Jump to content

Archived

This topic is now archived and is closed to further replies.

rcharris

Upload

Recommended Posts

Hi there

This is probably a really simple PHP Question for someone who knows what theyre doing, and thats not me.

Im building a really simple PHP Content Management System, and I havent got the faintest how to implement an Image Upload into the following code:

[quote]<?php
session_start();
if(!$_SESSION['username']){
header("Location: login.php");
exit();
}
include('../includes/config.inc.php');
include('../includes/dbconnect.inc.php');

if($_GET['delete']){
$sql = "DELETE FROM `portfolio` WHERE id='" . $_GET['delete'] . "'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
header("Location: pages.php");
exit();
}
?>
<html>
<head>
<title>NOBA Admin - Add or Edit News Story</title>
<meta http-equiv="description-Type" description="text/html;">
<style type="text/css">
<!--
.style1 {font-size: 14px}
-->
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
  eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
  if (restore) selObj.selectedIndex=0;
}
//-->
</script>
</head>
<body>
<form  id="editArticleForm"  name="editArticleForm"    method="post" action="<?=$_SERVER['PHP_SELF'];?>"  enctype="multipart/form-data" >
  <table width="100%"  border="0" cellspacing="0" cellpadding="0">
                <tr>
                  <td><div align="center">
              <?php
if(!isset($_POST['Submit'])){
$id = $_GET['edit'];
$sql = "SELECT * FROM `news` WHERE id='$id'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
$rows = mysql_num_rows($result);
while ($news = mysql_fetch_array($result)) {
$news_title = $news["title"];
$news_content = $news["content"];
                        $news_picturename = $news["picturename"];
$news_alt = $news["alt"];
$news_url = $news["url"];
}
  ?>
                  <img src="assets/toplogo.gif" width="771" height="127"></div></td>
                </tr>
  </table>
              <table width="589" height="414" border="0" align="center" cellpadding="3" cellspacing="1">
                <tr>
                  <td bgcolor="#000033"><strong> <img src="assets/title.gif" width="30" height="12"></strong></td>
                  <td><input name="title" type="text" class="txtboxlrg" value="<?=$news_title;?>" size="50"></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/story.gif" width="38" height="15"></strong></td>
                  <td><textarea name="content" cols="50" rows="22" class="txtboxlrg" id="content" width="472"><?=$news_content;?>
                  </textarea></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/pic_filename_and_ext.gif" width="178" height="12"></strong></td>
                  <td>[b]I NEED IT HERE. [/b]</td>
                </tr>
                <tr>
                  <td width="218" bgcolor="#000033"><strong> <img src="assets/alt_tag.gif" width="53" height="12"></strong></td>
                  <td width="484"><input name="alt" type="text" class="txtboxlrg" id="alt" value="<?=$news_alt;?>" size="50"></td>
                </tr>
                <input name="id" type="hidden" value="<?=$id;?>">

                <tr>
                  <td bgcolor="#000033"><p><strong> <img src="assets/url.gif" width="53" height="12"></strong></p></td>
                  <td align="center" class="header2"><div align="left">
                    <input name="url" type="text" class="txtboxlrg" id="url" value="<?=$news_url;?>" size="50">
                  </div></td>
                </tr>
                <tr>
                  <td></td>
                  <td align="center" class="header2"><input name="Submit" type="submit" onFocus="this.blur();" value="Update"></td>
                </tr>
  </table>
</form>
<?php
} else {
if((!$_POST['title']) || (!$_POST['content']) || (!$_POST['picturename']) || (!$_POST['alt']) || (!$_POST['url'])){
echo "You are missing a required field, please <a href=\"javascript:history.back()\">go back</a> and correct before proceeding!";
} else {
if($_POST['id']){
$sql = "UPDATE `news` SET title='" . $_POST['title'] . "', content='" . $_POST['content'] . "', picturename='" . $_POST['picturename'] . "', alt='" . $_POST['alt'] . "', url='" . $_POST['url'] . "', author='" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', updated=NOW() WHERE id = '" . $_POST['id'] . "'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
echo "news \"" . $_POST['title'] . "\" updated successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news</a>!";
} else {
$sql = "INSERT INTO `news`  ( `id` , `title` , `content` , `picturename` , `alt` , `url` , `author`,  `added` ) VALUES('', '" . $_POST['title'] . "', '" . $_POST['content'] . "', '" . $_POST['picturename'] . "', '" . $_POST['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
$id = mysql_insert_id();
echo "Story \"" . $_POST['title'] . "\" added successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news</a> or view <a href=\"../index.php?news=" . $id . "\" onFocus=\"this.blur();\">news here</a>!";
}
}
}
?>
</body>
</html>
[/quote]

