PHP code will not update Mysql

[Derby Artists]

Hi, I built this site, www.derbyartists.co.uk, and within 2 days of it going live it is causing problems....i have done local advertising etc and th site got hit more than I ever imagined.

What I want to do is create php processor to take the sign up form to my sql database and automate an email reponse to the sender saving me loads of time.

 

I have been playing with php script on a test page and have come up with the following

 

Here is the processor code

 

<?php

$target = "image/";

$target = $target . basename( $_FILES['upload']['name']);

$name=$_POST['name'];

$email=$_POST['email'];

$phone=$_POST['phone'];

$upload=($_FILES['upload']['name']);

mysql_connect("", "", "") or die(mysql_error()) ;

mysql_select_db("derbyartists_co") or die(mysql_error()) ;

mysql_query("INSERT INTO `test` VALUES ('$name', '$address', '$email', '$upload')");

if(move_uploaded_file($_FILES['upload']['tmp_name'], $target))

{

echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";

}

else {

echo "Sorry, there was a problem uploading your file.";

}

?>

 

This does upload the image into my image folder on the server but it doesnt put anything in the mysql database.

Any help would be greatky aooreiated

[cags]

Do you get an error message displayed, or does it just fail to insert into the db? Is the name of the table in your database test? How many columns are their in test, what are the column types?

 

I highly recommend you edit that last post ASAP and remove your details from mysql_connect() and mysql_select_db

 

[Derby Artists]

Hi ooopps sorry just copied it from DW without thinking, no error messages at all in fact it says its been upload correctly.

 

The columns are id, name, address, email, upload Id is set to INT auto and yes the name of the db is called test, do you know if it could be something I am doing database side.

 

And your right it is not uploading any info into the database. Just the images into image folder.

[cags]

Sounds like the problem is due to your table having 5 columns and your VALUES () section only having 4, this is fine, but you need to specify which columns they are.

 

<?php
mysql_query("INSERT INTO `test` (`name`, `address`, `email`, `upload`) VALUES ('$name', '$address', '$email', '$upload')"); 
?>

[Derby Artists]

Thanks for that will try it in a minute, you said I only have 4 categories but I put "id" "name" "address" "email" "upload" should I not count the id and how important will the "id" be to me with what I want to do.

I have very very little knowledge of php mysql so you are talking to layman on the subject....finding it a little easier than I thought and Im quite a quick learner.

 

I take it I am doing the right thing of putting the uploaded images to a seperate folder on my server, but how do I match these up with the people who have uploaded them.

[Maq]

You should also be escaping your POST values with mysql_real_escape_string, to prevent SQL injections.

[cags]

As I said you have 5 columns, but your only inserting 4 with your INSERT code. I'm assuming your `id` field is set to auto increment, so you don't need to explicitly insert it. If you are not inserting a value for every field you do need to inform MySQL which columns your updating. Hence the code I suggested.

 

As far as putting the file in a folder, yes, definately the right thing to do. If you need to match it up with who uploaded it, You'd track it using a table in your database. Without knowing full project details it's hard to know the exact format. But you could have a table for users (which stores id, username, etc, etc) and a column for uploads which would have (id, uploader_id, file_uri). It all depends what your going for.

[otuatail]

if you have 5 columbs in the table is ID AUTO INSERT if not it will be required.

 

Desmond.

 

[Derby Artists]

Thanks Cags works a treat??

 

Maq like I said I am a layman so

"You should also be escaping your POST values with mysql_real_escape_string(), to prevent SQL injections."

This means nothing to me, it would be nice to know where I would put this.

 

Cags you mentioned a table for the file uploads, sorry if I sound stupid but isnt it a table I already have ie "name" etc and you mention "and a column for uploads which would have (id, uploader_id, file_uri)".  I dont understand this bit, how can 1 column have more than one thing in it.

 

Thanks for any help again people

 

[cags]

Basically what Maq was suggesting is that you have your code something like...

