Jump to content

Starting Big Project or How To Learn PHP In A Hurry


simcoweb

Recommended Posts

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

[quote author=Barand link=topic=104388.msg420358#msg420358 date=1156289919]

You are going to need a RESIZE() function which takes as aguments (input_file, output_file, size) and outputs a resized image to the output_file, which in my example code below creates a fuller image 400px wide and a thumb image 100px wide


[/quote]
Link to comment
Share on other sites

  • 4 weeks later...
Ok, back on track with this monster.

Update, have been doing some restructuring of the registration form to coordinate with the insertion of data into multiple tables as per your original example from reply #12:

[code]<?php
$sql = "INSERT INTO member (name, email, etc) VALUES ('$name', '$email', '$etc')";
mysql_query($sql);
$newid = mysql_unsert_id();

$sql = "INSERT INTO members_cat (memberid, categoryid) VALUES ('$newid', '$catid')";
mysql_query($sql);
?>[/code]

I did not use this method previously as I was taking a simpler method in using one table to insert the profiles into and then simply displaying them when summoned. However, I have since come to my senses and realize I need to update the method to something more  useful such as what you laid out in this table structure:

[quote]category        member_cat        members        specialties
==========      ===========        =========      ============
categoryid --+                id            +--  memberid    --+    id
category                |  memberid    >-+    name        +-<  memberid
                            +-< categoryid        title                speciality
                                                      company
                                                        phone
                                                        email
                                                        details
                                                        image[/quote]

Here's the question. I've created this series of queries in the 'new' registration form based on your model but receive this error:

[quote]Fatal error: Call to undefined function: mysql_unsert_id() in /home2/wwwxxxx/public_html/register-test.php on line 89[/quote]

The code including line 89 is this:

[code] // Run query
$sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1";
mysql_query($sql);
$newid = mysql_unsert_id();  [b][color=red]<-- LINE 89[/color][/b]

$sql2 = "INSERT INTO members_cat (memberid, categoryid) VALUES ('$newid', '$catid')";
mysql_query($sql2);

$sql3 = "INSERT INTO specialties (memberid, specialties) VALUES ('$newid' 'specialties')";
mysql_query($sql3);[/code]


I looked up 'UNSERT' and can't find anything on it. Don't know if this is a typo or what. But, it's producing an error like it's 'unknown'. Can you shed some light on this please?
Link to comment
Share on other sites

[quote]I looked up 'UNSERT' and can't find anything on it. Don't know if this is a typo or what. But, it's producing an error like it's 'unknown'. Can you shed some light on this please?[/quote]

As Thorpe pointed out in reply #39 in this thread, it should be "mysql_insert_id()". A typo on my part I'm afraid.
Link to comment
Share on other sites

I missed that in reply #39 :(  Sorry. But, glad I found out it was a typo so I don't have to search Google for hours looking for 'unsert'. :)

Now, as you notice i've changed the query codes a bit by addint $sql2 and $sql3 but now there's nothing being inserted. No errors occur...but nothing gets inserted. Once again i'm scratching my head.

Here's the latest snippet. See if you can spot WHY i'm going insane:

[code] // Run query
$sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1";
mysql_query($sql);
$newid = mysql_insert_id();

$sql2 = "INSERT INTO members_cat (`memberid`, `categoryid`) VALUES ('$newid', '$catid')";
mysql_query($sql2);

$sql3 = "INSERT INTO specialties (`memberid`, `specialties`) VALUES ('$newid' '$specialties')";
mysql_query($sql3);[/code]
Link to comment
Share on other sites

Ok, that produced this:

[quote]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #3' at line 1[/quote]

Line 1, of course, is my opening <?php tag. Not sure what this eludes to. Here's the entire block of code:

[code]<?php

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
set_magic_quotes_runtime(1);

include 'dbconfig.php';
// Connect to database
$eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $eg_objConn1);
// Enable sessions
session_start();
// Set Session Value
$_SESSION['loggedin'] = @$_POST['username'];

$username =$_POST['username'];

