Jump to content


Photo

Upload


  • Please log in to reply
12 replies to this topic

#1 rcharris

rcharris
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 09 August 2006 - 01:27 PM

Hi there

This is probably a really simple PHP Question for someone who knows what theyre doing, and thats not me.

Im building a really simple PHP Content Management System, and I havent got the faintest how to implement an Image Upload into the following code:

<?php
session_start();
if(!$_SESSION['username']){
header("Location: login.php");
exit();
}
include('../includes/config.inc.php');
include('../includes/dbconnect.inc.php');

if($_GET['delete']){
$sql = "DELETE FROM `portfolio` WHERE id='" . $_GET['delete'] . "'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
header("Location: pages.php");
exit();
}
?>
<html>
<head>
<title>NOBA Admin - Add or Edit News Story</title>
<meta http-equiv="description-Type" description="text/html;">
<style type="text/css">
<!--
.style1 {font-size: 14px}
-->
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
  eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
  if (restore) selObj.selectedIndex=0;
}
//-->
</script>
</head>
<body>
<form  id="editArticleForm"  name="editArticleForm"    method="post" action="<?=$_SERVER['PHP_SELF'];?>"  enctype="multipart/form-data" >
  <table width="100%"  border="0" cellspacing="0" cellpadding="0">
                <tr>
                  <td><div align="center">
              <?php
if(!isset($_POST['Submit'])){
$id = $_GET['edit'];
$sql = "SELECT * FROM `news` WHERE id='$id'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
$rows = mysql_num_rows($result);
while ($news = mysql_fetch_array($result)) {
$news_title = $news["title"];
$news_content = $news["content"];
                        $news_picturename = $news["picturename"];
$news_alt = $news["alt"];
$news_url = $news["url"];
}
  ?>
                  <img src="assets/toplogo.gif" width="771" height="127"></div></td>
                </tr>
  </table>
              <table width="589" height="414" border="0" align="center" cellpadding="3" cellspacing="1">
                <tr>
                  <td bgcolor="#000033"><strong> <img src="assets/title.gif" width="30" height="12"></strong></td>
                  <td><input name="title" type="text" class="txtboxlrg" value="<?=$news_title;?>" size="50"></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/story.gif" width="38" height="15"></strong></td>
                  <td><textarea name="content" cols="50" rows="22" class="txtboxlrg" id="content" width="472"><?=$news_content;?>
                  </textarea></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/pic_filename_and_ext.gif" width="178" height="12"></strong></td>
                  <td>I NEED IT HERE. </td>
                </tr>
                <tr>
                  <td width="218" bgcolor="#000033"><strong> <img src="assets/alt_tag.gif" width="53" height="12"></strong></td>
                  <td width="484"><input name="alt" type="text" class="txtboxlrg" id="alt" value="<?=$news_alt;?>" size="50"></td>
                </tr>
                <input name="id" type="hidden" value="<?=$id;?>">

                <tr>
                  <td bgcolor="#000033"><p><strong> <img src="assets/url.gif" width="53" height="12"></strong></p></td>
                  <td align="center" class="header2"><div align="left">
                    <input name="url" type="text" class="txtboxlrg" id="url" value="<?=$news_url;?>" size="50">
                  </div></td>
                </tr>
                <tr>
                  <td></td>
                  <td align="center" class="header2"><input name="Submit" type="submit" onFocus="this.blur();" value="Update"></td>
                </tr>
  </table>
</form>
<?php
} else {
if((!$_POST['title']) || (!$_POST['content']) || (!$_POST['picturename']) || (!$_POST['alt']) || (!$_POST['url'])){
echo "You are missing a required field, please <a href=\"javascript:history.back()\">go back</a> and correct before proceeding!";
} else {
if($_POST['id']){
$sql = "UPDATE `news` SET title='" . $_POST['title'] . "', content='" . $_POST['content'] . "', picturename='" . $_POST['picturename'] . "', alt='" . $_POST['alt'] . "', url='" . $_POST['url'] . "', author='" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', updated=NOW() WHERE id = '" . $_POST['id'] . "'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
echo "news \"" . $_POST['title'] . "\" updated successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news</a>!";
} else {
$sql = "INSERT INTO `news`  ( `id` , `title` , `content` , `picturename` , `alt` , `url` , `author`,  `added` ) VALUES('', '" . $_POST['title'] . "', '" . $_POST['content'] . "', '" . $_POST['picturename'] . "', '" . $_POST['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
$id = mysql_insert_id();
echo "Story \"" . $_POST['title'] . "\" added successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news</a> or view <a href=\"../index.php?news=" . $id . "\" onFocus=\"this.blur();\">news here</a>!";
}
}
}
?>
</body>
</html>


I have bolded out where I need the code, and have written I NEED IT HERE. Is it possible that one of you helpful chaps here could please write me a little bit of code to help me do this, but exxplaining it on the way? I need the image to upload to a directory, with the image name with extension being submitted to the database field, "picturename" which I have already inputted.