I have bolded out where I need the code, and have written I NEED IT HERE. Is it possible that one of you helpful chaps here could please write me a little bit of code to help me do this, but exxplaining it on the way? I need the image to upload to a directory, with the image name with extension being submitted to the database field, "picturename" which I have already inputted.

I will be ever so grateful, thank you in advance


Richard Harris

Share this post


Link to post
Share on other sites
Please use the following code
<?php
  session_start();
  if(!$_SESSION['username']){
        header("Location: login.php");
        exit();
      }
  include('../includes/config.inc.php');
  include('../includes/dbconnect.inc.php');
 
if($_GET['delete'])
{
  $sql = "DELETE FROM `portfolio` WHERE id='" . $_GET['delete'] . "'";
  $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
  header("Location: pages.php");
  exit();
}
?>
<html>
<head>
<title>NOBA Admin - Add or Edit News Story</title>
<meta http-equiv="description-Type" description="text/html;">
<style type="text/css">
<!--
.style1 {font-size: 14px}
-->
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
  eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
  if (restore) selObj.selectedIndex=0;
}
//-->
</script>
</head>
<body>
<form  id="editArticleForm"  name="editArticleForm"    method="post" action="<?=$_SERVER['PHP_SELF'];?>"  enctype="multipart/form-data" >
  <table width="100%"  border="0" cellspacing="0" cellpadding="0">
                <tr>
                  <td><div align="center">
              <?php
            if(!isset($_POST['Submit'])){
              $id = $_GET['edit'];
              $sql = "SELECT * FROM `news` WHERE id='$id'";
              $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
              $rows = mysql_num_rows($result);
              while ($news = mysql_fetch_array($result)) {
                  $news_title = $news["title"];
                  $news_content = $news["content"];
                        $news_picturename = $news["picturename"];
                  $news_alt = $news["alt"];
                  $news_url = $news["url"];
                  }     
          ?>
                  <img src="assets/toplogo.gif" width="771" height="127"></div></td>
                </tr>
  </table>
              <table width="589" height="414" border="0" align="center" cellpadding="3" cellspacing="1">
                <tr>
                  <td bgcolor="#000033"><strong> <img src="assets/title.gif" width="30" height="12"></strong></td>
                  <td><input name="title" type="text" class="txtboxlrg" value="<?=$news_title;?>" size="50"></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/story.gif" width="38" height="15"></strong></td>
                  <td><textarea name="content" cols="50" rows="22" class="txtboxlrg" id="content" width="472"><?=$news_content;?>
                  </textarea></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/pic_filename_and_ext.gif" width="178" height="12"></strong></td>
                  <td>[b]<input type=file name='picturename' class="txtboxlrg">[/b]</td>
                </tr>
                <tr>
                  <td width="218" bgcolor="#000033"><strong> <img src="assets/alt_tag.gif" width="53" height="12"></strong></td>
                  <td width="484"><input name="alt" type="text" class="txtboxlrg" id="alt" value="<?=$news_alt;?>" size="50"></td>
                </tr>
                <input name="id" type="hidden" value="<?=$id;?>">

