totajamal Posted December 2, 2012 Share Posted December 2, 2012 Hello,I am new with php. I have proplems with id and my picture, the id in recipe table will be the same 72 or 0 evry time I insert information to the table. and the picure did not upload. this is my code: displayshare.php Quote Link to comment Share on other sites More sharing options...
MDCode Posted December 2, 2012 Share Posted December 2, 2012 (edited) Please post the code here if you expect anyone to help. Not many people will download attachments due to security concerns. Edited December 2, 2012 by SocialCloud Quote Link to comment Share on other sites More sharing options...
Christian F. Posted December 2, 2012 Share Posted December 2, 2012 Also please use the [code][/code] tags around your code, as it helps make both your post and your code a lot easier to read. Quote Link to comment Share on other sites More sharing options...
totajamal Posted December 3, 2012 Author Share Posted December 3, 2012 ok here is my code: I have two tables in database recipes and cookie. i am trying to copy id from recipes and add to cookie for each row. <?php //connect to datatbase $connect = mysql_connect("localhost","kosterb_jamaltag","jamaltag") or die (mysql_error()); mysql_select_db("kosterb_jamaltag") or die ("Could not find db") or die (mysql_error()); $uname = $_POST['membername']; $cname = $_POST['cookiename']; $ingDis = str_replace("%&%","'",$_POST['inge']); $dirDis = str_replace("%&%","'",$_POST['dire']); //New order if(!isset($_SESSION['id'])) { $query = "SELECT MAX(id) FROM Recipes"; $result = mysql_query( $query ); if($result==0) { echo "<b>Error ".mysql_errno().": ".mysql_error()."</b>"; } else { $row = mysql_fetch_array ($result); $id= $row[0]+1; $_SESSION['id'] = $id; $_SESSION['ingrediants'] = $ingDis; $query="SELECT From Recipes WHERE id='$id'"; $result=mysql_query($query); if($result==0) { echo "<b>Error ".mysql_errno().": ".mysql_error()."</b>"; } } } $id= $_SESSION['id']; //mysql_query("SELECT FROM Recipes WHERE id='$id'"); //mysql_query("INSERT INTO Cookie VALUES( '','$id','$dirDis')"); $query="insert into Cookie SET " ." id='$id',membername='$uname', cookiename='$cname'"; if ($bug) { echo "=$query"; } $result = mysql_query($query); if($result==0) { echo "<b>Error ".mysql_errno().": ".mysql_error()."</b>"; } // Get user/cookie name from Cookie table mysql_query("SELECT * FROM Cookie WHERE membername='$uname' AND cookiename='$cname'" ); echo "<h1 style=text-align:\"center\"><font color=\"darkbrown\">$cname by $uname<br /></h1></font><br /><br />" ; //grap file $file = $_FILES['image']['tmp_name']; if(!isset($file)) echo "please select an image"; else { $image=addslashes(file_get_contents($_FILES['image']['tmp_name'])); $image_name = addslashes($_FILES['image']['name']); $image_size = getimagesize($_FILES['image']['tmp_name']); if($image_size==FALSE) echo "That is not an image"; else { if(!$insert = mysql_query("INSERT INTO Cookie VALUES ('','','$image_name','$image','','')")) echo "There is a problem uploading the image."; else { $lastid = mysql_insert_id(); echo "<img src=get.php?id=$lastid width=\"300\" \> <br>"; } } } // Insert Ingeriadiants to database mysql_query("INSERT INTO Recipes VALUES( '','$ingDis','$dirDis')"); //Get discriptions from Ingrediants table mysql_query("SELECT * FROM Recipes WHERE ingrediants='$inge' AND directions='$dire'"); echo nl2br("<p><h1><font color= \"green\">Ingrediants</font></h1> $ingDis<br /> </> <p><h1><font color= \"green\">Directions</font></h1> $dirDis<br /></p>") ; ?> Quote Link to comment Share on other sites More sharing options...
