Jump to content

It inserts an empty query even though all variables are set


pixy

Recommended Posts

I'm completely lost at this. This is my first time using a file-upload script, so bear with me.

Whenever I submit this, I get a huge error message which shows me all the arrays that are set. So I look at the query that is run, and it says something like:

INSERT INTO table (column, column2, column3) VALUES ('', '', '');

Even though I know all variables are set. Can anyone help here? This is the code I wrote:

[code]
<?php

// Date: July 24, 2006
// Description: Add a new Shop

$page_title = 'Add a New Item';

session_start();
$user = $_SESSION['user'];
$user_id = $_SESSION['id'];

// Includes header + database variables + Stuff
require_once('config.inc.php');
require_once('connect.php');
include('functions.php');
include('header.php');

loggedin();
if ($user !== 'lifeonmars') {
echo 'You are not allowed to use administrative tools.';
include('footer.php');
die();
}

if (isset($_POST['submitted'])) {
$errors = array();
if (!empty($_FILES['upload'])) {
$allowed = array('images/gif');
if (in_array($_FILES['upload']['type'], $allowed)) {
$image = "../items/{$_FILES['upload']['name']}";
if (move_uploaded_file($_FILES['upload']['tmp_name'], "$image")) {
echo 'File uploaded!';
}
else {
switch ($_FILES['upload']['error']) {
case 1:
print 'The file exceeds the upload_max_filesize setting in php.ini.';
break;
case 2:
print 'The file exceeds the MAX_FILE_SIZE setting in the HTML form.';
break;
case 3:
print 'The file was only partially uploaded.';
break;
case 4:
print 'No file was uploaded.';
break;
case 6:
print 'No temporary folder was avaliable.';
break;
default:
print 'A system error occured.';
break;
}
}
}
else {
echo 'Image must be in GIF Format.';
unlink($_FILES['upload']['tmp_name']); // Deletes the file
}
if (empty($_POST['name'])) {
$errors[] = 'You did not specify a name for the item.';
}
else {
$name = escape_data($_POST['name']);
}
if (empty($_POST['descr'])) {
$errors[] = 'You did not supply an item description.';
}
else {
$desc = escape_data($_POST['descr']);
}
if (empty($_POST['value'])) {
$errors[] = 'You did not supply a value!';
}
else {
$val = escape_data($_POST['value']);
}
if (empty($_POST['rarity'])) {
$errors[] = 'You did not specify the rarity for this item.';
}
else {
$rarity = escape_data($_POST['rarity']);
}
if (empty($_POST['who_own'])) {
$errors[] = 'You did not specify who can own this item.';
}
else {
$who = escape_data($_POST['who_own']);
}
}
else {
echo 'Please upload a file';
}
if (empty($errors)) { // No problems with the upload...
$query = "INSERT INTO items (name, descr, value, rarity, image, who_own) VALUES ('$name', '$desc', '$val', '$rarity', '$image', '$who')";
$result = mysql_query($query) or die(mysql_error());
if ($query) {
echo 'The item '.stripslashes($name).' has been added sucessfully!';
}
else {
echo mysql_error();
}
}
else {
foreach ($errors as $msg) {
echo '<li> '.$msg.'</li>';
}
}
}
?>
<form action="<?php echo $file; ?>" method="post" type="multipart/form-data">
<table border="0" class="Tablestyledark" align="center" valign="top" cellpadding="7px" cellspacing="7px">
<tr><td align="center" colspan="2"><div class="title">Add a new item</div></td></tr>
<tr><td class="tablestylelight"><b>Item Name:</b></td><td class="tablestylelight"><input type="text" name="name"></td></tr>
<tr><Td class="tablestylelight"><b>Item Description:</b></Td><td class="tablestylelight"><textarea name="Descr" rows="5" cols="25"></textarea></td></tr>
<tr><td class="tablestylelight"><b>Upload Image</b></td><td class="tablestylelight"><input type="file" name="upload"></td></tr>
<tR><td class="tablestylelight"><b>Rarity:</b></td><td class="tablestylelight"><input type="text" size="3" maxlength="3" name="rarity"> %</td></tR>
<tr><td class="tablestylelight"><b>Value:</b></td><td class="tablestylelight"><input type="text" name="value" size="10"></td></tr>
<tr><td class="tablestylelight"><b>Who can own it?</b></td><td class="tablestylelight"><input type="radio" name="who_own" value="1"> Students Only<br>
<input type="radio" name="who_own" value="2"> Adults Only<br>
<input type="radio" name="who_own" value="3"> Everyone</td></tr>
<tr><td class="tablestylelight" colspan="2"><center><input type="submit" name="submit" value="Create Image"></center></td></tr>
</table>
<input type="hidden" name="submitted" value="TRUE">
</form>
<?php
include('footer.php');
?>
[/code]
Link to comment
Share on other sites

A couple of errors I spotted so far

$allowed = array('image[color=red]s[/color]/gif');  #<<< remove the 's'


<form action="<?php echo $file; ?>" method="post" [color=blue]enc[/color]type="multipart/form-data">


Your textarea name is "Descr" but you check for $_POST['descr'].

If I create a dummy function

function escape_data($str) {return $str;}

the query is created OK so the problem could be in your escape_data() function. eg is it returning a value?
Link to comment
Share on other sites

The escape_data() function has never caused problems before. Basically it only checks to see if magic quotes is on so that it doesn't over-escape data.

I'll fix all of those things and edit this. Thanks for your reply.
Link to comment
Share on other sites

I fixed all that stuff and STILL get errors. This is what it's giving me:

(for easier reference, line 97 is the line with my query and line 100 is where I echo a sucess message.)

PART ONE:

Please upload a fileAn error occured in script 'C:\wamp\www\Wizarding World\admin_add_item.php' on line 97:

[b]EDITED BY akitchin:  too much output[/b]
Link to comment
Share on other sites

for the love of god, please paste this var info into a text file and post a link to it.

without knowing what type of error is being produced, it will be difficult to say what the problem is (not to mention without seeing the updated script itself).
Link to comment
Share on other sites

i've edited the posts to remove all that content - it's unnecessary.

you've got a logic flaw.  you're checking if the $errors array is empty to see if you should run the query.  it will be empty if they user hasn't entered a file to be uploaded, since you don't do anything with it.  that's why you're getting "Please upload a file" IMMEDIATELY followed by an error.  it is echoing your error, and then trying to process the query.

rather than just using the $errors array to track whether an error occurred, i would suggest using a TRUE/FALSE flag to say whether there really was an error or not.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.