 

<?php
$sql = sprintf("INSERT INTO `test` (`name`, `address`, `email`, `upload`) VALUES ('%s', '%s', '%s', '%s')",
                   mysql_real_escape_string($name), 
                   mysql_real_escape_string($address),
                   mysql_real_escape_string($email),
                   mysql_real_escape_string($upload)); 
mysql_query($sql) or trigger_error("Query Error: " . mysql_error(), E_USER_ERROR);
?>

 

Looks a bit complicated, but basically sprintf is a function that will insert everything after the first paramter into the first parameter in position of special keywords in this case we have used %s, meaning it's of type string. So the 2nd-5th paramaters will be inserted into the first in place of the %s's. Technically speaking you can do what he suggested without sprintf, I just think it makes it easier to follow.

 

The mysql_real_escape_string takes a string and replaces all MySQL special characters with the special character preceded by a backslash (so for example it will replace ' with \'). If you don't do this your site will be vulnerable to several types of sql injection attacks.

 

With regards to my last post, that should have said "and a table for uploads", it was a typo, as you say 1 column should only contain one value.

 

Cags you mentioned a table for the file uploads, sorry if I sound stupid but isnt it a table I already have ie "name" etc

 

I have no idea, alas my crystal ball is in for a service so I can't automatically divine what is stored in a table based on a column name of one word.

 

Note: If somebody mentions a function you don't understand, look it up on php.net, you will answer many of your own questions.

 

 

 

[Derby Artists]

Thanks Cags, but where in the code does this go. does it just go below all the code I already have.

 

Also Cags when someone uploads the files it goes to a seperate screen saying, your file has been uploaded etc....How can I stop it from going to another page and just open a little 200x200 window stating its been uploaded etc.

 

Thanks for all your help on this one

[cags]

If you can't work out where it goes, then I have to say your understanding is probably not going to be what is required to make anything any more complicated than you have. Just looking at the line of code should make it fairly obvious where in your code it goes. We create a query string, then send the query string to the database. The code replaces your current call of mysql_query as it essentially does exactly the same thing only more securely.

 

From what I can see of the code you have. The form POSTs to a seperate page which then processes the data and outputs success or failure. To stop it going to another screen you could self POST and process the information on the same page or you could redirect back after success. In order to make a pop-up window of a specifc size (something which I actually hate) you will probably have to use JavaScript as PHP cannot directly control the users browser.

[Derby Artists]

Stupid me, with being new to php etc I just see code and panic. so after sitting back and reading then I think this is right

 

 

instead of

mysql_query("INSERT INTO `test` VALUES ('$name', '$address', '$email', '$upload')");

 

I put

 

$sql = sprintf("INSERT INTO `test` (`name`, `address`, `email`, `upload`) VALUES ('%s', '%s', '%s', '%s')",

                  mysql_real_escape_string($name),

                  mysql_real_escape_string($address),

                  mysql_real_escape_string($email),

                  mysql_real_escape_string($upload));

mysql_query($sql) or trigger_error("Query Error: " . mysql_error(), E_USER_ERROR);

 

Ok ditched the idea of a pop up, if they are annoying to the user so where it says

 

echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";

}

 

can i have something like echo "success.htm" to go back to another page the same as my home page but with a message saying "thank you complete"

 

Thanks again

[cags]

Exactly.

 

This is how I would do it...

 

<?php
if(isset($_POST['submit'])) {
  // process information and upload to mysql here (like the code we've been discussing)
  if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) {
    $feedback = "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";
  } else {
    $feedback = "Sorry, there was a problem uploading your file.";
  } 
}
?>
<!-- the header / heading etc of your document here -->
<?php if(isset($feedback)) { echo $feedback; } ?>

<form action="" method="post">
<!-- your form info here, this is an example -->
<input type="hidden" name="submit" value="1" />
<input type="submit" />
</form>
<!-- footer/ rest of page here -->

[Derby Artists]

Thanks Cags, I am at work later so I intend to make the proper page and if I get stuck will give you a shout mate.

