Jump to content

Recommended Posts

I am working on a content management system and this particular script is designed to add a movie to the website. The script has two parts. One is an HTML Form that takes several fields, and then a PHP script that processes input. Right now the PHP script is only recieving certain information from the script. The recieved information is the movie_title, movie_subject, movie_date, movie_location, movie_youtube, and move_google. It is missing the fields movie_id, movie_alt, movie, and screen.

 

HTML FORM

<?php
session_start();
    if (@$_SESSION['auth'] != "yes")  /* Checks if the user is logged in*/
    {
       header("Location: ../");
       exit();
    }
include "Plugin_01/return_id.php";
?>
<?php include "layout.phtml"; ?>
<p>
Welcome to the Live News Movie Creater. This manager will guide you through
the process of adding a new movie to your LNS Feed Pages. If this is not
what you would like to do, you should return to the <a href="LiveNews.php">
Live News Service</a> Control Panel.
</p>
<table>
<?php 
if (isset($_GET['errmsg']))
$error = $_GET['errmsg'];
{
echo "<tr><td colspan='2'><b>$error</b></td></tr>";
}
?>
<form id="liveupdate" name="liveupdate" method="post"
action="Plugin_01/movie_add_sql.php" enctype="multipart/form-data">
<tr>
<td>Movie ID</td>
<td><input type="text" id="movie_id" name="movid_id" value="<?=$only_id?>" disabled /></td>
</tr>

<tr>
<td>Movie Title</td>
<td><input type="text" id="movie_title" name="movie_title" size="30"
maxlength="250" value="<?php @$movie_title ?>" /> </td>
</tr>

<tr>
<td>Movie Subject</td>
<td><input type="text" id="movie_subject" name="movie_subject" size="30"
maxlength="250" /></td>
</tr>

<tr>
<td>Movie Screenshot</td>
<td><input type="text" id="movie_image" name="movie_image" size="30"
maxlength="250" value="<?php @$movie_image ?>" /></td>
</tr>

<tr>
<td>Movie Screenshot</td>
<td><input type="file" name="screen" id="screen" onchange="imageUpload(this.value)"
value="<?php @$screen ?>" />
</td></tr>

<tr>
<td>Movie Upload</td>
<td><input type="file" name="movie" id="movie" value="<?php @$movie ?>"  />
</td></tr>

<tr>
<td>Movie Location</td>
<td><input type="text" name="movie_location" id="movie_location" value="<?php @$movie_location ?>" />
</td></tr>

<tr>
<td>Movie Image Desc.</td>
<td><input type="text" id="movie_alt" name="movie_alt" size="30" maxlength="250" /></td>
</tr>

<tr>
<td>Youtube Address</td>
<td><input type="text" id="movie_youtube" name="movie_youtube" size="30" maxlength="250"
value="http://www.youtube.com/watch?v=" /></td>
</tr>

<tr>
<td>Google Video Address</td>
<td><input type="text" id="movie_google" name="movie_google" size="30" maxlength="250"
value="http://video.google.ca/videoplay?docid=" /></td>
</tr>

<tr>
<td colspan="2" class="center">
<input type="submit" id="submit" value="Update Live News!" name="submit" />
</form>
</table>
<?php include "layout2.phtml"; ?>

 

That code should be easy enough to understand. 2 File Forms, uses POST data, and multi-part data encryption. The problem is the following script DOESN'T Recieve the File Form contents, the value of the movie_alt form, or the value of  the movie_id form, although the movie_id form shows the correct value.

 

<?php
session_start();
    if (@$_SESSION['auth'] != "yes")  /* Checks if the user is logged in*/
    {
       header("Location: ../");
       exit();
    }
?>
<?php
/*=================================DESC=========================================
This script is designed to add a movie into the database using information
submitted from an html form.
===================================DESC=========================================
=================================CREDITS========================================
==Program  : movie_add_sql.php
==Language : PHP: Hyper Text Preprocessor
==Devoloper: Brandon Wamboldt
==Company  : Guardian Technology/ Excalibur Source
==License  : GNU General Public License
==Version  : 1.00
=================================CREDITS========================================
==============================Connection======================================*/
$safe_username="****";               //Enter your MySQL Username here
$safe_hostname="****";               //Enter your MySQL Hostname here
$safe_password="****";               //Enter your MySQL Password here
$safe_database="****";               //Enter your MySQL Database here
$safe_dataname="****";              //Enter your MySQL Table here

