Jump to content

Add File Name To Match User Row


justlukeyou

Recommended Posts

HI,

 

I have two pieces of code. One which displays the full name of a member and a second piece of code which uploads an image and then adds the image file name to user database under 'logo'.

 

The two pieces of code work fine however when I upload an image it creates a new row in the database. It should be adding the file name of the logo to the logo cell of user.

 

For example:

 

Correct

First Name: Joe

Surname: Bloggs

Logo: 123987.png

 

Incorrect

First Name: Joe

Surname: Bloggs

Logo: (blank)

 

First Name: (blank)

Surname: (blank)

Logo: 123987.png

 

Can anyone advise how add the file name of the logo to match the row of the user?

 

<div class="container">
<div class="content-container1">
<div class="content-container2">
<div class="section-navigation">
</div>
 <div class="content">

 <div class="topheader">	
<?php
 if ($_SESSION['userLoggedIn'])



{
echo '<div class="loggedin">
' . $_SESSION['userfirstname'] . ' ' . $_SESSION['usersurname'] . ' <a href="/test/closesession.php">Logout</a>
</div>
';
} else { echo
'<div class="headersignin">
<a href="/users/login.php" rel="nofollow" class="blacklink" >
Sign in
</a>
</div>
<div class="headerjoin">
<a href="/users/register.php" rel="nofollow" class="whitelink" > Join free</a>
</div>';
}
?>

 

 



<?php // upload.php
echo <<<_END
<form method='post' action='upload.php' enctype='multipart/form-data'>
Select a JPG, GIF, PND or TIF File
<input type='file' name='filename' size='20' />
<input type='submit' value='Upload' />
</form>
_END;


if ($_FILES)
{
$name = $_FILES['filename']['name'];

switch($_FILES['filename']['type'])
{
case 'image/jpeg': $ext = 'jpg'; break;
case 'image/gif': $ext = 'gif'; break;
case 'image/png': $ext = 'png'; break;
case 'image/tiff': $ext = 'tif'; break;
default: $ext = ''; break;
}

if ($ext)
{
$n = uniqid().".$ext";
move_uploaded_file($_FILES['filename']['tmp_name'], $n);
echo "Upload image '$name' as '$n':<br />";
}
else echo "'$name' is not accepted image file";
}
else echo "No image has been uploaded";
?>
<?php

if(!$errors){
 $query = "INSERT INTO users (logo) VALUES ('" . $n . "')";

 $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error

}

?>

Link to comment
https://forums.phpfreaks.com/topic/270131-add-file-name-to-match-user-row/
Share on other sites

Thanks mate, I really struggled with UPDATE last time.

 

Should it be something like this:

 

<?php

if(!$errors){


	  $sql = "UPDATE users (logo) VALUES ('" . $n . "')  WHERE id={$id}";
    $result = mysql_query($sql) or die("An error occurred ".mysql_error());

}  

?>

$sql = "UPDATE users SET logo = '". mysql_real_escape_string($n) ."' WHERE id=". (int)$id ." LIMIT 1";

 

Note the LIMIT 1, I assume that since you're searching by ID you're only expecting 1 result be returned. The LIMIT 1 stops searching once that result has been found.

 

Also, mysql_ functions have been soft deprecated, see mysql_query, it is advisable to use PDO or MySQLi instead.

 

-----

 

$n is not a very descriptive variable name, it is considered good practice to use descriptive variable names, this way, if you (or anybody else) come back to the code in future, you have a better chance of understanding what the code is trying to achieve.

<div class="container">
<div class="content-container1">
<div class="content-container2">
<div class="section-navigation"></div>
<div class="content">
<div class="topheader">
<?php if ($_SESSION['userLoggedIn']) { ?>
<?php /*
* SHORT ECHO TAG (< ?=) IS ALWAYS AVAILABLE SINCE PHP 5.4.0
* OUTPUT SHOULD BE ESCAPED WITH htmlentities TO AVOID XSS
* ALSO, IF OUTPUTTING LITTLE OR NO VARIABLES, IN A LARGE CHUNK OF HTML,
* IT'S GENERALLY CLEANER TO JUMP OUT OF PHP TAGS RATHER THAN USING HEREDOC OR ECHO/PRINT
*/
?>
<div class="loggedin">
<?= htmlentities($_SESSION['userfirstname'] .' '. $_SESSION['usersurname'], ENT_QUOTES, 'UTF-8'); ?>
<a href="/test/closesession.php">Logout</a>
</div>
<?php }else{ ?>
<div class="headersignin">
<a href="/users/login.php" rel="nofollow" class="blacklink" >Sign in</a>
</div>
<div class="headerjoin">
<a href="/users/register.php" rel="nofollow" class="whitelink">Join free</a>
</div>
<?php } ?>

 

 

