Jump to content


Photo

Variable not inserting


  • Please log in to reply
No replies to this topic

#1 tommyc325

tommyc325
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 26 October 2006 - 04:07 PM


<?php require_once('../Connections/blog_oconn.php');

if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "login.php?alert=no";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}


$username = $_SESSION['MM_Username'];
$currentdate = date('l, F jS, Y');



if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO entries (headline, `date`, content, image, `user`) VALUES (%s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['headline'], "text"),
                       GetSQLValueString($_POST['date'], "text"),
                       GetSQLValueString($_POST['content'], "text"),
                       GetSQLValueString($_POST['image'], "text"),
                       GetSQLValueString($_POST['username'], "text"));

  mysql_select_db($database_blog_oconn, $blog_oconn);
  $Result1 = mysql_query($insertSQL, $blog_oconn) or die(mysql_error());

  $insertGoTo = "entries.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

$colname_new_blog = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_new_blog = (get_magic_quotes_gpc()) ? $_SESSION['MM_Username'] : addslashes($_SESSION['MM_Username']);
}
mysql_select_db($database_blog_oconn, $blog_oconn);
$query_new_blog = sprintf("SELECT * FROM entries WHERE `user` = %s", GetSQLValueString($colname_new_blog, "text"));
$new_blog = mysql_query($query_new_blog, $blog_oconn) or die(mysql_error());
$row_new_blog = mysql_fetch_assoc($new_blog);
$totalRows_new_blog = mysql_num_rows($new_blog);



/*   Image Upload Sciprt
     Copyright Pbkill.com
     Do Not Remove Under Penealty of Law
*/

$maxfilesize = 4048000000;
$uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/blog/uploads/";
$file = $_FILES['userfile']['tmp_name'];
$filename = $_FILES['userfile']['name']; 
    
// Make the function for upload
function do_upload() {
    // Valid file Mime types / extension
    $allowed_types = array(
        "image/jpeg" => "jpg",
        // Add more types here if you like
    );
    
    // Check to see if file is an allowed extension
    if(!array_key_exists($_FILES['userfile']['type'], $allowed_types)) {
        die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">Invalid file type!</font></center>");
    }
    
    // Set the maximum file size => 204800 = 200kb
    $maxfilesize = 4048000000;
    
    // Is it under the allowed Max file size?
    if($_FILES['userfile']['size'] > $maxfilesize) {
        die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">File is too large!</font></center>");
    }
    
    // Where are the files going?
    $uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/blog/upload/";
    
    // What is the files temporary name?
    $file = $_FILES['userfile']['tmp_name'];
    
    // What is the files actual name?
    $filename = $_FILES['userfile']['name'];
        
    // Check to see if the file allready exists?
    if(file_exists($uploaddir . $filename)) {
        die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">A file with that name already exists on this server.</font></center>");
    } else {
        // If the file does not already exist, copy it.
        copy($file, $uploaddir.$filename) or die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">Could not copy file.</font></center>");
    }
    }  	



AND HERES MY FORM


  <form action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data" name="form1">
<input type="hidden" name="action" value="do_upload">
  <table width="630" border="0" align="center" cellpadding="3" cellspacing="3" class="content">
    <tr>
      <td width="199" align="right" valign="top" class="content">Headline :</td>
      <td width="410" align="left" valign="middle" class="content"><label>
        <input name="headline" type="text" id="headline">
      </label></td>
    </tr>
    <tr>
      <td align="right" valign="top" class="content">Content :</td>
      <td align="left" valign="middle" class="content"><label>
        <textarea name="content" cols="40" rows="10" id="content"></textarea>
      </label></td>
    </tr>
    
    
    <tr>
      <td align="right" valign="top" class="content">&nbsp;</td>
      <td class="error">*please remember to resize your image to 300px. </td>
    </tr>
    <tr>
      <td align="right" valign="top" class="content"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Blog Image :</font></td>
      <td class="content"><font color="#000000">
        <input name="userfile" type="file" class="button" id="userfile">
        <font color="#000000">
        <input type="submit" name="Submit" value="Upload File!" class="button">
        </font></font></td>
    </tr>
  </table>
  <input name="image" type="hidden" id="image" value="http://www.alteredimage.com/blog/upload/<? echo $filename; ?>">
  <input name="username" type="hidden" id="username" value="<? echo $username; ?>">
  <input name="date" type="hidden" id="date" value="<? echo $currentdate; ?>">
  <input type="hidden" name="MM_insert" value="form1">
          </form>
		  
		  
		  
		  <p class="error"><?php
// If the form has been completed, execute the upload function (above).
if($_POST['action'] == "do_upload") {
    do_upload();
}
?>	


Everything is working other then this
<input name="image" type="hidden" id="image" value="http://www.alteredimage.com/blog/upload/<? echo $filename; ?>">

it uploads the file and inserts this statement into my db except for the filename variable.


PLEASE HELP.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users