illuz1on Posted May 19, 2007 Share Posted May 19, 2007 Hey, This is a form I use to add information to a database, and upload an image to images/ ... Im trying to get the INSERT statement to get the name of the newly uploaded picture and save it as 'picture' field in the table... Thanks alot, will be so thankful if someone can help me out here } elseif( $_GET["action"] == "add2" ){ echo"<form name=\"newad\" method=\"post\" enctype=\"multipart/form-data\" action=\"?action=add2\"> <table width=\"\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"> <tr> <td width=\"11%\">Name:</td> <td width=\"89%\"><INPUT TYPE=\"TEXT\" NAME=\"name\" SIZE=36></td> </tr> <tr> <td>Beach Image:</td> <td><input type=\"file\" name=\"image\" SIZE=\"36\"></td> </tr> <tr> <td>Rating:</td> <td><INPUT TYPE=\"TEXT\" NAME=\"rating\" SIZE=36></td> </tr> <tr> <td>Short Desc:</td> <td><TEXTAREA NAME=\"sdesc\" ROWS=10 COLS=30></TEXTAREA></td> </tr> <tr> <td>Long Desc:</td> <td><TEXTAREA NAME=\"ldesc\" ROWS=10 COLS=30></TEXTAREA></td> </tr> <tr> <td>Ocean:</td> <td><INPUT TYPE=\"TEXT\" NAME=\"ocean\" SIZE=36></td> </tr> <tr> <td>Surfing Info:</td> <td><INPUT TYPE=\"TEXT\" NAME=\"surfing\" SIZE=36></td> </tr> <tr> <td>Directions:</td> <td><INPUT TYPE=\"TEXT\" NAME=\"directions\" SIZE=36></td> </tr> </table> <input type=\"submit\" value=\"Add Beach\" /> </form>"; define ("MAX_SIZE","10000"); function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } $errors=0; if(isset($_POST['Submit'])) { $image=$_FILES['image']['name']; if ($image) { $filename = stripslashes($_FILES['image']['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { echo '<h1>Unknown extension!</h1>'; $errors=1; } else { $size=filesize($_FILES['image']['tmp_name']); if ($size > MAX_SIZE*1024) { echo 'You have exceeded the size limit!'; $errors=1; } $image_name=time().'.'.$extension; $newname="images/".$image_name; $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo 'Copy unsuccessfull!'; $errors=1; }}}} if(isset($_POST['Submit']) && !$errors) { $picins = "$newname"; $sql="INSERT INTO beaches (picture, rating, name, sdesc, ldesc, ocean, surfing, directions) VALUES ('$picins','$_GET[rating]','$_GET[name]', '$_GET[sdesc]', '$_GET[ldesc]', '$_GET[ocean]', '$_GET[surfing]', '$_GET[directions]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Beach Added - Check to see if it is valid!"; echo "Beach Image Uploaded Successfully!"; echo "$picins"; } Link to comment https://forums.phpfreaks.com/topic/52144-form-that-edits-and-uploads-but/ Share on other sites More sharing options...
illuz1on Posted May 19, 2007 Author Share Posted May 19, 2007 At the moment I fill in all the fields, click "Submit" and it doesnt show any errors or a success display, it just shows the form again, blank. And sorry here is the code properly: <? } elseif( $_GET["action"] == "add2" ){ echo"<form name=\"newad\" method=\"post\" enctype=\"multipart/form-data\" action=\"?action=add2\"> <table width=\"\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"> <tr> <td width=\"11%\">Name:</td> <td width=\"89%\"><INPUT TYPE=\"TEXT\" NAME=\"name\" SIZE=36></td> </tr> <tr> <td>Beach Image:</td> <td><input type=\"file\" name=\"image\" SIZE=\"36\"></td> </tr> <tr> <td>Rating:</td> <td><INPUT TYPE=\"TEXT\" NAME=\"rating\" SIZE=36></td> </tr> <tr> <td>Short Desc:</td> <td><TEXTAREA NAME=\"sdesc\" ROWS=10 COLS=30></TEXTAREA></td> </tr> <tr> <td>Long Desc:</td> <td><TEXTAREA NAME=\"ldesc\" ROWS=10 COLS=30></TEXTAREA></td> </tr> <tr> <td>Ocean:</td> <td><INPUT TYPE=\"TEXT\" NAME=\"ocean\" SIZE=36></td> </tr> <tr> <td>Surfing Info:</td> <td><INPUT TYPE=\"TEXT\" NAME=\"surfing\" SIZE=36></td> </tr> <tr> <td>Directions:</td> <td><INPUT TYPE=\"TEXT\" NAME=\"directions\" SIZE=36></td> </tr> </table> <input type=\"submit\" value=\"Add Beach\" /> </form>"; define ("MAX_SIZE","10000"); function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } $errors=0; if(isset($_POST['Submit'])) { $image=$_FILES['image']['name']; if ($image) { $filename = stripslashes($_FILES['image']['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { echo '<h1>Unknown extension!