I will be ever so grateful, thank you in advance


Richard Harris

#2 manmadareddy

manmadareddy
  • Members
  • PipPipPip
  • Advanced Member
  • 50 posts

Posted 10 August 2006 - 05:34 AM

Please use the following code
<?php
  session_start();
  if(!$_SESSION['username']){
        header("Location: login.php");
        exit();
      }
  include('../includes/config.inc.php');
  include('../includes/dbconnect.inc.php');
 
if($_GET['delete'])
{
  $sql = "DELETE FROM `portfolio` WHERE id='" . $_GET['delete'] . "'";
  $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
  header("Location: pages.php");
  exit();
}
?>
<html>
<head>
<title>NOBA Admin - Add or Edit News Story</title>
<meta http-equiv="description-Type" description="text/html;">
<style type="text/css">
<!--
.style1 {font-size: 14px}
-->
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
  eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
  if (restore) selObj.selectedIndex=0;
}
//-->
</script>
</head>
<body>
<form  id="editArticleForm"  name="editArticleForm"    method="post" action="<?=$_SERVER['PHP_SELF'];?>"  enctype="multipart/form-data" >
  <table width="100%"  border="0" cellspacing="0" cellpadding="0">
                <tr>
                  <td><div align="center">
              <?php
            if(!isset($_POST['Submit'])){
              $id = $_GET['edit'];
              $sql = "SELECT * FROM `news` WHERE id='$id'";
              $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
              $rows = mysql_num_rows($result);
              while ($news = mysql_fetch_array($result)) {
                  $news_title = $news["title"];
                  $news_content = $news["content"];
                        $news_picturename = $news["picturename"];
                  $news_alt = $news["alt"];
                  $news_url = $news["url"];
                  }     
          ?>
                  <img src="assets/toplogo.gif" width="771" height="127"></div></td>
                </tr>
  </table>
              <table width="589" height="414" border="0" align="center" cellpadding="3" cellspacing="1">
                <tr>
                  <td bgcolor="#000033"><strong> <img src="assets/title.gif" width="30" height="12"></strong></td>
                  <td><input name="title" type="text" class="txtboxlrg" value="<?=$news_title;?>" size="50"></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/story.gif" width="38" height="15"></strong></td>
                  <td><textarea name="content" cols="50" rows="22" class="txtboxlrg" id="content" width="472"><?=$news_content;?>
                  </textarea></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/pic_filename_and_ext.gif" width="178" height="12"></strong></td>
                  <td><input type=file name='picturename' class="txtboxlrg"></td>
                </tr>
                <tr>
                  <td width="218" bgcolor="#000033"><strong> <img src="assets/alt_tag.gif" width="53" height="12"></strong></td>
                  <td width="484"><input name="alt" type="text" class="txtboxlrg" id="alt" value="<?=$news_alt;?>" size="50"></td>
                </tr>
                <input name="id" type="hidden" value="<?=$id;?>">

                <tr>
                  <td bgcolor="#000033"><p><strong> <img src="assets/url.gif" width="53" height="12"></strong></p></td>
                  <td align="center" class="header2"><div align="left">
                    <input name="url" type="text" class="txtboxlrg" id="url" value="<?=$news_url;?>" size="50">
                  </div></td>
                </tr>
                <tr>
                  <td></td>
                  <td align="center" class="header2"><input name="Submit" type="submit" onFocus="this.blur();" value="Update"></td>
                </tr>
  </table>
</form>
        <?php
            } else {
                  if((!$_POST['title']) || (!$_POST['content']) || (!$_POST['picturename']) || (!$_POST['alt']) || (!$_POST['url'])){
                    echo "You are missing a required field, please <a href=\"javascript:history.back()\">go back[/url] and correct before proceeding!";
                  } else {
$uploadfile="";
if(is_array($_FILES)&&$_FILES['picturename']['name'])
  {
$uploaddir = '/var/www/uploads/';//Please set this value accordingly and give the write permissions for this directory
$uploadfile = $uploaddir . basename($_FILES['picturename']['name']);
if(move_uploaded_file($_FILES['picturename']['tmp_name'],$uploadfile))
  {
echo "File is valid, and was successfully uploaded.\n";