 

Thank you so so much, I have learnt a great deal just from this post.

[Derby Artists]

Here is where I am at

 

<?php

$target = "image/";

$target = $target . basename( $_FILES['upload']['upload1']['name']);

$name=$_POST['name'];

$address=$_POST('address'];

$address1=$_POST('address1'];

$city=$_POST('city'];

$postcode=$_POST('postcode'];

$telephone=$_POST('telephone'];

$mobile=$_POST('mobile'];

$email=$_POST['email'];

$upload=($_FILES['upload']['name']);

$upload1=($_FILES['upload1']['name']);

$bio=$_POST['bio'];

 

mysql_connect("", "", "") or die(mysql_error()) ;

mysql_select_db("derbyartists_co") or die(mysql_error()) ;

&sql = sprintf("INSERT INTO `signup` (`name`, `address`, `address1`, `city`,`postcode`,`telephone`,`mobile`,`email`,`upload`, `upload1`,`bio`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",

                  mysql_real_escape_string($name),

                  mysql_real_escape_string($address),

  mysql_real_escape_string($address1),

                  mysql_real_escape_string($city),

  mysql_real_escape_string($postcode),

  mysql_real_escape_string($telephone),

  mysql_real_escape_string($mobile),

                  mysql_real_escape_string($email),

  mysql_real_escape_string($upload),

  mysql_real_escape_string($upload1),

                  mysql_real_escape_string($bio));

mysql_query($sql) or trigger_error("Query Error: " . mysql_error(), E_USER_ERROR);

 

if(move_uploaded_file($_FILES['upload''upload1']['tmp_name'], $target))

{

echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";

}

else {

echo "Sorry, there was a problem uploading your file.";

}

?>

 

And I am now getting an error message of

 

Parse error: syntax error, unexpected ']' in /customers/derbyartists.co.uk/derbyartists.co.uk/httpd.www/php/signup1.php on line 7

 

Thanks again

[Maq]

Well look at your $_POSTs, you're using a parenthesis and a square bracket.  You should be using square brackets.

[Derby Artists]

Thanks Maq sorted the brackets now I am getting

 

Parse error: syntax error, unexpected '&' in /customers/derbyartists.co.uk/derbyartists.co.uk/httpd.www/php/signup1.php on line 18

 

Line 18:-

&sql = sprintf("INSERT INTO `signup` (`name`, `address`, `address1`, `city`,`postcode`,`telephone`,`mobile`,`email`,`upload`, `upload1`,`bio`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",

 

Could you also tell me if this is correct, the user is required to upload 2 files, and I dont know if this will cause any problems

 

if(move_uploaded_file($_FILES['upload''upload1']['tmp_name'], $target))

{

Should this be ['upload']['upload1']

[cags]

Firstly the first problem is fairly obvious if you actually read the error message. Unexpected ampersand, so we look through the line for an ampersand, oooh, look one right at the start. Hmm.. thats a variable, I wonder what character that should be....

 

Secondly, no that doesn't make any sense. If you want to move both files, and one file input node has the name upload and the other has the name upload 1, then you would be more along the lines of...

 

if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) {
}

 

That may not be 100% I've not worked with files in months.

[Derby Artists]

Thanks cags, I noticed you put $target2 so shouldnt the top 2 lines be different

This is what it is at the minute

$target = "image/";

$target = $target . basename( $_FILES['upload'][upload1]['name'])

 

should it be

$target = "image/";

$target = $target . basename( $_FILES['upload']['name'])

$target2 = "image/";

$target2= $target . basename( $_FILES['upload1']['name'])

 

Without getting impatient with me, I did read the code and understood that their was "&" their but I really have got no idea what to put in its place.

[Maq]

Without getting impatient with me, I did read the code and understood that their was "&" their but I really have got no idea what to put in its place.

