weird insertions into database

[garydt]

When i upload an image and store the url of the image sometimes it stores the url and filename which is what i want. Other times it stores this and then adds a new record and just stores the url.  eg:

1.  C:/Program Files/xampp/htdocs/epeople/uploads/2001_0116_222704AA.JPG

2.  C:/Program Files/xampp/htdocs/epeople/uploads/

 

Why does it do this?  The code-

<?php require_once('Connections/elvisdb.php'); ?>
<?php


// filename: upload.processor.php 

// first let's set some variables 

// make a note of the current working directory, relative to root. 
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']); 

// make a note of the directory that will recieve the uploaded file 
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploads/'; 

// make a note of the location of the upload form in case we need it 
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'uploadform.php'; 

// make a note of the location of the success page 
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'uploadsucs.php'; 

// fieldname used within the file <input> of the HTML form 
$fieldname = 'file'; 
// Now let's deal with the upload 

// validation... since this is an image upload script we should run a check   
// to make sure the uploaded file is in fact an image. Here is a simple check: 
// getimagesize() returns false if the file tested is not an image. 
@getimagesize($_FILES[$fieldname]['tmp_name']);
     
// make a unique filename for the uploaded file and check it is not already 
// taken... if it is already taken keep trying until we find a vacant one 
// sample filename: 1140732936-filename.jpg 

$uploadFilename = $uploadsDirectory.$_FILES[$fieldname]['name'];


// now let's move the file to its final location and allocate the new filename to it 
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename);

session_start();

$user = $_SESSION['MM_Username'];


mysql_select_db($database_elvisdb, $elvisdb);
$insertSQL = sprintf("INSERT INTO images (imageName, usnm) VALUES ('$uploadFilename', '$user')");
mysql_select_db($database_elvisdb, $elvisdb);
  $Result1 = mysql_query($insertSQL, $elvisdb) or die(mysql_error());

echo $uploadfilename
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form name="form1" id="Upload" action="<?php echo $editFormAction; ?>" enctype="multipart/form-data" method="POST"> 
     
        <h1> 
            Upload form 
        </h1> 
         
        <p> 
            <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>"> 
        </p> 
         
        <p> 
            <label for="file">File to upload:</label> 
            <input id="file" type="file" name="file"> 
        </p>
        <p>
          <label>
          <input type="text" name="textfield" />
          </label>
        </p>
        <p> 
            <label for="submit">Press to...</label> 
            <input id="submit" type="submit" name="submit" value="Upload me!"> 
        </p> 
     
        <input type="hidden" name="MM_insert" value="form1">
</form> 
</body>
</html>

 

EDITED BY WILDTEEN88: Please use the code (

) tags when posting code in the forums. Thank you.

[ignace]

The Problem, everytime the script was executed, would only the path be available to insert into the database, until the user submitted the form, and then not only the path but also a filename would be available, creating those strange rows in your database.

 

<?php require_once('Connections/elvisdb.php'); ?>
<?php

// session needs to be started before, any output can be send..
session_start();

// filename: upload.processor.php 

// first let's set some variables 

// make a note of the current working directory, relative to root.
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

// make a note of the directory that will recieve the uploaded file 
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploads/'; 

// make a note of the location of the upload form in case we need it 
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'uploadform.php'; 

// make a note of the location of the success page 
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'uploadsucs.php'; 

// fieldname used within the file <input> of the HTML form 
$fieldname = 'file'; 
// Now let's deal with the upload 

if (strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0) {
   // validation... since this is an image upload script we should run a check
   // to make sure the uploaded file is in fact an image. Here is a simple check:
   // getimagesize() returns false if the file tested is not an image.
   if (false === @getimagesize($_FILES[$fieldname]['tmp_name']))
      exit('not an image.');

   // make a unique filename for the uploaded file and check it is not already
   // taken... if it is already taken keep trying until we find a vacant one
   // sample filename: 1140732936-filename.jpg
   $uploadFilename = $uploadsDirectory.$_FILES[$fieldname]['name'];

   // now let's move the file to its final location and allocate the new filename to it
   if (is_uploaded_file($_FILES[$fieldname]['tmp_name']))
       @move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename);

   // retrieve username
   $user = $_SESSION['MM_Username'];

   // select the appropriate database
   mysql_select_db($database_elvisdb, $elvisdb);

