did not supply a value!';
		}
		else {
			$val = escape_data($_POST['value']);
		}
		if (empty($_POST['rarity'])) {
			$errors[] = 'You did not specify the rarity for this item.';
		}
		else {
			$rarity = escape_data($_POST['rarity']);
		}
		if (empty($_POST['who_own'])) {
			$errors[] = 'You did not specify who can own this item.';
		}
		else {
			$who = escape_data($_POST['who_own']);
		}
	}
	else {
		echo 'Please upload a file';
	}
	if (empty($errors)) { // No problems with the upload...
		$query = "INSERT INTO items (name, descr, value, rarity, image, who_own) VALUES ('$name', '$desc', '$val', '$rarity', '$image', '$who')";
		$result = mysql_query($query) or die(mysql_error());
		if ($query) {
			echo 'The item '.stripslashes($name).' has been added sucessfully!';
		}
		else {
			echo mysql_error();
		}
	}
	else {
		foreach ($errors as $msg) {
			echo '<li> '.$msg.'</li>';
		}
	}
}
?>
<form action="<?php echo $file; ?>" method="post" type="multipart/form-data">
<table border="0" class="Tablestyledark" align="center" valign="top" cellpadding="7px" cellspacing="7px">
<tr><td align="center" colspan="2"><div class="title">Add a new item</div></td></tr>
<tr><td class="tablestylelight"><b>Item Name:</b></td><td class="tablestylelight"><input type="text" name="name"></td></tr>
<tr><Td class="tablestylelight"><b>Item Description:</b></Td><td class="tablestylelight"><textarea name="Descr" rows="5" cols="25"></textarea></td></tr>
<tr><td class="tablestylelight"><b>Upload Image</b></td><td class="tablestylelight"><input type="file" name="upload"></td></tr>
<tR><td class="tablestylelight"><b>Rarity:</b></td><td class="tablestylelight"><input type="text" size="3" maxlength="3" name="rarity"> %</td></tR>
<tr><td class="tablestylelight"><b>Value:</b></td><td class="tablestylelight"><input type="text" name="value" size="10"></td></tr>
<tr><td class="tablestylelight"><b>Who can own it?</b></td><td class="tablestylelight"><input type="radio" name="who_own" value="1"> Students Only<br>
<input type="radio" name="who_own" value="2"> Adults Only<br>
<input type="radio" name="who_own" value="3"> Everyone</td></tr>
<tr><td class="tablestylelight" colspan="2"><center><input type="submit" name="submit" value="Create Image"></center></td></tr>
</table>
<input type="hidden" name="submitted" value="TRUE">
</form>
<?php
include('footer.php');
?>

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#2 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,021 posts

Posted 29 July 2006 - 06:07 PM

A couple of errors I spotted so far

$allowed = array('images/gif');  #<<< remove the 's'


<form action="<?php echo $file; ?>" method="post" enctype="multipart/form-data">


Your textarea name is "Descr" but you check for $_POST['descr'].

If I create a dummy function

function escape_data($str) {return $str;}

the query is created OK so the problem could be in your escape_data() function. eg is it returning a value?
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#3 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 29 July 2006 - 06:58 PM

The escape_data() function has never caused problems before. Basically it only checks to see if magic quotes is on so that it doesn't over-escape data.

I'll fix all of those things and edit this. Thanks for your reply.

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#4 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 01 August 2006 - 11:03 PM

I fixed all that stuff and STILL get errors. This is what it's giving me:

(for easier reference, line 97 is the line with my query and line 100 is where I echo a sucess message.)

PART ONE:

Please upload a fileAn error occured in script 'C:\wamp\www\Wizarding World\admin_add_item.php' on line 97:

EDITED BY akitchin:  too much output

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#5 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 01 August 2006 - 11:03 PM

PART TWO:
An error occured in script 'C:\wamp\www\Wizarding World\admin_add_item.php' on line 97:

EDITED BY akitchin:  too much output

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#6 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 01 August 2006 - 11:11 PM

for the love of god, please paste this var info into a text file and post a link to it.

without knowing what type of error is being produced, it will be difficult to say what the problem is (not to mention without seeing the updated script itself).

#7 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 01 August 2006 - 11:24 PM

I said the error! Its inserting an empty query into the database. It's STILL doing that and I made the exact changes that were recommended.

Sorry about the huge texts, but I don't have anywhere to upload it...

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#8 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 02 August 2006 - 04:13 AM

i've edited the posts to remove all that content - it's unnecessary.

you've got a logic flaw.  you're checking if the $errors array is empty to see if you should run the query.  it will be empty if they user hasn't entered a file to be uploaded, since you don't do anything with it.  that's why you're getting "Please upload a file" IMMEDIATELY followed by an error.  it is echoing your error, and then trying to process the query.

rather than just using the $errors array to track whether an error occurred, i would suggest using a TRUE/FALSE flag to say whether there really was an error or not.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users