Christian F. Posted December 3, 2012 Share Posted December 3, 2012 I've gone through the code, cleaned it up a little bit, and added some comments detailing what you should be doing. <?php //connect to datatbase $connect = mysql_connect (DB_HOST, DB_USER, DB_PASS) or die (mysql_error ()); mysql_select_db (DB_NAME) or die ("Could not find db") or die (mysql_error ()); // TODO: Validate the input, so you're certain it's actually what you expect it to be. $uname = $_POST['membername']; $cname = $_POST['cookiename']; $ingDis = str_replace ("%&%", "'", $_POST['inge']); $dirDis = str_replace ("%&%", "'", $_POST['dire']); // TODO: Remove this block of code, and let MySQL handle the ID generation via "auto_increment". // This is error prone, and will lead to duplicate IDs in your tables. //New order if (!isset ($_SESSION['id'])) { $query = "SELECT MAX(id) FROM Recipes"; $result = mysql_query ($query); if ($result == 0) { echo "<b>Error " . mysql_errno () . ": " . mysql_error () . "</b>"; } else { $row = mysql_fetch_array ($result); $id = $row[0] + 1; $_SESSION['id'] = $id; $_SESSION['ingrediants'] = $ingDis; $query = "SELECT From Recipes WHERE id='$id'"; $result = mysql_query ($query); if ($result == 0) { echo "<b>Error " . mysql_errno () . ": " . mysql_error () . "</b>"; } } } $id = $_SESSION['id']; // TODO: Second query is the proper way to insert stuff, but do specify the fields you want to add. // Done like this: "INSERT INTO `table`(`field_1`, `field_2`...) VALUES..." // TODO: Also, use "mysql_real_escape_string ()" to safeguard against SQL injections. //mysql_query("SELECT FROM Recipes WHERE id='$id'"); //mysql_query("INSERT INTO Cookie VALUES( '','$id','$dirDis')"); $query = "INSERT INTO Cookie SET " . " id='$id',membername='$uname', cookiename='$cname'"; if ($bug) { echo "=$query"; } $result = mysql_query ($query); if ($result == 0) { echo "<b>Error " . mysql_errno () . ": " . mysql_error () . "</b>"; } // Get user/cookie name from Cookie table // TODO: Mysql_real_escape_string (), again. mysql_query ("SELECT * FROM Cookie WHERE membername='$uname' AND cookiename='$cname'"); echo "<h1>$cname by $uname</h1>\n"; //grap file $file = $_FILES['image']['tmp_name']; if (!isset ($file)) { echo "please select an image"; } else { // TODO: Why addslashes () here? They don't do anything beneficial, rather on the contrary. $image = addslashes (file_get_contents ($_FILES['image']['tmp_name'])); $image_name = addslashes ($_FILES['image']['name']); $image_size = getimagesize ($_FILES['image']['tmp_name']); if ($image_size == FALSE) { echo "That is not an image"; } else { // TODO: Use mysql_real_escape_string () here instead, and again // specify the fields instead of inserting empty values. if (!$insert = mysql_query ("INSERT INTO Cookie VALUES ('','','$image_name','$image','','')")) { echo "There is a problem uploading the image."; } else { $lastid = mysql_insert_id (); echo "<img src=get.php?id=$lastid width=\"300\" \> <br>"; } } } // Insert Ingeriadiants to database // TODO: mysql_real_escape_string () mysql_query ("INSERT INTO Recipes VALUES( '','$ingDis','$dirDis')"); // TODO: No need to retrieve the data from the database, if the directions have just been posted. // Also, mysql_real_escape_string () //Get discriptions from Ingrediants table mysql_query ("SELECT * FROM Recipes WHERE ingrediants='$inge' AND directions='$dire'"); // TODO: Need to retrieve the results from the loop, and populate the variables below. // TODO: Also, this is the place to add nl2br (), on just the variables. // Create the HTML to print to screen/browser. $output = <<<OutHTML <h2 class="ingredients">Ingrediants</h1> <p>$ingDis</p> <h2 class="directions">Directions</h1> <p>$dirDis</p> OutHTML; echo $output; ?> If there is something that I've used that you're not familiar with, I recommend looking it up in the PHP manual first. If you still don't understand what or why, please let us know and I'm sure at least some of us will be able to shed some light on the confusion. Also, the syntax for creating the last text there is called the "HereDOC" syntax. Searching the PHP manual for "heredoc" will get you to the correct page. PS: I also recommend moving on to MySQLi or PDO, since the MySQL libraries are old, deprecated and will be removed soon(ish). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.