   // create query, corrected to be in compliance with the sprintf() manual
   $insertSQL = sprintf("INSERT INTO images (imageName, usnm) VALUES ('%s', '%s')", $uploadFilename, $user);

   // mysql_select_db($database_elvisdb, $elvisdb);
   // one select should be more then enough!
   // use mysql_ping() to see if a connection is still open

   $Result1 = @mysql_query($insertSQL, $elvisdb) or die(mysql_error());
}

echo $uploadfilename;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form name="form1" id="Upload" action="<?php echo $editFormAction; ?>" enctype="multipart/form-data" method="POST"> 

       <h1> 
           Upload form 
       </h1> 

       <p> 
           <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>"> 
       </p> 

       <p> 
           <label for="file">File to upload:</label> 
           <input id="file" type="file" name="file"> 
       </p>
       <p>
         <label>
         <input type="text" name="textfield" />
         </label>
       </p>
       <p> 
           <label for="submit">Press to...</label> 
           <input id="submit" type="submit" name="submit" value="Upload me!"> 
       </p> 

       <input type="hidden" name="MM_insert" value="form1">
</form> 
</body>
</html>

[garydt]

Thanks,

 

I tried this-

mysql_select_db($database_elvisdb, $elvisdb);
if (strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0) {
$insertSQL = sprintf("INSERT INTO images (imageName, usnm) VALUES ('$uploadFilename', '$user')");

  $Result1 = mysql_query($insertSQL, $elvisdb) or die(mysql_error());
}

it's still inserting 2 records.

 

[ignace]

so you always get two records in this order?:

 

1. C:/Program Files/xampp/htdocs/epeople/uploads/2001_0116_222704AA.JPG

2. C:/Program Files/xampp/htdocs/epeople/uploads/  comes from: $uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploads/';

 

well in the first case a file has been submitted, in the second it isn't, so your database is called 2 times, the first time from the form the second time because the page is loaded! ok then try this:

 

mysql_select_db($database_elvisdb, $elvisdb);
if ((strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0)
&& (count($_POST) != 0)) { // when your page loads the first time, should this return 0
$insertSQL = sprintf("INSERT INTO images (imageName, usnm) VALUES ('%s', '%s')", addslashes($uploadFilename), addslashes($user));

$Result1 = mysql_query($insertSQL, $elvisdb) or die(mysql_error());
}

[garydt]

Thanks for that.  it works.

 

So would i be right in thinking ((strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0)  {

means it checks to  see if no form has been submitted and if so it will ignore the insertSQL ?

[ignace]

yeah, atleast when your form has method="post", otherwise you used change the 'POST' part to 'GET' the only problem is that your browser has his REQUEST_METHOD set to 'GET' by default! I only used this because i did not found any _POST parts in your posted php code, i however use a different method (when writing top-down, and not object oriented):

 

<?php
$error = ""; // contains all reported error's
$showForm = true; // is the form still required to be displayed?

if ((strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0)
&& (count($_POST) != 0)) { // This makes sure the global _POST atleast contains more then 0 elements
   // error checking, a favourite of mine:
   if (strip_tags($_POST['post_element']) != $_POST['post_element'])
       $error .= "• You are not allowed to use html in your 'post_element'<br />";

   // blabla...
   if (strlen($error) == 0) {
     // no error's where reported, so the form is no longer required
     // i use this method, so error's are always displayed above the form, not in or below it!
     $showForm = false;
   }
}

if ($showForm) {
  // blabla my html form!
}
?>

 

when i press modify above my post, it says that my session expired, and when i do a direct modify, it inserts   why is this not being converted?

[garydt]

sorry, i've no idea, you've lost me there  ???

 

if you don't mind, would look at my other topic - display images ?

[garydt]

sorry, it's not working again. error-

 

Parse error: parse error, unexpected T_BOOLEAN_AND in C:\Program Files\xampp\htdocs\epeople\uploadforom2.php on line 47

mysql_select_db($database_elvisdb, $elvisdb);
if (strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') == 0) 
&& (count($_POST) == 0)) {
$insertSQL = sprintf("INSERT INTO images (imageName, usnm) VALUES ('$uploadFilename', '$user')");

  $Result1 = mysql_query($insertSQL, $elvisdb) or die(mysql_error());
}