$connection = mysql_connect($safe_hostname, $safe_username,$safe_password)
//Connects to the MySQL Server
or die("This script was unable to connect to the MySQL Server. Please
    	contact the webmaster and inform them of the problem. Sorry for the
    	inconvience.");
$db = mysql_select_db($safe_database, $connection) //Connects to the MySQL
    	//Database
or die("This script was unable to connect to the MySQL Database. Please
    	contact the webmaster and inform them of the problem. Sorry for the
    	inconvience.");
/*============================Connection========================================
================================Variables=====================================*/
$movie_id       = $_POST['movie_id'];       //This is the movie id
$movie_title    = $_POST['movie_title'];    //This is the movie title
$movie_subject  = $_POST['movie_subject'];  //This is the movie subject
$movie_image    = $_POST['movie_image'];    //This is the movie image
$movie_img      = $_FILE["screen"]["name"];         //This is the movie image uploaded by the user
$movie_upload   = $_FILE["movie"]["name"];  //This is the uploaded movie
$movie_location = $_POST['movie_location']; //This is the uploaded movie
$movie_youtube  = $_POST['movie_youtube'];  //This is the uploaded movie
$movie_google   = $_POST['movie_google'];   //This is the uploaded movie
$movie_alt      = $_POST['movie_alt'];      //This is the movie screenshot alt text
$movie_date     = date("Y-m-d");            //This is the movies date
/*==============================Variables=======================================
================================Safety========================================*/
$movie_title   = strip_tags(trim($movie_title));   //Remove slashes,
	  //html tags, and whitespace
$movie_subject = strip_tags(trim($movie_subject)); //Remove slashes,
	  //html tags, and whitespace
$movie_alt     = strip_tags(trim($movie_alt));     //Remove slashes,
	  //html tags, and whitespace
	  
if ($movie_img != "")
{
if (($_FILES["screen"]["type"] == "image/gif")
||  ($_FILES["screen"]["type"] == "image/pjpeg")
||  ($_FILES["screen"]["type"] == "image/jpeg")
||  ($_FILES["screen"]["type"] == "image/jpg")
||  ($_FILES["screen"]["type"] == "image/bmp")
&&  ($_FILES["screen"]["size"] < 2000000000000000000))
  {
  if ($_FILES["screen"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["movie"]["error"] . "<br />";
    }
    else
    {
    if (file_exists("../../images/" . $_FILES["screen"]["name"]))
      {
      echo $_FILES["screen"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["screen"]["tmp_name"],
      "../../images/" . $_FILES["screen"]["name"]);
      $movie_screen_result  =  "images/" . $_FILES["screen"]["name"];
      }
    }
  }
else
  {
  $errmsg = "Invalid file extension or size for sceenshot upload!";
  header("Location: ../movie_add.php?errmsg=$errmsg");
  }
}
else
{
  $query_result = "no image";
}


