Jump to content

Add File Name To Match User Row

justlukeyou

By justlukeyou
in PHP Coding Help

 Share

Recommended Posts

justlukeyou Advanced Member

justlukeyou

Posted
Posted (edited)

HI,

 

I have two pieces of code. One which displays the full name of a member and a second piece of code which uploads an image and then adds the image file name to user database under 'logo'.

 

The two pieces of code work fine however when I upload an image it creates a new row in the database. It should be adding the file name of the logo to the logo cell of user.

 

For example:

 

Correct

First Name: Joe

Surname: Bloggs

Logo: 123987.png

 

Incorrect

First Name: Joe

Surname: Bloggs

Logo: (blank)

 

First Name: (blank)

Surname: (blank)

Logo: 123987.png

 

Can anyone advise how add the file name of the logo to match the row of the user?

 

<div class="container">
<div class="content-container1">
<div class="content-container2">
<div class="section-navigation">
</div>
 <div class="content">

 <div class="topheader">	
<?php
 if ($_SESSION['userLoggedIn'])



{
echo '<div class="loggedin">
' . $_SESSION['userfirstname'] . ' ' . $_SESSION['usersurname'] . ' <a href="/test/closesession.php">Logout</a>
</div>
';
} else { echo
'<div class="headersignin">
<a href="/users/login.php" rel="nofollow" class="blacklink" >
Sign in
</a>
</div>
<div class="headerjoin">
<a href="/users/register.php" rel="nofollow" class="whitelink" > Join free</a>
</div>';
}
?>

 

 



<?php // upload.php
echo <<<_END
<form method='post' action='upload.php' enctype='multipart/form-data'>
Select a JPG, GIF, PND or TIF File
<input type='file' name='filename' size='20' />
<input type='submit' value='Upload' />
</form>
_END;


if ($_FILES)
{
$name = $_FILES['filename']['name'];

switch($_FILES['filename']['type'])
{
case 'image/jpeg': $ext = 'jpg'; break;
case 'image/gif': $ext = 'gif'; break;
case 'image/png': $ext = 'png'; break;
case 'image/tiff': $ext = 'tif'; break;
default: $ext = ''; break;
}

if ($ext)
{
$n = uniqid().".$ext";
move_uploaded_file($_FILES['filename']['tmp_name'], $n);
echo "Upload image '$name' as '$n':<br />";
}
else echo "'$name' is not accepted image file";
}
else echo "No image has been uploaded";
?>
<?php

if(!$errors){
 $query = "INSERT INTO users (logo) VALUES ('" . $n . "')";

 $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error

}

?>

Edited by justlukeyou
Link to comment
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted (edited)

Thanks mate, I really struggled with UPDATE last time.

 

Should it be something like this:

 

<?php

if(!$errors){


	  $sql = "UPDATE users (logo) VALUES ('" . $n . "')  WHERE id={$id}";
    $result = mysql_query($sql) or die("An error occurred ".mysql_error());

}  

?>

Edited by justlukeyou
Link to comment
Share on other sites
Andy-H Advanced Member

Andy-H

Posted
Posted (edited) 

$sql = "UPDATE users SET logo = '". mysql_real_escape_string($n) ."' WHERE id=". (int)$id ." LIMIT 1";

 

Note the LIMIT 1, I assume that since you're searching by ID you're only expecting 1 result be returned. The LIMIT 1 stops searching once that result has been found.

 

Also, mysql_ functions have been soft deprecated, see mysql_query, it is advisable to use PDO or MySQLi instead.

 

-----

 

$n is not a very descriptive variable name, it is considered good practice to use descriptive variable names, this way, if you (or anybody else) come back to the code in future, you have a better chance of understanding what the code is trying to achieve.