                <tr>
                  <td bgcolor="#000033"><p><strong> <img src="assets/url.gif" width="53" height="12"></strong></p></td>
                  <td align="center" class="header2"><div align="left">
                    <input name="url" type="text" class="txtboxlrg" id="url" value="<?=$news_url;?>" size="50">
                  </div></td>
                </tr>
                <tr>
                  <td></td>
                  <td align="center" class="header2"><input name="Submit" type="submit" onFocus="this.blur();" value="Update"></td>
                </tr>
  </table>
</form>
        <?php
            } else {
                  if((!$_POST['title']) || (!$_POST['content']) || (!$_POST['picturename']) || (!$_POST['alt']) || (!$_POST['url'])){
                    echo "You are missing a required field, please <a href=\"javascript:history.back()\">go back[/url] and correct before proceeding!";
                  } else {
[b]$uploadfile="";
if(is_array($_FILES)&&$_FILES['picturename']['name'])
  {
$uploaddir = '/var/www/uploads/';//Please set this value accordingly and give the write permissions for this directory
$uploadfile = $uploaddir . basename($_FILES['picturename']['name']);
if(move_uploaded_file($_FILES['picturename']['tmp_name'],$uploadfile))
  {
echo "File is valid, and was successfully uploaded.\n";

  }else
  {
echo "Possible file upload attack!\n";
  }

  }[/b]
                    if($_POST['id']){
                        $sql = "UPDATE `news` SET title='" . $_POST['title'] . "', content='" . $_POST['content'] . "', picturename='" . [b]$uploadfile[/b] . "', alt='" . $_POST['alt'] . "', url='" . $_POST['url'] . "', author='" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', updated=NOW() WHERE id = '" . $_POST['id'] . "'";
                        $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
                        echo "news \"" . $_POST['title'] . "\" updated successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news[/url]!";
                    } else {
                        $sql = "INSERT INTO `news`  ( `id` , `title` , `content` , `picturename` , `alt` , `url` , `author`,  `added` ) VALUES('', '" . $_POST['title'] . "', '" . $_POST['content'] . "', '" . [b]$uploadfile[/b] . "', '" . $_POST['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";
                        $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
                        $id = mysql_insert_id();
                        echo "Story \"" . $_POST['title'] . "\" added successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news[/url] or view <a href=\"../index.php?news=" . $id . "\" onFocus=\"this.blur();\">news here[/url]!";
                    }
                  }
              }
            ?>
</body>
</html>

Share this post


Link to post
Share on other sites
Hi there  ;D

Thanks for stepping up and helping me. Im grateful :)

Im getting this when trying to implement the full code above

[quote]You are missing a required field, please go back[/url] and correct before proceeding![/quote]

Thanks =D

Richard

Share this post


Link to post
Share on other sites
might have to $_POST['picturename'];

also valadate that upload code for the correct file exstentions and file sizes ok.

Tip: when you code try not to use javascript as meny users know dont have it on.

Share this post


Link to post
Share on other sites
ive got it see the insert look at the session lastname the ' missing haha

Share this post


Link to post
Share on other sites

insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";

Share this post


Link to post
Share on other sites
[quote author=redarrow link=topic=103556.msg413098#msg413098 date=1155206652]

insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";
[/quote][quote author=redarrow link=topic=103556.msg413098#msg413098 date=1155206652]

insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";
[/quote]

That's the exact reason why I don't use '" . It's so sloppy and messy, when all you really need is a single quote.

Share this post


Link to post
Share on other sites
you need to redisign the whole insert and update ok.

an example only ok.

[code]
<?php session_start();

// post the varables with addslashes.

$id=addslashes($_POST['id']);  
$tilte=addslashes($_POST['title']);
$content=addslashes($_POST(['content']);
$alt==alddslashes($_POST['alt']);
$url==addslashes($_POST['url']);

// session correct format to inser into database.

$username=addslashes($_POST['username']);
$username=$_SESSION['username']=$username;

//get the id.

$id=$_GET['id'];

//then the proper format ok

// if isset post insert into database safely.

if(isset($_POST['submit'])){

$query="INSERT INTO xxxxxx(id,title,content,alt,url,username)
VALUES('$id','$title','$content','$alt','$url','$username')";

$result=mysql_query($query);

}
?>

[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.