  }else
  {
echo "Possible file upload attack!\n";
  }

  }

                    if($_POST['id']){
                        $sql = "UPDATE `news` SET title='" . $_POST['title'] . "', content='" . $_POST['content'] . "', picturename='" . $uploadfile . "', alt='" . $_POST['alt'] . "', url='" . $_POST['url'] . "', author='" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', updated=NOW() WHERE id = '" . $_POST['id'] . "'";
                        $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
                        echo "news \"" . $_POST['title'] . "\" updated successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news[/url]!";
                    } else {
                        $sql = "INSERT INTO `news`  ( `id` , `title` , `content` , `picturename` , `alt` , `url` , `author`,  `added` ) VALUES('', '" . $_POST['title'] . "', '" . $_POST['content'] . "', '" . $uploadfile . "', '" . $_POST['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";
                        $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
                        $id = mysql_insert_id();
                        echo "Story \"" . $_POST['title'] . "\" added successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news[/url] or view <a href=\"../index.php?news=" . $id . "\" onFocus=\"this.blur();\">news here[/url]!";
                    }
                  }
              }
            ?>
</body>
</html>

#3 rcharris

rcharris
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 10 August 2006 - 09:15 AM

Hi there  ;D

Thanks for stepping up and helping me. Im grateful :)

Im getting this when trying to implement the full code above

You are missing a required field, please go back[/url] and correct before proceeding!


Thanks =D

Richard

#4 manmadareddy

manmadareddy
  • Members
  • PipPipPip
  • Advanced Member
  • 50 posts

Posted 10 August 2006 - 10:20 AM

Just print the query and check
This code is working fine for me...


#5 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 10:25 AM

might have to $_POST['picturename'];

also valadate that upload code for the correct file exstentions and file sizes ok.

Tip: when you code try not to use javascript as meny users know dont have it on.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#6 manmadareddy

manmadareddy
  • Members
  • PipPipPip
  • Advanced Member
  • 50 posts

Posted 10 August 2006 - 10:34 AM

I don't think this $_POST['picturename'] will set.
That will be posted as $_FILES['picturename']['name'].


#7 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 10:41 AM

ive got it see the insert look at the session lastname the ' missing haha
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#8 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 August 2006 - 10:44 AM


insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#9 rcharris

rcharris
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 10 August 2006 - 03:33 PM

Doesnt seem to want to work :(

#10 SieRobin

SieRobin
  • Members
  • PipPipPip
  • Advanced Member
  • 212 posts
  • LocationNew Jersey

Posted 10 August 2006 - 05:17 PM


insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";


insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";


That's the exact reason why I don't use '" . It's so sloppy and messy, when all you really need is a single quote.

#11 rcharris

rcharris
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 11 August 2006 - 08:03 AM

Okay, I shall bear it in Mind!

Anyone have any more Ideas?

#12 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 11 August 2006 - 08:14 AM

you need to redisign the whole insert and update ok.

an example only ok.

<?php session_start();

// post the varables with addslashes.

$id=addslashes($_POST['id']);  
$tilte=addslashes($_POST['title']);
$content=addslashes($_POST(['content']);
$alt==alddslashes($_POST['alt']);
$url==addslashes($_POST['url']);

// session correct format to inser into database.

$username=addslashes($_POST['username']);
$username=$_SESSION['username']=$username;

//get the id.

$id=$_GET['id'];

//then the proper format ok

// if isset post insert into database safely.

if(isset($_POST['submit'])){

$query="INSERT INTO xxxxxx(id,title,content,alt,url,username)
VALUES('$id','$title','$content','$alt','$url','$username')";

$result=mysql_query($query);

}
?>


Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#13 rcharris

rcharris
  • Members
  • PipPip
  • Member
  • 14 posts

Posted 11 August 2006 - 09:50 AM

Okay I shall have a play and let you know how I get on,

Thanks =)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users