Edited by Andy-H
Link to comment
Share on other sites
Andy-H Advanced Member

Andy-H

Posted
Posted (edited) 

<div class="container">
<div class="content-container1">
<div class="content-container2">
<div class="section-navigation"></div>
<div class="content">
<div class="topheader">
<?php if ($_SESSION['userLoggedIn']) { ?>
<?php /*
* SHORT ECHO TAG (< ?=) IS ALWAYS AVAILABLE SINCE PHP 5.4.0
* OUTPUT SHOULD BE ESCAPED WITH htmlentities TO AVOID XSS
* ALSO, IF OUTPUTTING LITTLE OR NO VARIABLES, IN A LARGE CHUNK OF HTML,
* IT'S GENERALLY CLEANER TO JUMP OUT OF PHP TAGS RATHER THAN USING HEREDOC OR ECHO/PRINT
*/
?>
<div class="loggedin">
<?= htmlentities($_SESSION['userfirstname'] .' '. $_SESSION['usersurname'], ENT_QUOTES, 'UTF-8'); ?>
<a href="/test/closesession.php">Logout</a>
</div>
<?php }else{ ?>
<div class="headersignin">
<a href="/users/login.php" rel="nofollow" class="blacklink" >Sign in</a>
</div>
<div class="headerjoin">
<a href="/users/register.php" rel="nofollow" class="whitelink">Join free</a>
</div>
<?php } ?>

 

 

<form method='post' action='upload.php' enctype='multipart/form-data'>
Select a JPG, GIF, PND or TIF File
<input type='file' name='filename' size='20' />
<input type='submit' value='Upload' />
</form>
<?php
if ( !empty($_FILES) ) {
$errors = array();
// list of allowed extensions (filetypes)
$allowed_extensions = array('jpg', 'gif', 'png', 'tif');
$filename = $_FILES['filename']['name'];
// list created variables (in the scope in which it is called) from an array of values
// i.e. list($a) = array('a') is the same as $a = 'a';
list($width, $height, $type, $attr) = getimagesize($_FILES['filename']['tmp_name']);
// image_type_to_extension is available in PHP 5
$extension = image_type_to_extension($type, false); // param 2, true/false, include '.', i.e. '.jpg'
if ( $extension == 'jpeg' )
$extension = 'jpg';
// add an error message instructing the user of allowed filetypes if they try to upload on thats not allowed
if ( !in_array($extension, $allowed_extensions) )
$errors[] = "'". htmlentities($filename, ENT_QUOTES, 'UTF-8') ."' is not an accepted image file, please upload a ". implode('/', $allowed_extensions) .' image';
// create unique filename
$new_filename = uniqid() .'.'. $extension;
// if moving the file fails add an error message
if ( !move_uploaded_file($_FILES['filename']['tmp_name'], $new_filename) )
$errors[] = 'There was an unexpected error uploading your file';
// Using PDO, you should probably include this from somewhere
// $dbh = new PDO('mysql:dbname=mysql_dbname;host=127.0.0.1', 'mysql_username', 'mysql_password');
// $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); // this prevents SQL injection
if ( emtpy($errors) ) {
$stmt = $dbh->prepare('INSERT INTO users ( logo ) VALUES ( :logo )');
$stmt->bindParam(':logo', $new_filename, PDO::PARAM_STR, strlen($new_filename));
if ( $stmt->execute() ) {
echo 'Your file was successfully uploaded to '. $new_filename;
}else{
echo 'An unexpected database error has occured'
}
}else{
echo implode('<br />', $errors);
}
}
?>

 

Hope that helps, if there are any functions you don't understand go to http://php.net/functionname, i.e. if you don't understand how the list function works, go to http://php.net/list

 

NOTE: I didn't test this code, so it may not work straight out of the box

 

// EDIT

 

Trying to fix indenting problem

Edited by Andy-H
Link to comment
Share on other sites
Andy-H Advanced Member

Andy-H

Posted
Posted (edited) 

