Jump to content

Upload


rcharris

Recommended Posts

Hi there

This is probably a really simple PHP Question for someone who knows what theyre doing, and thats not me.

Im building a really simple PHP Content Management System, and I havent got the faintest how to implement an Image Upload into the following code:

[quote]<?php
session_start();
if(!$_SESSION['username']){
header("Location: login.php");
exit();
}
include('../includes/config.inc.php');
include('../includes/dbconnect.inc.php');

if($_GET['delete']){
$sql = "DELETE FROM `portfolio` WHERE id='" . $_GET['delete'] . "'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
header("Location: pages.php");
exit();
}
?>
<html>
<head>
<title>NOBA Admin - Add or Edit News Story</title>
<meta http-equiv="description-Type" description="text/html;">
<style type="text/css">
<!--
.style1 {font-size: 14px}
-->
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
  eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
  if (restore) selObj.selectedIndex=0;
}
//-->
</script>
</head>
<body>
<form  id="editArticleForm"  name="editArticleForm"    method="post" action="<?=$_SERVER['PHP_SELF'];?>"  enctype="multipart/form-data" >
  <table width="100%"  border="0" cellspacing="0" cellpadding="0">
                <tr>
                  <td><div align="center">
              <?php
if(!isset($_POST['Submit'])){
$id = $_GET['edit'];
$sql = "SELECT * FROM `news` WHERE id='$id'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
$rows = mysql_num_rows($result);
while ($news = mysql_fetch_array($result)) {
$news_title = $news["title"];
$news_content = $news["content"];
                        $news_picturename = $news["picturename"];
$news_alt = $news["alt"];
$news_url = $news["url"];
}
  ?>
                  <img src="assets/toplogo.gif" width="771" height="127"></div></td>
                </tr>
  </table>
              <table width="589" height="414" border="0" align="center" cellpadding="3" cellspacing="1">
                <tr>
                  <td bgcolor="#000033"><strong> <img src="assets/title.gif" width="30" height="12"></strong></td>
                  <td><input name="title" type="text" class="txtboxlrg" value="<?=$news_title;?>" size="50"></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/story.gif" width="38" height="15"></strong></td>
                  <td><textarea name="content" cols="50" rows="22" class="txtboxlrg" id="content" width="472"><?=$news_content;?>
                  </textarea></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/pic_filename_and_ext.gif" width="178" height="12"></strong></td>
                  <td>[b]I NEED IT HERE. [/b]</td>
                </tr>
                <tr>
                  <td width="218" bgcolor="#000033"><strong> <img src="assets/alt_tag.gif" width="53" height="12"></strong></td>
                  <td width="484"><input name="alt" type="text" class="txtboxlrg" id="alt" value="<?=$news_alt;?>" size="50"></td>
                </tr>
                <input name="id" type="hidden" value="<?=$id;?>">

                <tr>
                  <td bgcolor="#000033"><p><strong> <img src="assets/url.gif" width="53" height="12"></strong></p></td>
                  <td align="center" class="header2"><div align="left">
                    <input name="url" type="text" class="txtboxlrg" id="url" value="<?=$news_url;?>" size="50">
                  </div></td>
                </tr>
                <tr>
                  <td></td>
                  <td align="center" class="header2"><input name="Submit" type="submit" onFocus="this.blur();" value="Update"></td>
                </tr>
  </table>
</form>
<?php
} else {
if((!$_POST['title']) || (!$_POST['content']) || (!$_POST['picturename']) || (!$_POST['alt']) || (!$_POST['url'])){
echo "You are missing a required field, please <a href=\"javascript:history.back()\">go back</a> and correct before proceeding!";
} else {
if($_POST['id']){
$sql = "UPDATE `news` SET title='" . $_POST['title'] . "', content='" . $_POST['content'] . "', picturename='" . $_POST['picturename'] . "', alt='" . $_POST['alt'] . "', url='" . $_POST['url'] . "', author='" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', updated=NOW() WHERE id = '" . $_POST['id'] . "'";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
echo "news \"" . $_POST['title'] . "\" updated successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news</a>!";
} else {
$sql = "INSERT INTO `news`  ( `id` , `title` , `content` , `picturename` , `alt` , `url` , `author`,  `added` ) VALUES('', '" . $_POST['title'] . "', '" . $_POST['content'] . "', '" . $_POST['picturename'] . "', '" . $_POST['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";
$result = mysql_query($sql) or die ("<b>ERROR: </b>" . mysql_error() . "<b>SQL: </b>$sql");
$id = mysql_insert_id();
echo "Story \"" . $_POST['title'] . "\" added successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news</a> or view <a href=\"../index.php?news=" . $id . "\" onFocus=\"this.blur();\">news here</a>!";
}
}
}
?>
</body>
</html>
[/quote]

