Guardian-Mage Posted May 19, 2007 Share Posted May 19, 2007 I am working on a content management system and this particular script is designed to add a movie to the website. The script has two parts. One is an HTML Form that takes several fields, and then a PHP script that processes input. Right now the PHP script is only recieving certain information from the script. The recieved information is the movie_title, movie_subject, movie_date, movie_location, movie_youtube, and move_google. It is missing the fields movie_id, movie_alt, movie, and screen. HTML FORM <?php session_start(); if (@$_SESSION['auth'] != "yes") /* Checks if the user is logged in*/ { header("Location: ../"); exit(); } include "Plugin_01/return_id.php"; ?> <?php include "layout.phtml"; ?> <p> Welcome to the Live News Movie Creater. This manager will guide you through the process of adding a new movie to your LNS Feed Pages. If this is not what you would like to do, you should return to the <a href="LiveNews.php"> Live News Service</a> Control Panel. </p> <table> <?php if (isset($_GET['errmsg'])) $error = $_GET['errmsg']; { echo "<tr><td colspan='2'><b>$error</b></td></tr>"; } ?> <form id="liveupdate" name="liveupdate" method="post" action="Plugin_01/movie_add_sql.php" enctype="multipart/form-data"> <tr> <td>Movie ID</td> <td><input type="text" id="movie_id" name="movid_id" value="<?=$only_id?>" disabled /></td> </tr> <tr> <td>Movie Title</td> <td><input type="text" id="movie_title" name="movie_title" size="30" maxlength="250" value="<?php @$movie_title ?>" /> </td> </tr> <tr> <td>Movie Subject</td> <td><input type="text" id="movie_subject" name="movie_subject" size="30" maxlength="250" /></td> </tr> <tr> <td>Movie Screenshot</td> <td><input type="text" id="movie_image" name="movie_image" size="30" maxlength="250" value="<?php @$movie_image ?>" /></td> </tr> <tr> <td>Movie Screenshot</td> <td><input type="file" name="screen" id="screen" onchange="imageUpload(this.value)" value="<?php @$screen ?>" /> </td></tr> <tr> <td>Movie Upload</td> <td><input type="file" name="movie" id="movie" value="<?php @$movie ?>" /> </td></tr> <tr> <td>Movie Location</td> <td><input type="text" name="movie_location" id="movie_location" value="<?php @$movie_location ?>" /> </td></tr> <tr> <td>Movie Image Desc.</td> <td><input type="text" id="movie_alt" name="movie_alt" size="30" maxlength="250" /></td> </tr> <tr> <td>Youtube Address</td> <td><input type="text" id="movie_youtube" name="movie_youtube" size="30" maxlength="250" value="http://www.youtube.com/watch?v=" /></td> </tr> <tr> <td>Google Video Address</td> <td><input type="text" id="movie_google" name="movie_google" size="30" maxlength="250" value="http://video.google.ca/videoplay?docid=" /></td> </tr> <tr> <td colspan="2" class="center"> <input type="submit" id="submit" value="Update Live News!" name="submit" /> </form> </table> <?php include "layout2.phtml"; ?> That code should be easy enough to understand. 2 File Forms, uses POST data, and multi-part data encryption. The problem is the following script DOESN'T Recieve the File Form contents, the value of the movie_alt form, or the value of the movie_id form, although the movie_id form shows the correct value. <?php session_start(); if (@$_SESSION['auth'] != "yes") /* Checks if the user is logged in*/ { header("Location: ../"); exit(); } ?> <?php /*=================================DESC========================================= This script is designed to add a movie into the database using information submitted from an html form. ===================================DESC========================================= =================================CREDITS======================================== ==Program : movie_add_sql.php ==Language : PHP: Hyper Text Preprocessor ==Devoloper: Brandon Wamboldt ==Company : Guardian Technology/ Excalibur Source ==License : GNU General Public License ==Version : 1.00 =================================CREDITS======================================== ==============================Connection======================================*/ $safe_username="****"; //Enter your MySQL Username here $safe_hostname="****"; //Enter your MySQL Hostname here $safe_password="****"; //Enter your MySQL Password here $safe_database="****"; //Enter your MySQL Database here $safe_dataname="****"; //Enter your MySQL Table here $connection = mysql_connect($safe_hostname, $safe_username,$safe_password) //Connects to the MySQL Server or die("This script was unable to connect to the MySQL Server. Please contact the webmaster and inform them of the problem. Sorry for the inconvience."); $db = mysql_select_db($safe_database, $connection) //Connects to the MySQL //Database or die("This script was unable to connect to the MySQL Database. Please contact the webmaster and inform them of the problem. Sorry for the inconvience."); /*============================Connection======================================== ================================Variables=====================================*/ $movie_id = $_POST['movie_id']; //This is the movie id $movie_title = $_POST['movie_title']; //This is the movie title $movie_subject = $_POST['movie_subject']; //This is the movie subject $movie_image = $_POST['movie_image']; //This is the movie image $movie_img = $_FILE["screen"]["name"]; //This is the movie image uploaded by the user $movie_upload = $_FILE["movie"]["name"]; //This is the uploaded movie $movie_location = $_POST['movie_location']; //This is the uploaded movie $movie_youtube = $_POST['movie_youtube']; //This is