Malevolence Posted August 21, 2009 Share Posted August 21, 2009 Hi there, I have a website I've designed and developed from the ground up. The page I am working on lets you add a song (the site is for songwriters). This page lets users add lyrics and chords as well as a title and they have the choice to upload a music file linked to that song. The final thing to note is that they can save it as a draft (checkbox). With all that in mind, the page will tell the user if he or she has 1. Missed out a field and 2. If there's been a database error. This error system works on my other pages so it's not that (however the script may be sloppy after my attempted debugging). The upload works by uploading a binary version of the file uploaded to the database in a mediumblob field. This is untested due to simpler problems getting in the way. For some reason when I type the title and fill in the lyrics field, sometimes click the draft button, I am redirected to the database error page (aka, the query was unsuccessful) I've commented the redirect out, and all I get is a white page... What could be happening? Do I need to set the file fields to null so I can submit? Is it a problem with the checkbox parsing? I am growing a bit tired of this script and need a second pair of eyes. Note that dbConn.inc.php is a valid file and works for the login script. The database works fine, the registration script works, its all good, just this page fails... Please note that session_start(); is found in the included file 'sessChk.inc.php', a page which simply checks if the user is logged in, nothing fancy there either. The standstill or error takes place under the comment '// Otherwise just upload the lyrics' is. The statements above work, perhaps its a var error? I am about to check db user privelages now... <?php include "sessChk.inc.php"; if(isset($_POST['submit'])) { $sttl = strip_tags($_POST['stitle']); $slyr = $_POST['slyrics']; if (isset($_POST['sdraft'])) { $sdra = "1"; } else { $sdra = "0"; } if (empty($sttl) || empty($slyr)) { $_SESSION['newsong'] = $sttl."|".$slyr."|".$sdra; header("location: addSong.php?err=1"); exit(); } if(!empty($_FILES['supload']) && $_FILES['supload']['size'] > 0) // If the upload field is not empty, set up the file upload. { $fileName = $_FILES['supload']['name']; $tmpName = $_FILES['supload']['tmp_name']; $fileSize = $_FILES['supload']['size']; $fileType = $_FILES['supload']['type']; $fp = fopen($tmpName, 'r'); $content = fread($fp, filesize($tmpName)); $content = addslashes($content); fclose($fp); if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); } include("dbConn.inc.php"); $q1 = "INSERT INTO `songs` (sName, sLyrics, sFlags, sfName, sfSize, sfType, sfContent) ". "VALUES ('$sttl', '$slyr', '$sdra', '$fileName', '$fileSize', '$fileType', '$content')"; if($r1 = mysqli_query($dbConn,$q1)) { header("location: mySongs.php"); exit(); } else { //header("location: addSong.php?err=3"); exit(); } } else // Otherwise just upload the lyrics { include("dbConn.inc.php"); $q2 = "INSERT INTO `songs` (sName,sLyrics,sFlags) VALUES ('$sttl', '$slyr', '$sdra')"; if($r2 = mysqli_query($dbConn,$q2)) { header("location: mySongs.php"); exit(); } else { //header("location: addSong.php?err=3"); //exit(); } } mysqli_close($dbConn); } else if (isset($_GET['err'])) { $sessReg = explode("|",$_SESSION['newsong']); $sttl = $sessReg[0]; $slyr = $sessReg[1]; $sdra = $sessReg[2]; $err=$_GET['err']; switch($err) { case 0: $errMsg = "Sucessful Upload, There was a mistake directing you to the My Songs page, however you can <a href=\"mySongs.php\">click here</a> to see your new song."; break; case 1: $errMsg = "You have failed to fill in the Title field or the Lyrics/Chord Sheet is empty."; break; case 2: $errMsg = "There was an error uploading the file to the server. Try again later."; break; case 3: $errMsg = "There was an error submitting your song to the database. Try again later."; break; default: $errMsg = "An unknown error occured, please try again"; } // Includes the Head of the page $js['tinymce'] = true; include "head.inc.php"; ?> <!-- BEGIN PAGE --> <div class="titleBox errTitle" id="errBox"><?php echo $errMsg; ?> <span style="position:relative; top:-20px; left:-2px; float:right;"><a onClick="javascript:hidediv();"><img src="im/errx.gif" alt="Dismiss" /></a></span></div> <img src="./im/gen_now.gif" alt="generation :Now" class="nowHeading" /> <div class="mainContBox"> <div class="titleBox mainTitle">ADD A SONG</div> <div class="titleBox sideTitle">MENU</div> <div class="mainBox"> <form enctype="multipart/form-data" name="addSong" action="addSong.php" method="POST"> <div style="float: right; font-size: 0.9em;" align="right"> <strong>Tip</strong> | Use the tag buttons found at the bottom left of the toolbar to structure your song. </div> Song Title: <input type="text" class="regField" name="stitle" value="<?php echo $sttl; ?