// Validate users input
if(!empty($_POST))
// Check email is a valid email address
if(isset($_POST['email'])) if(!ereg("^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,}\\.[0-9]{1,}\\.[0-9]{1,}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,}|[0-9]{1,})(\\]?)$", $_POST['email'])) $eg_error['email'] = "You must enter a valid email address!";
// Check password has a value
if(empty($_POST['password'])) $eg_error['password'] = "You must enter a password!";
// Check that confirmPass is the same as (comparison)
if(isset($_POST['confirmPass'])) if($_POST['confirmPass'] != @$_POST['password']) $eg_error['confirmPass'] = "Your passwords do not match!";
// Check that username is numbers and letters
if(isset($_POST['username'])) if(ereg("[!\"£\$%\^&\*()\+=\{}[.].][.[.]#~';:@/\.,<>\?\\| ]", $_POST['username'])) $eg_error['username'] = "The user name contains some illegal charactures, only use alpha-numeric charactures.";
// Check username has a value
if(empty($_POST['username'])) $eg_error['username'] = "You must enter a user name!";
// Check if any errors were returned and run relevant code
if(empty($eg_error))
{

  //check if username already exists
  $sql_user_check = "SELECT * FROM plateau_pros WHERE username='$username'";
      $result_name_check = mysql_query($sql_user_check);
      $usersfound = mysql_num_rows($result_name_check);
      mysql_query($sql_user_check);
     
// if user  found, note that and end
if ($usersfound > 0) {
    $eg_error['username'] = "Username $username is already in use. Please choose another username to continue.";
    } else {
     
// Conditional statement
//if(!empty($_POST))

// Upload File
$eg_success_File1 = false;
if(!empty($_FILES['photo']['name']))
{
// Check file is not larger than specified maximum size
$eg_allowUpload = $_FILES['photo']['size'] <= 100000 ? true : false;
// Check file is of the specified type
if($eg_allowUpload)
$eg_allowUpload = preg_match('/\\.(gif|jpg|jpeg|png)$/i', $_FILES['photo']['name']) ? true : false;

if($eg_allowUpload)
{
if(is_uploaded_file($_FILES['photo']['tmp_name']))
{
$eg_uploaddir = $_SERVER['DOCUMENT_ROOT']."/images/photo/";

$eg_uploadFile1 = $eg_uploaddir.rawurlencode($_FILES['photo']['name']);
// Create a unique filename for the uploaded file
$eg_i = 1;
while (file_exists($eg_uploadFile1))
{
$eg_separated_filename = explode(".",$eg_uploadFile1);
if (substr($eg_separated_filename[0],-1) == $eg_i)
{
$eg_separated_filename[0] = substr($eg_separated_filename[0], 0, (strlen($eg_separated_filename[0])-1));
$eg_i++;
}
$eg_separated_filename[0] = $eg_separated_filename[0] . "$eg_i";
$eg_uploadFile1 = implode(".",$eg_separated_filename);
}

$eg_success_File1 = move_uploaded_file($_FILES['photo']['tmp_name'], $eg_uploadFile1);
}

}

}

// Run query
$sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1";
mysql_query($sql) or die(mysql_error());
$newid = mysql_insert_id();

$sql2 = "INSERT INTO members_cat (`memberid`, `categoryid`) VALUES ('$newid', '$catid')";
mysql_query($sql2) or die(mysql_error());

$sql3 = "INSERT INTO specialties (`memberid`, `specialties`) VALUES ('$newid' '$specialties')";
mysql_query($sql3) or die(mysql_error());

// set session ID and redirect to login page upon success
// Set Session Value
$_SESSION['loggedin'] = @$_POST['username'];
// Go to page
header("Location: login.php");
exit;
}
}
?>[/code]
Link to comment
Share on other sites

Ok, here's the 'original' query code before I modified it to do the multiple queries. Perhaps there's an out of place " or , or ' or ) that my editor just isn't spotting. The only changes made were to the beginning of the query code to remove the ( ahead of the "INSERT and then removed the corresponding ) from the end of the query string. Then set up the variable $sql =

My hunch is even though my PHP editor shows the proper color coding for the various elements that something is out of alignment.