<div class="container">
 <div class="content-container1">
   <div class="content-container2">
     <div class="section-navigation"></div>
     <div class="content">
       <div class="topheader">
<?php if ($_SESSION['userLoggedIn']) { ?>
<?php
/*
* SHORT ECHO TAG (< ?=) IS ALWAYS AVAILABLE SINCE PHP 5.4.0
* OUTPUT SHOULD BE ESCAPED WITH htmlentities TO AVOID XSS
* ALSO, IF OUTPUTTING LITTLE OR NO VARIABLES, IN A LARGE CHUNK OF HTML,
* IT'S GENERALLY CLEANER TO JUMP OUT OF PHP TAGS RATHER THAN USING HEREDOC OR ECHO/PRINT
*/
?>
       <div class="loggedin">
         <?= htmlentities($_SESSION['userfirstname'] .' '. $_SESSION['usersurname'], ENT_QUOTES, 'UTF-8'); ?>
         <a href="/test/closesession.php">Logout</a>
       </div>
<?php }else{ ?>
       <div class="headersignin">
         <a href="/users/login.php" rel="nofollow" class="blacklink" >Sign in</a>
       </div>
       <div class="headerjoin">
         <a href="/users/register.php" rel="nofollow" class="whitelink">Join free</a>
       </div>
<?php } ?>

 

 

<form method='post' action='upload.php' enctype='multipart/form-data'>
 Select a JPG, GIF, PND or TIF File
 <input type='file' name='filename' size='20' />
 <input type='submit' value='Upload' />
</form>
<?php
if ( !empty($_FILES) ) {
 $errors = array();
 // list of allowed extensions (filetypes)
 $allowed_extensions = array('jpg', 'gif', 'png', 'tif');
 $filename = $_FILES['filename']['name'];
 // list created variables (in the scope in which it is called) from an array of values
 // i.e. list($a) = array('a') is the same as $a = 'a';
 list($width, $height, $type, $attr) = getimagesize($_FILES['filename']['tmp_name']);
 // image_type_to_extension is available in PHP 5
 $extension = image_type_to_extension($type, false); // param 2, true/false, include '.', i.e. '.jpg'
 if ( $extension == 'jpeg' )
   $extension = 'jpg';
 // add an error message instructing the user of allowed filetypes if they try to upload on thats not allowed
 if ( !in_array($extension, $allowed_extensions) )
   $errors[] = "'". htmlentities($filename, ENT_QUOTES, 'UTF-8') ."' is not an accepted image file, please upload a ". implode('/', $allowed_extensions) .' image';
 // create unique filename
 $new_filename = uniqid() .'.'. $extension;
 // if moving the file fails add an error message
 if ( !move_uploaded_file($_FILES['filename']['tmp_name'], $new_filename) )
   $errors[] = 'There was an unexpected error uploading your file';
 // Using PDO, you should probably include this from somewhere
 // $dbh = new PDO('mysql:dbname=mysql_dbname;host=127.0.0.1', 'mysql_username', 'mysql_password');
 // $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); // this prevents SQL injection
 if ( emtpy($errors) ) {
   $stmt = $dbh->prepare('INSERT INTO users ( logo ) VALUES ( :logo )');
   $stmt->bindParam(':logo', $new_filename, PDO::PARAM_STR, strlen($new_filename));
   if ( $stmt->execute() ) {
     echo 'Your file was successfully uploaded to '. $new_filename;
   }else{
     echo 'An unexpected database error has occured'
   }
 }else{
   echo implode('<br />', $errors);
 }
}
?>

//edit

This forum software is :stoopid:

Edited by Andy-H
Link to comment
Share on other sites
justlukeyou Advanced Member

justlukeyou

Posted
  • Author
Posted

Hi,

 

I tried the following code but this has had no impact. I have also tried a number of variations without working.

 

$sql = "UPDATE users SET logo = '". mysql_real_escape_string($n) ."' WHERE id=". (int)$id ." LIMIT 1";

 

I am using the following update code on another page which works, does this help at all?

 

    $sql = "UPDATE users SET {$values} WHERE id={$id}";

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.