>" tabindex="1" /> <br /><br /> <textarea cols="95" rows="20" name="slyrics" tabindex="2"><?php echo $slyr; ?></textarea> <br /> <div align="right" style="float: right;"> <input type="checkbox" name="sdraft" value="true"<?php if (!empty($sdra)) { echo "checked=\"yes\""; } ?>> Save as draft? <input name="submit" type="submit" value="Save" /> </div> Upload: <input type="hidden" name="MAX_FILE_SIZE" value="20000000" /><input name="supload" type="file" /> </form> </div> <?php include "sidebar.inc.php"; ?> </div> <!-- END PAGE --> <?php // Includes the Foot of the page include "foot.inc.php"; } else { // Includes the Head of the page $js['tinymce'] = true; include "head.inc.php"; ?> <!-- BEGIN PAGE --> <img src="./im/gen_now.gif" alt="generation :Now" class="nowHeading" /> <div class="mainContBox"> <div class="titleBox mainTitle">ADD A SONG</div> <div class="titleBox sideTitle">MENU</div> <div class="mainBox"> <form enctype="multipart/form-data" name="addSong" action="addSong.php" method="POST"> <div style="float: right; font-size: 0.9em;" align="right"> <strong>Tip</strong> | Use the tag buttons found at the bottom left of the toolbar to structure your song. </div> Song Title: <input type="text" class="regField" name="stitle" value="" tabindex="1" /> <br /><br /> <textarea cols="95" rows="20" name="slyrics" value="" tabindex="2"></textarea> <br /> <div align="right" style="float: right;"> <input type="checkbox" name="sdraft" value="true"> Save as draft? <input name="submit" type="submit" value="Save" /> </div> Upload: <input type="hidden" name="MAX_FILE_SIZE" value="20000000" /><input name="supload" type="file" /> </form> </div> <?php include "sidebar.inc.php"; ?> </div> <!-- END PAGE --> <?php // Includes the Foot of the page include "foot.inc.php"; } ?> Thanks if anyone can help :S Dan. Link to comment https://forums.phpfreaks.com/topic/171245-uploadsubmission-script-failing-no-error-return-fed-up/ Share on other sites More sharing options...
Malevolence Posted August 21, 2009 Author Share Posted August 21, 2009 I've now set the blob field (the file content binary field) to null and now I can insert rows within phpmyadmin without warnings... its gotta be something in this script. Link to comment https://forums.phpfreaks.com/topic/171245-uploadsubmission-script-failing-no-error-return-fed-up/#findComment-903045 Share on other sites More sharing options...
Malevolence Posted August 21, 2009 Author Share Posted August 21, 2009 Probably not allowed but bump? Also I doubt the problem area is big, just run through it in notepad++ or whatever and check for errors, im stumped personally... Link to comment https://forums.phpfreaks.com/topic/171245-uploadsubmission-script-failing-no-error-return-fed-up/#findComment-903238 Share on other sites More sharing options...
PFMaBiSmAd Posted August 21, 2009 Share Posted August 21, 2009 magic_quotes_gpc does not affect the uploaded $_FILES information (as of the last time I tested this.) You should use mysqli_real_escape_string() on all string data put into a query that could contain sql special characters, including the binary uploaded file contents, in order to prevent sql special characters in that data from breaking the sql query and to prevent sql injection. addslashes() does not escape all the special characters that can break a query. Only use mysqli_real_escape_string() to escape string data. magic_quotes_gpc does affect the $_POST information. If get_magic_quotes_gpc() is TRUE, you should use stripslashes() on any GET/POST/COOKIE string data to remove the escape characters that magic_quotes_gpc added, then unconditionally use mysqli_real_escape_string() on the string data being put into any query. Edit: and your query could be failing because you are exceeding the packet size permitted for one query (which is another reason why you should not store files in a database.) You should echo the mysqli_error() when the query fails in order to debug why the query is failing. Link to comment https://forums.phpfreaks.com/topic/171245-uploadsubmission-script-failing-no-error-return-fed-up/#findComment-903281 Share on other sites More sharing options...
Malevolence Posted August 21, 2009 Author Share Posted August 21, 2009 Thanks, I'll have a look at those, the file upload bit was just from a tutorial example so I didn't go over those. I will have a look at the error returned, I would have thought it would have echoed the error anyway... thanks for the quick reply. Link to comment https://forums.phpfreaks.com/topic/171245-uploadsubmission-script-failing-no-error-return-fed-up/#findComment-903296 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.