Here's the original:
[code] // Run query
mysql_query("INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."')", $eg_objConn1);[/code]

Here's the revised:

[code] // Run query
$sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1";
mysql_query($sql) or die(mysql_error());
$newid = mysql_insert_id();[/code]
Link to comment
Share on other sites

By looking at the query I would say you are going about it the wrong way, and it's severely insecure.  Take each varaible, and pass them into a smaller variable, and pass those to the query like
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
ex cetera on all of those, then build a simpler query to help you find the problem.
Like
$sql = "INSERT INTO plateau_pros (username, password, confirmpass, firstname, lastname, email, business, title, address, city, zip, phone, fax, mobile, category, comments, specialties, photo) VALUES ('$username', '$password', '$confirmpass'
and so on, and so forth, if you get resource id area, create a debug script(wildteen taught me that)
like
$debug = "
/n
DEBUG INFORMATION:
echo Contents of user: {$username}
echo Contents of Password: {$password}";
and so forth, then whenever you need to debug, call that variable, and it'll tell you all the contents, of all the variables, you can hunt down the problem that way.


$sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1";
mysql_query($sql) or die(mysql_error());
$newid = mysql_insert_id();
Link to comment
Share on other sites

If you look at the end of the $sql string, you left in the "$eg_objConn1" which is giving the error.

I was going to give you this lecture later, but Businessman is right, you shouldn't put anything into a query that originates from the user (GET, POST, COOKIE) without checking it first.

I usually use a "clean()" function

[code]<?php
function clean($data) {
        $data = strip_tags($data);
        $data = get_magic_quotes_gpc() ? $data : addslashes($data);
        return $data;
}

foreach ($_POST as $k => $v) {
    $$k = clean($v);
}
?>
[/code]
So if I have $_POST['xxx'] and $_POST['yyy'] it gives me 2 variables $xxx, $yyy which can be used in my queries.
Link to comment
Share on other sites

Ok, I cleared out all the $_POST references in the query and got it down to the nuts and bolts.

Here's a new development. As an experiment I commented out the $sql2 and $sql3 queries to see if I could isolate the problem. The first query ran fine and inserted the data properly. I uncommented the $sql2 query and it ran fine. When I did the same for $sql3 it produced some weird behaviour. For example. the image upload field should be populated with the name of the image. When the $sql3 is active the temp name/location is stored in that field instead of the image name.  Something is amiss with the 3rd query.

Also, it was creating an error something like 'Number of columns doesn't match line 1'  or similar.

Link to comment
Share on other sites

If you get the "Number of columns doesn't match error" it because you have query like

INSERT INTO tablename (a, b, c) VALUES ('$a', '$b')
or
INSERT INTO tablename (a, b, c) VALUES ('$a', '$b', '$c', '$d')

or
INSERT INTO tablename VALUES ('$a', '$b') and you don't provide a value for each column in the table
Link to comment
Share on other sites

That's interesting considering that query number $sql3 wants to insert two items into the 'specialties' table, the $newid and $specialties info. That table has 3 items including the auto-incremented 'id' field. They are

id
memberid
specialties

I don't see where it's any different than the $sql2 query which is inserting two items into the 'members_cat' table which contains:

id
memberid
categoryid

Link to comment
Share on other sites

I get this:

[code]INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('yosemite', 'park', 'park', 'yosemite', 'sam', 'yosemite@sam.com', 'WhoopAss', 'Come Get Some', 'here', 'there', '42342', '305-223-6900', '333-333-3333', '333-333-3333', 'Professional Services', 'butt kickin', 'yeehaws', '6620.jpg')
Warning: Cannot modify header information - headers already sent by (output started at /home2/wwwplat/public_html/register-test2.php:91) in /home2/wwwplat/public_html/register-test2.php on line 103[/code]
Link to comment
Share on other sites

I can't say 100% sure but I do know that if I comment out $sql3 and run the script that I get no errors and the data inserts perfectly. If I un-comment it I get the error message and the data inserted from the first two queries gets goofy as I mentioned previously that the image name doesn't show in the 'photo' field. Instead it displays the 'tmp/blahblah' info.  Now, that's an element of the file upload process above the query. That doesn't break unless I activate $sql3. This is a real stumper. I need to insert that data into the right table to make it all join together.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.