<form method='post' action='upload.php' enctype='multipart/form-data'>
Select a JPG, GIF, PND or TIF File
<input type='file' name='filename' size='20' />
<input type='submit' value='Upload' />
</form>
<?php
if ( !empty($_FILES) ) {
$errors = array();
// list of allowed extensions (filetypes)
$allowed_extensions = array('jpg', 'gif', 'png', 'tif');
$filename = $_FILES['filename']['name'];
// list created variables (in the scope in which it is called) from an array of values
// i.e. list($a) = array('a') is the same as $a = 'a';
list($width, $height, $type, $attr) = getimagesize($_FILES['filename']['tmp_name']);
// image_type_to_extension is available in PHP 5
$extension = image_type_to_extension($type, false); // param 2, true/false, include '.', i.e. '.jpg'
if ( $extension == 'jpeg' )
$extension = 'jpg';
// add an error message instructing the user of allowed filetypes if they try to upload on thats not allowed
if ( !in_array($extension, $allowed_extensions) )
$errors[] = "'". htmlentities($filename, ENT_QUOTES, 'UTF-8') ."' is not an accepted image file, please upload a ". implode('/', $allowed_extensions) .' image';
// create unique filename
$new_filename = uniqid() .'.'. $extension;
// if moving the file fails add an error message
if ( !move_uploaded_file($_FILES['filename']['tmp_name'], $new_filename) )
$errors[] = 'There was an unexpected error uploading your file';
// Using PDO, you should probably include this from somewhere
// $dbh = new PDO('mysql:dbname=mysql_dbname;host=127.0.0.1', 'mysql_username', 'mysql_password');
// $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); // this prevents SQL injection
if ( emtpy($errors) ) {
$stmt = $dbh->prepare('INSERT INTO users ( logo ) VALUES ( :logo )');
$stmt->bindParam(':logo', $new_filename, PDO::PARAM_STR, strlen($new_filename));
if ( $stmt->execute() ) {
echo 'Your file was successfully uploaded to '. $new_filename;
}else{
echo 'An unexpected database error has occured'
}
}else{
echo implode('<br />', $errors);
}
}
?>

 

Hope that helps, if there are any functions you don't understand go to http://php.net/functionname, i.e. if you don't understand how the list function works, go to http://php.net/list

 

NOTE: I didn't test this code, so it may not work straight out of the box

 

// EDIT

 

Trying to fix indenting problem

<div class="container">
 <div class="content-container1">
   <div class="content-container2">
     <div class="section-navigation"></div>
     <div class="content">
       <div class="topheader">
<?php if ($_SESSION['userLoggedIn']) { ?>
<?php
/*
* SHORT ECHO TAG (< ?=) IS ALWAYS AVAILABLE SINCE PHP 5.4.0
* OUTPUT SHOULD BE ESCAPED WITH htmlentities TO AVOID XSS
* ALSO, IF OUTPUTTING LITTLE OR NO VARIABLES, IN A LARGE CHUNK OF HTML,
* IT'S GENERALLY CLEANER TO JUMP OUT OF PHP TAGS RATHER THAN USING HEREDOC OR ECHO/PRINT
*/
?>
       <div class="loggedin">
         <?= htmlentities($_SESSION['userfirstname'] .' '. $_SESSION['usersurname'], ENT_QUOTES, 'UTF-8'); ?>
         <a href="/test/closesession.php">Logout</a>
       </div>
<?php }else{ ?>
       <div class="headersignin">
         <a href="/users/login.php" rel="nofollow" class="blacklink" >Sign in</a>
       </div>
       <div class="headerjoin">
         <a href="/users/register.php" rel="nofollow" class="whitelink">Join free</a>
       </div>
<?php } ?>

 

 

<form method='post' action='upload.php' enctype='multipart/form-data'>
 Select a JPG, GIF, PND or TIF File
 <input type='file' name='filename' size='20' />
 <input type='submit' value='Upload' />
</form>
<?php
if ( !empty($_FILES) ) {
 $errors = array();
 // list of allowed extensions (filetypes)
 $allowed_extensions = array('jpg', 'gif', 'png', 'tif');
 $filename = $_FILES['filename']['name'];
 // list created variables (in the scope in which it is called) from an array of values
 // i.e. list($a) = array('a') is the same as $a = 'a';
 list($width, $height, $type, $attr) = getimagesize($_FILES['filename']['tmp_name']);
 // image_type_to_extension is available in PHP 5
 $extension = image_type_to_extension($type, false); // param 2, true/false, include '.', i.e. '.jpg'
 if ( $extension == 'jpeg' )
   $extension = 'jpg';
 // add an error message instructing the user of allowed filetypes if they try to upload on thats not allowed
 if ( !in_array($extension, $allowed_extensions) )
   $errors[] = "'". htmlentities($filename, ENT_QUOTES, 'UTF-8') ."' is not an accepted image file, please upload a ". implode('/', $allowed_extensions) .' image';
 // create unique filename
 $new_filename = uniqid() .'.'. $extension;
 // if moving the file fails add an error message
 if ( !move_uploaded_file($_FILES['filename']['tmp_name'], $new_filename) )
   $errors[] = 'There was an unexpected error uploading your file';
 // Using PDO, you should probably include this from somewhere
 // $dbh = new PDO('mysql:dbname=mysql_dbname;host=127.0.0.1', 'mysql_username', 'mysql_password');
 // $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); // this prevents SQL injection
 if ( emtpy($errors) ) {
   $stmt = $dbh->prepare('INSERT INTO users ( logo ) VALUES ( :logo )');
   $stmt->bindParam(':logo', $new_filename, PDO::PARAM_STR, strlen($new_filename));
   if ( $stmt->execute() ) {
     echo 'Your file was successfully uploaded to '. $new_filename;
   }else{
     echo 'An unexpected database error has occured'
   }
 }else{
   echo implode('<br />', $errors);
 }
}
?>

//edit

This forum software is :stoopid:

Hi,

 

I tried the following code but this has had no impact. I have also tried a number of variations without working.

 

$sql = "UPDATE users SET logo = '". mysql_real_escape_string($n) ."' WHERE id=". (int)$id ." LIMIT 1";

 

I am using the following update code on another page which works, does this help at all?

 

    $sql = "UPDATE users SET {$values} WHERE id={$id}";

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.