the uploaded movie $movie_google = $_POST['movie_google']; //This is the uploaded movie $movie_alt = $_POST['movie_alt']; //This is the movie screenshot alt text $movie_date = date("Y-m-d"); //This is the movies date /*==============================Variables======================================= ================================Safety========================================*/ $movie_title = strip_tags(trim($movie_title)); //Remove slashes, //html tags, and whitespace $movie_subject = strip_tags(trim($movie_subject)); //Remove slashes, //html tags, and whitespace $movie_alt = strip_tags(trim($movie_alt)); //Remove slashes, //html tags, and whitespace if ($movie_img != "") { if (($_FILES["screen"]["type"] == "image/gif") || ($_FILES["screen"]["type"] == "image/pjpeg") || ($_FILES["screen"]["type"] == "image/jpeg") || ($_FILES["screen"]["type"] == "image/jpg") || ($_FILES["screen"]["type"] == "image/bmp") && ($_FILES["screen"]["size"] < 2000000000000000000)) { if ($_FILES["screen"]["error"] > 0) { echo "Return Code: " . $_FILES["movie"]["error"] . "<br />"; } else { if (file_exists("../../images/" . $_FILES["screen"]["name"])) { echo $_FILES["screen"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["screen"]["tmp_name"], "../../images/" . $_FILES["screen"]["name"]); $movie_screen_result = "images/" . $_FILES["screen"]["name"]; } } } else { $errmsg = "Invalid file extension or size for sceenshot upload!"; header("Location: ../movie_add.php?errmsg=$errmsg"); } } else { $query_result = "no image"; } if ($movie_upload != "") { if (($_FILES["movie"]["type"] == "image/mpeg") || ($_FILES["movie"]["type"] == "image/avi") || ($_FILES["movie"]["type"] == "image/swf") || ($_FILES["movie"]["type"] == "image/mpg") || ($_FILES["movie"]["type"] == "image/wmv") && ($_FILES["movie"]["size"] < 2000000000000000000000000000000000000000000000000000000)) { if ($_FILES["movie"]["error"] > 0) { echo "Return Code: " . $_FILES["movie"]["error"] . "<br />"; } else { if (file_exists("../../movies/" . $_FILES["movie"]["name"])) { echo $_FILES["movie"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["movie"]["tmp_name"], "../../movies/" . $_FILES["movie"]["name"]); $movie_upload_result = "movies/" . $_FILES["movie"]["name"]; } } } else { $errmsg = "Invalid file extension or size for movie upload!"; header("Location: ../movie_add.php?errmsg=$errmsg"); } } else { if (isset($query_result)) { $query_result = "no upload"; } else { $query_result = "no movie"; } } echo " Movie Screen Shot Upload: $movie_screen_result<br /> Movie Upload: $movie_upload_result<br /> Movie Image To be Uploaded: $movie_img<br /> Movie Image location: $movie_image<br /> Movie to be uploaded: $movie_upload"; exit; /*===============================Safety========================================= /*=================================Variables==================================*/ if ($query_result == "no image") { $query2a = "INSERT INTO $safe_dataname (movie_id, movie_title, movie_date, movie_subject, movie_upload, movie_alt, movie_image, youtube_add, google_add) VALUES ('$movie_id','$movie_title','$movie_date','$movie_subject', '$movie_upload_result', '$news_alt', '$movie_image', '$movie_youtube', '$movie_google')"; $result2a = mysql_query($query2a) //Executes the SQL Query or die("Unable to execute MySQL query 2a"); header("Location: ../movie_added.php?result=no_image"); exit(); } elseif ($query_result == "no upload") { $query2b = "INSERT INTO $safe_dataname ( movie_id, movie_title, movie_date, movie_subject, movie_alt, movie_image, movie_upload, youtube_add, google_add) VALUES ( '$movie_id','$movie_title','$movie_date','$movie_subject', '$news_alt', '$movie_img', '$movie_location','$movie_youtube', '$movie_google')"; $result2b = mysql_query($query2b) //Executes the SQL Query or die("Unable to execute MySQL query 2b"); header("Location: ../movie_added.php?result=no_upload"); exit(); } elseif ($query_result == "no movie") { $query2c = "INSERT INTO $safe_dataname (movie_id, movie_title, movie_date, movie_subject, movie_upload, movie_alt, movie_image, youtube_add, google_add) VALUES ('$movie_id','$movie_title','$movie_date','$movie_subject', '$movie_location', '$news_alt', '$movie_screen_result','$movie_youtube', '$movie_google')"; $result2c = mysql_query($query2c) //Executes the SQL Query or die("Unable to execute MySQL query 2c". $errno); header("Location: ../movie_added.php?result=full_upload"); exit(); } else { $query2d = "INSERT INTO $safe_dataname (movie_id, movie_title, movie_date, movie_subject, movie_upload, movie_alt, movie_image, youtube_add, google_add) VALUES ('$movie_id','$movie_title','$movie_date','$movie_subject', '$movie_upload_result', '$news_alt', '$movie_screen_result','$movie_youtube', '$movie_google')"; $result2d = mysql_query($query2d) //Executes the SQL Query or die("Unable to execute MySQL query 2d"); header("Location: ../movie_added.php?result=full_upload"); exit(); } ?> As you can see I have modified the script to help with the error checking process so that it will print the variables that won't work and end the script prior to the SQL code. The only variable that it prints is the movie image location variable $movie_image Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 19, 2007 Share Posted May 19, 2007 movie_id is wrong in the from <td><input type="text" id="movie_id" name="movid_id" value="<?=$only_id?>" disabled /></td> change name="movid_id" to name="movie_id" Add print_r($_POST); to the top of the script.. Quote Link to comment Share on other sites More sharing options...