 

These errors are very basic mistakes, and it is irritating that you're trying to perform something such as uploading files when you don't even know the fundamentals yet.  I suggest you read the manual and some tutorials on the basics before proceeding.  To answer your question, you need to replace the ampersand with '$', it is a variable.

 

 

[cags]

Well lets put it this way, you said they have to upload two files, you can't store them as the same filename can you? They'd overwrite each other.

 

Without getting impatient with me, I did read the code and understood that their was "&" their but I really have got no idea what to put in its place.

 

If you don't understand what character should be there you really need to go back to basics and learn PHP, otherwise your going to be doing absolutely nothing but posting problems on here, and it won't take long for people to become impatient. Many of the questions your asking are far beyond what I'd consider the difficultly of knowing what that character should be. If you don't get the basics like that down, your unlikely to get anywhere without people essentially spoon feeding code to you.

 

As tempted as I am to not tell you what it should be, I guess I will this once. sql is a variable, all variables in PHP must begin with a dollar sign.

 

I'm sorry if any of that sounds too harsh, thats not my intention, I'm just pointing out that knowing a variable should begin with a dollar sign should be one of the first things you learnt.

[Derby Artists]

I have took your advice and done a couple of tutorials and read up a little, which I will continue doing later tonight when I get in.

 

I have the form working now and uploading correctly with correct file names etc, the trouble I am having now is when I retrieve the data using retrieve.php

 

I get all the info but I want it to show the images, it just shows red crosses, if i look at the source page it picks up the names of the images but just doesnt display them.

 

 

{

Echo "<img src=www.derbyartists.co.uk/php/image/".$info['upload']."> <br>";

Echo "<img src=www.derbyartists.co.uk/php/image/".$info['upload1']."> <br>";

Echo "<b>Name:</b> ".$info['name'] . "<br> ";

Echo "<b>Address:</b> ".$info['address'] . "<br> ";

Echo "<b>Address1:</b> ".$info['address1'] . "<br> ";

Echo "<b>City:</b> ".$info['city'] . "<br> ";

Echo "<b>Postcode:</b> ".$info['postcode'] . "<br> ";

Echo "<b>Telephone:</b> ".$info['telephone'] . "<br> ";

Echo "<b>Mobile:</b> ".$info['mobile'] . "<br> ";

Echo "<b>Email:</b> ".$info['email'] . " <br>";

Echo "<b>Bio:</b> ".$info['bio'] . " <hr>";

}

?>

 

Thanks in advance

[cags]

Try...

<?php
echo '<img src="htp://www.derbyartists.co.uk/php/image/'.$info['upload'].'" /> <br />';
echo '<img src="http://www.derbyartists.co.uk/php/image/'.$info['upload1'].'" /> <br />';
?>

 

It's a more 'best practice' version (god that's bad English). It may well not work though, if it doesn't, are you sure the path is correct?

[Derby Artists]

Thanks Cags, sorted, see how your trying to catch me out with the missing "t" in http, but thank you so much for helping me get this one mate.

 

Note to Maq....

 

I find your replies a little unfair, although I agree that you should read, try and understand before you post on forums if you read the post you will see I have tried I didnt come here with no code, and if you also read the post correctly I did mention that I was "LAYMAN" and NEW to PHP, we all need to start somewhere. I hope people were a little more helpful when you were on the steep learning curve.

 

I will enlighten you into the 3 different learning styles

 

Visual...People who learn from reading/watching

Auditory....People who learn by listening

Kinesthetic...People who learn by doing

 

I come into a Kinesthetic learner, I will play with the script and if I get stuck after a few hours I will ask the question, if at any point you found me irritating, my response is "I didnt personally ask you to answer the question", if people irritate you stay away from their post, half the reason for forums is to help people at all stages of development, not just people with the same knowledge on the subject as yourself.

My current job is a technical trainer with Audi, and if my superiors found that I told my students they were irritating because they couldnt pick the basic firing order of an engine then I would no longer be in a job.