Jump to content

Archived

This topic is now archived and is closed to further replies.

tommyc325

Variable not inserting

Recommended Posts

[code=php:0]

<?php require_once('../Connections/blog_oconn.php');

if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
  // For security, start by assuming the visitor is NOT authorized.
  $isValid = False;

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
  // Therefore, we know that a user is NOT logged in if that Session variable is blank.
  if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    }
    if (($strUsers == "") && true) {
      $isValid = true;
    }
  }
  return $isValid;
}

$MM_restrictGoTo = "login.php?alert=no";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { 
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo);
  exit;
}


$username = $_SESSION['MM_Username'];
$currentdate = date('l, F jS, Y');



if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO entries (headline, `date`, content, image, `user`) VALUES (%s, %s, %s, %s, %s)",
                      GetSQLValueString($_POST['headline'], "text"),
                      GetSQLValueString($_POST['date'], "text"),
                      GetSQLValueString($_POST['content'], "text"),
                      GetSQLValueString($_POST['image'], "text"),
                      GetSQLValueString($_POST['username'], "text"));

  mysql_select_db($database_blog_oconn, $blog_oconn);
  $Result1 = mysql_query($insertSQL, $blog_oconn) or die(mysql_error());

  $insertGoTo = "entries.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

$colname_new_blog = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_new_blog = (get_magic_quotes_gpc()) ? $_SESSION['MM_Username'] : addslashes($_SESSION['MM_Username']);
}
mysql_select_db($database_blog_oconn, $blog_oconn);
$query_new_blog = sprintf("SELECT * FROM entries WHERE `user` = %s", GetSQLValueString($colname_new_blog, "text"));
$new_blog = mysql_query($query_new_blog, $blog_oconn) or die(mysql_error());
$row_new_blog = mysql_fetch_assoc($new_blog);
$totalRows_new_blog = mysql_num_rows($new_blog);



/*  Image Upload Sciprt
    Copyright Pbkill.com
    Do Not Remove Under Penealty of Law
*/

$maxfilesize = 4048000000;
$uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/blog/uploads/";
$file = $_FILES['userfile']['tmp_name'];
$filename = $_FILES['userfile']['name'];
   
// Make the function for upload
function do_upload() {
    // Valid file Mime types / extension
    $allowed_types = array(
        "image/jpeg" => "jpg",
        // Add more types here if you like
    );
   
    // Check to see if file is an allowed extension
    if(!array_key_exists($_FILES['userfile']['type'], $allowed_types)) {
        die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">Invalid file type!</font></center>");
    }
   
    // Set the maximum file size => 204800 = 200kb
    $maxfilesize = 4048000000;
   
    // Is it under the allowed Max file size?
    if($_FILES['userfile']['size'] > $maxfilesize) {
        die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">File is too large!</font></center>");
    }
   
    // Where are the files going?
    $uploaddir = $_SERVER['DOCUMENT_ROOT'] . "/blog/upload/";
   
    // What is the files temporary name?
    $file = $_FILES['userfile']['tmp_name'];
   
    // What is the files actual name?
    $filename = $_FILES['userfile']['name'];
       
    // Check to see if the file allready exists?
    if(file_exists($uploaddir . $filename)) {
        die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">A file with that name already exists on this server.</font></center>");
    } else {
        // If the file does not already exist, copy it.
        copy($file, $uploaddir.$filename) or die("<center><font color=\"#000000\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">Could not copy file.</font></center>");
    }
    } 

[/code]


AND HERES MY FORM

[code=php:0]

  <form action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data" name="form1">
<input type="hidden" name="action" value="do_upload">
  <table width="630" border="0" align="center" cellpadding="3" cellspacing="3" class="content">
    <tr>
      <td width="199" align="right" valign="top" class="content">Headline :</td>
      <td width="410" align="left" valign="middle" class="content"><label>
        <input name="headline" type="text" id="headline">
      </label></td>
    </tr>
    <tr>
      <td align="right" valign="top" class="content">Content :</td>
      <td align="left" valign="middle" class="content"><label>
        <textarea name="content" cols="40" rows="10" id="content"></textarea>
      </label></td>
    </tr>
   
   
    <tr>
      <td align="right" valign="top" class="content">&nbsp;</td>
      <td class="error">*please remember to resize your image to 300px. </td>
    </tr>
    <tr>
      <td align="right" valign="top" class="content"><font color="#000000" size="2" face="Verdana, Arial, Helvetica, sans-serif">Blog Image :</font></td>
      <td class="content"><font color="#000000">
        <input name="userfile" type="file" class="button" id="userfile">
        <font color="#000000">
        <input type="submit" name="Submit" value="Upload File!" class="button">
        </font></font></td>
    </tr>
  </table>
  <input name="image" type="hidden" id="image" value="http://www.alteredimage.com/blog/upload/<? echo $filename; ?>">
  <input name="username" type="hidden" id="username" value="<? echo $username; ?>">
  <input name="date" type="hidden" id="date" value="<? echo $currentdate; ?>">
  <input type="hidden" name="MM_insert" value="form1">
          </form>
 
 
 
  <p class="error"><?php
// If the form has been completed, execute the upload function (above).
if($_POST['action'] == "do_upload") {
    do_upload();
}
?>

[/code]

Everything is working other then this [code=php:0]<input name="image" type="hidden" id="image" value="http://www.alteredimage.com/blog/upload/<? echo $filename; ?>">[/code]

it uploads the file and inserts this statement into my db except for the filename variable.


PLEASE HELP.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.