if ($movie_upload != "")
{
if (($_FILES["movie"]["type"] == "image/mpeg")
||  ($_FILES["movie"]["type"] == "image/avi")
||  ($_FILES["movie"]["type"] == "image/swf")
||  ($_FILES["movie"]["type"] == "image/mpg")
||  ($_FILES["movie"]["type"] == "image/wmv")
&&  ($_FILES["movie"]["size"] < 2000000000000000000000000000000000000000000000000000000))
  {
  if ($_FILES["movie"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["movie"]["error"] . "<br />";
    }
    else
    {
    if (file_exists("../../movies/" . $_FILES["movie"]["name"]))
      {
      echo $_FILES["movie"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["movie"]["tmp_name"],
      "../../movies/" . $_FILES["movie"]["name"]);
      $movie_upload_result  =  "movies/" . $_FILES["movie"]["name"];
      }
    }
  }
else
  {
  $errmsg = "Invalid file extension or size for movie upload!";
  header("Location: ../movie_add.php?errmsg=$errmsg");
  }
}
else
{
  if (isset($query_result))
  {
    $query_result = "no upload";
  }
  else
  {
    $query_result = "no movie";
  }
}
echo "
Movie Screen Shot Upload: $movie_screen_result<br />
Movie Upload: $movie_upload_result<br />
Movie Image To be Uploaded: $movie_img<br />
Movie Image location: $movie_image<br />
Movie to be uploaded: $movie_upload";
exit;
/*===============================Safety=========================================
/*=================================Variables==================================*/
if ($query_result == "no image")
{
$query2a    = "INSERT INTO $safe_dataname (movie_id, movie_title, movie_date,
	  movie_subject, movie_upload, movie_alt, movie_image, youtube_add,
      google_add) VALUES
	  ('$movie_id','$movie_title','$movie_date','$movie_subject',
	  '$movie_upload_result', '$news_alt', '$movie_image', '$movie_youtube',
      '$movie_google')";
$result2a   = mysql_query($query2a) //Executes the SQL Query
           or die("Unable to execute MySQL query 2a");
header("Location: ../movie_added.php?result=no_image");
exit();
}
elseif ($query_result == "no upload")
{
$query2b    = "INSERT INTO $safe_dataname ( movie_id, movie_title, movie_date,
	  movie_subject, movie_alt, movie_image, movie_upload, youtube_add,
      google_add) VALUES
	  ( '$movie_id','$movie_title','$movie_date','$movie_subject',
	  '$news_alt', '$movie_img', '$movie_location','$movie_youtube',
      '$movie_google')";
$result2b   = mysql_query($query2b) //Executes the SQL Query
           or die("Unable to execute MySQL query 2b");
header("Location: ../movie_added.php?result=no_upload");
exit();
}
elseif ($query_result == "no movie")
{
$query2c    = "INSERT INTO $safe_dataname (movie_id, movie_title, movie_date,
	  movie_subject, movie_upload, movie_alt, movie_image, youtube_add,
      google_add) VALUES
	  ('$movie_id','$movie_title','$movie_date','$movie_subject',
	  '$movie_location', '$news_alt', '$movie_screen_result','$movie_youtube',
      '$movie_google')";
$result2c   = mysql_query($query2c) //Executes the SQL Query
           or die("Unable to execute MySQL query 2c". $errno);
header("Location: ../movie_added.php?result=full_upload");
exit();
}
else
{
$query2d    = "INSERT INTO $safe_dataname (movie_id, movie_title, movie_date,
	  movie_subject, movie_upload, movie_alt, movie_image, youtube_add,
      google_add) VALUES
	  ('$movie_id','$movie_title','$movie_date','$movie_subject',
	  '$movie_upload_result', '$news_alt', '$movie_screen_result','$movie_youtube',
      '$movie_google')";
$result2d   = mysql_query($query2d) //Executes the SQL Query
           or die("Unable to execute MySQL query 2d");
header("Location: ../movie_added.php?result=full_upload");
exit();
}
?>

 

As you can see I have modified the script to help with the error checking process so that it will print the variables that won't work and end the script prior to the SQL code. The only variable that it prints is the movie image location variable $movie_image

movie_id is wrong in the from

 

<td><input type="text" id="movie_id" name="movid_id" value="<?=$only_id?>" disabled /></td>

 

change name="movid_id" to name="movie_id"

 

Add print_r($_POST); to the top of the script..

Are your forms being populated with the correct values initially?

 

<input type="text" id="movie_title" name="movie_title" size="30"
maxlength="250" value="<?php @$movie_title ?>" />

 

???  Doesn't @ return a true or false?  I probably have a limited understanding of it, but this is what I'd put...

 

<input type="text" id="movie_title" name="movie_title" size="30"
maxlength="250" value="<?php echo($movie_title); ?>" />

Array ( [movie_title] => Its a title [movie_subject] => And subject [movie_image] => and screenshot [movie_location] => and a location [movie_alt] => and a description [movie_youtube] => http://www.youtube.com/watch?v= [movie_google] => http://video.google.ca/videoplay?docid= [should_upload] => true [submit] => Update Live News! ) Movie Screen Shot Upload:
Movie Upload:
Movie Image To be Uploaded:
Movie Image location: and screenshot
Movie to be uploaded:
Movie Alt: and a description
Movie Title: Its a title
Movie ID:

That was with all values filled in

 

Movie Upload: Check your if tangle

Movie Image To be Uploaded: CHECK $_FILE

Movie Image location: and screenshot OK

Movie to be uploaded: CHECK $_FILE

Movie Alt: and a description OK

Movie Title: Its a title OK

Movie ID: = FAILED due to the name in the form being movid_id

 

 

Try print_r($_FILE) whats return'd

I think we need to see your most recent code...show us the two php pages again.

 

as well, you might have changed the "movid_id" thing, but what's the <?= all about?  Try to be consistent.

 

<td><input type="text" id="movie_id" name="movid_id" value="<?=$only_id?>" disabled /></td>

to

<td><input type="text" id="movie_id" name="movie_id" value="<?php echo($only_id); ?>" disabled /></td>

 

also, the files array is not $_FILE....it's $_FILES.

 

so try...

 

$_FILES['movie']['name']

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.