Array Result to Databse

[LivingReceiver]

I have been trying to finish up a website for a while now and I can't seem to figure out how to do this.

 

Right now I want one out of four pictures to randomly be selected and presented on a webpage. I have already achieved this through the shuffle() function. However, I want the name of whichever picture shows up to be recorded in my MySQL database. How do I go about doing this? I searched online and came across the function serialize(), but then I was advised not to use it since I only wanted the name of one of the pictures in the array instead of all of them. 

 

Does anyone have any functions/sample code that may be of use?

 

(Example in case I didn't explain clearly:

I have four pictures: a.ipg, b.jpg, cjpg, d.jpg

Let's say the shuffle() function choses b.jpg to be displayed on the webpage.

How could I get b.jpg to be sent to my database?)

 

Thank you.

[Ch0cu3r]

How are you chosing the item from the array? Just save the item you chosen to the database example

$pics = array('a.pjg', 'b.jpg', 'c.jpg');

// shuffle pics order
shuffle($pics);

// get the first item from the shuffle array
$pic = $pics[0];

// save $pic to database

// display the chosen pic
echo '<img src="'.$pic.'" />';

[LivingReceiver]

This was my code for choosing the array. (Sorry for its messiness.)

<?php
$pic = array('50.gif','100.gif','200.gif','250.gif','150.gif','300.gif');
shuffle($pic);
for( $i = 0; $i < 1; $i++)
echo "<li style=\"display: inline;\">
<img src=\"$pic[$i]\" width=\"27\" height=\"36\">
</li>";
?>

Edited January 19, 2014 by LivingReceiver

[Ch0cu3r]

As you are only looping once, you do not need to the for loop. So remove the for loop and replace   $pic[$i]  with   $pic[0]

 

Now you can save   $pic[0]   (which will be the filename of the image) to the database

Edited January 19, 2014 by Ch0cu3r

[LivingReceiver]

It won't show up. Also, now my previous inputs won't show up in the database.

<?php
$con=mysql_connect("website", "database", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

/* Selecting database */
mysql_select_db("database", $con);

/*Storing values*/
$sql="INSERT INTO database (name1, age2, $pic)
VALUES
('$_POST[name1]','$_POST[age2]','$_POST[$pic[$0]')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
?>

Am I putting something in the wrong place?

Edited January 19, 2014 by LivingReceiver

[Ch0cu3r]

$_POST[$pic[$0] ???

 

Save $pic[0] to a hidden input filed

echo '<input type="hidden" value="'.$pic[0].'" name="pic" />';

Then use $_POST['pic'] to get the picture name.

[LivingReceiver]

Oh wow, sorry about that!

 

 

I fixed the $_POST['pic'] issue, but it still isn't showing up. I'm starting to wonder if I added it incorrectly. The row's name is "pic" and it's type is "varchar(10)"

Could that be the problem?

Thank you so much for all your help,

[Ch0cu3r]

 

The row's name is "pic"

Shouldn't   $pic  be   pic  here

$sql="INSERT INTO database (name1, age2, $pic)

 

and it's type is "varchar(10)"

That is fine, however that will only store a maximum of 10 characters, if the filename is bigger than 10 characters it will be clipped.

Edited January 19, 2014 by Ch0cu3r

[LivingReceiver]

Already changed the $pic to pic situation.

Here is the current code in its entirety:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="refresh" content="5;url=entries.php">
</head>
<body>
<text><i>Processing may take up to five seconds. You will be redirected shortly.</i></text><p>

<div style="display:block;">
  <img src="base.gif" width="10" height="36"/>
  <img src="base2.gif" width="10" height="36"/>
  <img src="base3.gif" width="10" height="36"/>
  <img src="base4.gif" width="10" height="36"/>
  <img src="base5.gif" width="10" height="36"/>
  <img src="base6.gif" width="10" height="36"/>
<?php
$pic = array('50.gif','100.gif','200.gif','250.gif','150.gif','300.gif');
shuffle($pic);
echo "<li style=\"display: inline;\">
<img src=\"$pic[0]\" width=\"27\" height=\"36\">";
echo '<input type="hidden" value="'.$pic[0].'" name="pic" />';
?>
</div>   
</body> 
</html>
  
<?php
$con=mysql_connect("website", "database", "password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
 
/* Selecting database */
mysql_select_db("database", $con);
 
/*Storing values*/
$sql="INSERT INTO databasename (name1, age2, pic)
VALUES
('$_POST[name1]','$_POST[age2]','$_POST[pic]')";
 
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>

[Ch0cu3r]

Is this code being ran when the form has been submitted? If its is then you don't need to create a hidden input field. 

 

Also using raw $_POST data in queries is not recommended you should atleast sanitize it.

$sql=sprintf("INSERT INTO databasename (name1, age2, pic)
VALUES
('%s','%s','%s')",  mysql_real_escape_string($_POST['name1']) // sanitize name, protoct from SQL injection
                 ,  intval($_POST['age2'])                    // sanitize age to integer
                 , $pic[0]);

[sasa]

change line 40 to

('$_POST[name1]','$_POST[age2]','$pic[0]')";

[davidannis]

Try to put the variable in {}

('$_POST[name1]','$_POST[age2]','{$pic[0]}')";

and before you write sanitize the data

$name=mysqli_real_escape_string($whateveryourdblinkis, $_POST['name1']);

$age2=mysqli_real_escape_string($whateveryourdblinkis, $_POST['age2']);

then write the sanitized data:

('$name','$age2','{$pic[0]}')";

I have used mysqli instead of mysql. You should too. They don't mix, so if you continue using mysql you'll need to look up mysql_real_escape_string. I think that there is a difference in syntax.

Edited January 20, 2014 by davidannis

[Barand]

 

change line 40 to

('$_POST[name1]','$_POST[age2]','$pic[0]')";

 

That is what Ch0cu3r is already suggesting in his last post (#10), with the added benefit that his code sanitizes the user input

[davidannis]

Somehow I missed Ch0cu3r's post #10 which does everything I did in #12 in a single line of code. Sorry about that. Would still recommend switching to mysqli instead of mysql.

[Ch0cu3r]

 

Would still recommend switching to mysqli instead of mysql.

Yes,  mysql_* is now deprecated and could be removed from future versions of PHP.

Edited January 20, 2014 by Ch0cu3r

[LivingReceiver]

Thank you everybody all for the help, especially you, Ch0cu3r. Finally I can get this website on it's feet!

 

Somehow I missed Ch0cu3r's post #10 which does everything I did in #12 in a single line of code. Sorry about that. Would still recommend switching to mysqli instead of mysql.

 

I've been told this in the past, actually. I'm a very inexperienced coder (especially in PHP), but years and years ago I used to try to make little websites, and I always used MySQL. I never have taken the time to switch over, or even consider what it would be like to switch. I'll keep that in mind for the future, however. I only need this website for a few weeks of sampling so I didn't think of doing anything different. Thank you for you help anyhow!