I have bolded out where I need the code, and have written I NEED IT HERE. Is it possible that one of you helpful chaps here could please write me a little bit of code to help me do this, but exxplaining it on the way? I need the image to upload to a directory, with the image name with extension being submitted to the database field, "picturename" which I have already inputted.

I will be ever so grateful, thank you in advance


Richard Harris
Link to comment
Share on other sites

Please use the following code
<?php
  session_start();
  if(!$_SESSION['username']){
        header("Location: login.php");
        exit();
      }
  include('../includes/config.inc.php');
  include('../includes/dbconnect.inc.php');
 
if($_GET['delete'])
{
  $sql = "DELETE FROM `portfolio` WHERE id='" . $_GET['delete'] . "'";
  $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
  header("Location: pages.php");
  exit();
}
?>
<html>
<head>
<title>NOBA Admin - Add or Edit News Story</title>
<meta http-equiv="description-Type" description="text/html;">
<style type="text/css">
<!--
.style1 {font-size: 14px}
-->
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
  eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
  if (restore) selObj.selectedIndex=0;
}
//-->
</script>
</head>
<body>
<form  id="editArticleForm"  name="editArticleForm"    method="post" action="<?=$_SERVER['PHP_SELF'];?>"  enctype="multipart/form-data" >
  <table width="100%"  border="0" cellspacing="0" cellpadding="0">
                <tr>
                  <td><div align="center">
              <?php
            if(!isset($_POST['Submit'])){
              $id = $_GET['edit'];
              $sql = "SELECT * FROM `news` WHERE id='$id'";
              $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
              $rows = mysql_num_rows($result);
              while ($news = mysql_fetch_array($result)) {
                  $news_title = $news["title"];
                  $news_content = $news["content"];
                        $news_picturename = $news["picturename"];
                  $news_alt = $news["alt"];
                  $news_url = $news["url"];
                  }     
          ?>
                  <img src="assets/toplogo.gif" width="771" height="127"></div></td>
                </tr>
  </table>
              <table width="589" height="414" border="0" align="center" cellpadding="3" cellspacing="1">
                <tr>
                  <td bgcolor="#000033"><strong> <img src="assets/title.gif" width="30" height="12"></strong></td>
                  <td><input name="title" type="text" class="txtboxlrg" value="<?=$news_title;?>" size="50"></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/story.gif" width="38" height="15"></strong></td>
                  <td><textarea name="content" cols="50" rows="22" class="txtboxlrg" id="content" width="472"><?=$news_content;?>
                  </textarea></td>
                </tr>
                <tr>
                  <td valign="top" bgcolor="#000033"><strong> <img src="assets/pic_filename_and_ext.gif" width="178" height="12"></strong></td>
                  <td>[b]<input type=file name='picturename' class="txtboxlrg">[/b]</td>
                </tr>
                <tr>
                  <td width="218" bgcolor="#000033"><strong> <img src="assets/alt_tag.gif" width="53" height="12"></strong></td>
                  <td width="484"><input name="alt" type="text" class="txtboxlrg" id="alt" value="<?=$news_alt;?>" size="50"></td>
                </tr>
                <input name="id" type="hidden" value="<?=$id;?>">