Guardian-Mage Posted May 19, 2007 Author Share Posted May 19, 2007 Thanks, but that made absolutely no change whatsoever Quote Link to comment Share on other sites More sharing options...
JakeTheSnake3.0 Posted May 19, 2007 Share Posted May 19, 2007 Are your forms being populated with the correct values initially? <input type="text" id="movie_title" name="movie_title" size="30" maxlength="250" value="<?php @$movie_title ?>" /> ??? Doesn't @ return a true or false? I probably have a limited understanding of it, but this is what I'd put... <input type="text" id="movie_title" name="movie_title" size="30" maxlength="250" value="<?php echo($movie_title); ?>" /> Quote Link to comment Share on other sites More sharing options...
Guardian-Mage Posted May 20, 2007 Author Share Posted May 20, 2007 Yes they are, I even tried deleting that code. The title/subject/alt/youtube/google still work, but others do not. ??? What is going on ??? Quote Link to comment Share on other sites More sharing options...
JakeTheSnake3.0 Posted May 20, 2007 Share Posted May 20, 2007 What is the movie_string value and how is it used in the script? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 20, 2007 Share Posted May 20, 2007 Thanks, but that made absolutely no change whatsoever it was a test to check the data being sent!! can you post the results! Quote Link to comment Share on other sites More sharing options...
Guardian-Mage Posted May 20, 2007 Author Share Posted May 20, 2007 Array ( [movie_title] => Its a title [movie_subject] => And subject [movie_image] => and screenshot [movie_location] => and a location [movie_alt] => and a description [movie_youtube] => http://www.youtube.com/watch?v= [movie_google] => http://video.google.ca/videoplay?docid= [should_upload] => true [submit] => Update Live News! ) Movie Screen Shot Upload: Movie Upload: Movie Image To be Uploaded: Movie Image location: and screenshot Movie to be uploaded: Movie Alt: and a description Movie Title: Its a title Movie ID: That was with all values filled in Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 20, 2007 Share Posted May 20, 2007 Movie Upload: Check your if tangle Movie Image To be Uploaded: CHECK $_FILE Movie Image location: and screenshot OK Movie to be uploaded: CHECK $_FILE Movie Alt: and a description OK Movie Title: Its a title OK Movie ID: = FAILED due to the name in the form being movid_id Try print_r($_FILE) whats return'd Quote Link to comment Share on other sites More sharing options...
Guardian-Mage Posted May 20, 2007 Author Share Posted May 20, 2007 What do you mean, and I fixed the movie id form, it is correct and still will not work Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 20, 2007 Share Posted May 20, 2007 At the top of movie_add_sql.php add <?php echo "POST:<br>"; print_r($_POST); echo "FILE:<br>"; print_r($_FILE); die; ?> whats displayed please post in code tags Quote Link to comment Share on other sites More sharing options...
JakeTheSnake3.0 Posted May 21, 2007 Share Posted May 21, 2007 I think we need to see your most recent code...show us the two php pages again. as well, you might have changed the "movid_id" thing, but what's the <?= all about? Try to be consistent. <td><input type="text" id="movie_id" name="movid_id" value="<?=$only_id?>" disabled /></td> to <td><input type="text" id="movie_id" name="movie_id" value="<?php echo($only_id); ?>" disabled /></td> also, the files array is not $_FILE....it's $_FILES. so try... $_FILES['movie']['name'] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.