</h1>'; $errors=1; } else { $size=filesize($_FILES['image']['tmp_name']); if ($size > MAX_SIZE*1024) { echo 'You have exceeded the size limit!'; $errors=1; } $image_name=time().'.'.$extension; $newname="images/".$image_name; $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo 'Copy unsuccessfull!'; $errors=1; }}}} if(isset($_POST['Submit']) && !$errors) { $picins = "$newname"; $sql="INSERT INTO beaches (picture, rating, name, sdesc, ldesc, ocean, surfing, directions) VALUES ('$picins','$_GET[rating]','$_GET[name]', '$_GET[sdesc]', '$_GET[ldesc]', '$_GET[ocean]', '$_GET[surfing]', '$_GET[directions]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Beach Added - Check to see if it is valid!"; echo "Beach Image Uploaded Successfully!"; echo "$picins"; } ?> Link to comment https://forums.phpfreaks.com/topic/52144-form-that-edits-and-uploads-but/#findComment-257203 Share on other sites More sharing options...
lewis987 Posted May 19, 2007 Share Posted May 19, 2007 } elseif( $_GET["action"] == "add2" ){ echo"<form name=\"newad\" method=\"post\" enctype=\"multipart/form-data\" action=\"?action=add2\" ^^ The reason why it shows it again the elseif action is the same as the form action, so its just going to refresh the form Link to comment https://forums.phpfreaks.com/topic/52144-form-that-edits-and-uploads-but/#findComment-257215 Share on other sites More sharing options...
lewis987 Posted May 19, 2007 Share Posted May 19, 2007 Sorry For the above post... Well for your first code, the first line of the form should be GET instead of post or the $_GET['whatever'] should be $_POST['whatever'] as for the other code, i kinda get what you mean, check your DB to make sure its inserted it correctly, or change all this: INSERT INTO beaches (picture, rating, name, sdesc, ldesc, ocean, surfing, directions) VALUES ('$picins','$_GET[rating]','$_GET[name]', '$_GET[sdesc]', '$_GET[ldesc]', '$_GET[ocean]', '$_GET[surfing]', '$_GET[directions]') To: INSERT INTO beaches (picture, rating, name, sdesc, ldesc, ocean, surfing, directions) VALUES ('$picins','$_POST[rating]','$_POST[name]', '$_POST[sdesc]', '$_POST[ldesc]', '$_POST[ocean]', '$_POST[surfing]', '$_POST[directions]') OR: Change this: <form name=\"newad\" method=\"post\" enctype=\"multipart/form-data\" action=\"?action=add2\"> To: <form name=\"newad\" method=\"get\" enctype=\"multipart/form-data\" action=\"?action=add2\"> I recommend the first change, more secure Link to comment https://forums.phpfreaks.com/topic/52144-form-that-edits-and-uploads-but/#findComment-257221 Share on other sites More sharing options...
illuz1on Posted May 20, 2007 Author Share Posted May 20, 2007 hey guys thanks for all the response... Doesnt seem to work still, tried changing from GET to POST and clicking instead of pressing enter, cant seem to get it :\ Link to comment https://forums.phpfreaks.com/topic/52144-form-that-edits-and-uploads-but/#findComment-257472 Share on other sites More sharing options...
seb hughes Posted May 20, 2007 Share Posted May 20, 2007 You might want to run your $_POST's through some functions to prvent MYSQL injection. Link to comment https://forums.phpfreaks.com/topic/52144-form-that-edits-and-uploads-but/#findComment-257491 Share on other sites More sharing options...
illuz1on Posted May 20, 2007 Author Share Posted May 20, 2007 still learning, how would I go about that? Link to comment https://forums.phpfreaks.com/topic/52144-form-that-edits-and-uploads-but/#findComment-257650 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.