                <tr>
                  <td bgcolor="#000033"><p><strong> <img src="assets/url.gif" width="53" height="12"></strong></p></td>
                  <td align="center" class="header2"><div align="left">
                    <input name="url" type="text" class="txtboxlrg" id="url" value="<?=$news_url;?>" size="50">
                  </div></td>
                </tr>
                <tr>
                  <td></td>
                  <td align="center" class="header2"><input name="Submit" type="submit" onFocus="this.blur();" value="Update"></td>
                </tr>
  </table>
</form>
        <?php
            } else {
                  if((!$_POST['title']) || (!$_POST['content']) || (!$_POST['picturename']) || (!$_POST['alt']) || (!$_POST['url'])){
                    echo "You are missing a required field, please <a href=\"javascript:history.back()\">go back[/url] and correct before proceeding!";
                  } else {
[b]$uploadfile="";
if(is_array($_FILES)&&$_FILES['picturename']['name'])
  {
$uploaddir = '/var/www/uploads/';//Please set this value accordingly and give the write permissions for this directory
$uploadfile = $uploaddir . basename($_FILES['picturename']['name']);
if(move_uploaded_file($_FILES['picturename']['tmp_name'],$uploadfile))
  {
echo "File is valid, and was successfully uploaded.\n";

  }else
  {
echo "Possible file upload attack!\n";
  }

  }[/b]
                    if($_POST['id']){
                        $sql = "UPDATE `news` SET title='" . $_POST['title'] . "', content='" . $_POST['content'] . "', picturename='" . [b]$uploadfile[/b] . "', alt='" . $_POST['alt'] . "', url='" . $_POST['url'] . "', author='" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', updated=NOW() WHERE id = '" . $_POST['id'] . "'";
                        $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
                        echo "news \"" . $_POST['title'] . "\" updated successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news[/url]!";
                    } else {
                        $sql = "INSERT INTO `news`  ( `id` , `title` , `content` , `picturename` , `alt` , `url` , `author`,  `added` ) VALUES('', '" . $_POST['title'] . "', '" . $_POST['content'] . "', '" . [b]$uploadfile[/b] . "', '" . $_POST['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";
                        $result = mysql_query($sql) or die ("ERROR: " . mysql_error() . "SQL: $sql");
                        $id = mysql_insert_id();
                        echo "Story \"" . $_POST['title'] . "\" added successfully - return to <a href=\"news.php\" onFocus=\"this.blur();\">news[/url] or view <a href=\"../index.php?news=" . $id . "\" onFocus=\"this.blur();\">news here[/url]!";
                    }
                  }
              }
            ?>
</body>
</html>
Link to comment
Share on other sites


insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";
Link to comment
Share on other sites

[quote author=redarrow link=topic=103556.msg413098#msg413098 date=1155206652]

insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";
[/quote][quote author=redarrow link=topic=103556.msg413098#msg413098 date=1155206652]

insert and update chage and try ok

['alt'] . "', '" . $_POST['url'] . "', '" . $_SESSION['firstname'] . " " . $_SESSION['lastname'] . "', NOW())";

to

['alt'] . "', '" . $_POST['url'] . "', ' " . $_SESSION['firstname'] . " ', ' " . $_SESSION['lastname'] . " ', NOW())";
[/quote]

That's the exact reason why I don't use '" . It's so sloppy and messy, when all you really need is a single quote.
Link to comment
Share on other sites

you need to redisign the whole insert and update ok.

an example only ok.

[code]
<?php session_start();

// post the varables with addslashes.

$id=addslashes($_POST['id']);  
$tilte=addslashes($_POST['title']);
$content=addslashes($_POST(['content']);
$alt==alddslashes($_POST['alt']);
$url==addslashes($_POST['url']);

// session correct format to inser into database.

$username=addslashes($_POST['username']);
$username=$_SESSION['username']=$username;

//get the id.

$id=$_GET['id'];

//then the proper format ok

// if isset post insert into database safely.

if(isset($_POST['submit'])){

$query="INSERT INTO xxxxxx(id,title,content,alt,url,username)
VALUES('$id','$title','$content','$alt','$url','$username')";

$result=mysql_query($query);

}
?>

[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.