[SOLVED] PHP, MySQL - Form for uploading product details and Image Problems

[bradymills]

Hello,

 

I'm encountering an issue. I'm quite certain that my code is not correct -- so I'm hoping someone can help.

 

I am creating a product upload form, which includes product details, category and image.

 

The databases are as follows:

 

Category: (cat_id) (cat_name)

 

Products: (prod_id) (cat_id) (prod_name) (prod_photo) (prod_link) (prod_description) (prod_price) (prod_size)

 

products.cat_id will link to category.cat_id

 

Here's my major concern:

 

My image upload is not working. Of course, I have no idea whether the category info will work at this point, but if I can get the image upload to work -- I'll be able to test the category input and I'll post in a separate thread.

 

The prod_photo field is saved as LONGBLOB in the table. I believe the database is setup correctly.

 

Here's my code. Can someone help me figure out what code will upload the image.

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Add Product</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php #Add Product

require_once('../../../mysql_connect.php');
//Connect to the database.

if (isset($_POST['submitted'])) { //Check if the form has been submitted. Next we will validate the submissions.

//Validate the form information.

//Check for a product name.
if (!empty($_POST['prod_name'])) {
	$pn = escape_data($_POST['prod_name']);
} else {
	$pn = FALSE;
	echo '<p><font color="red">Please enter the product\'s name!</font></p>';
}

//Check for an image.
if (!empty($_FILES['prod_photo'])) {
	$pp = addslashes($_FILES['prod_photo']);
} else {
	$pp = FALSE;
	echo '<p><font color="red">Please choose a photo!</font></p>';
} 

//Check for a size (not required).
if(!empty($_POST['prod_size'])) {
	$s = escape_data($_POST['prod_size']);
} else {
	$s = '<i>Size informatino not available</i>';
}

//Check for a price.
if (is_numeric($_POST['prod_price'])) {
	$p = (float) $_POST['prod_price'];
} else {
	$p = FALSE;
	echo '<p><font color="red">Please enter the product\'s price!</font></p>';
}

//Check for a description (not required).
if (!empty($_POST['prod_description'])) {
	$d = escape_data($_POST['prod_description']);
} else {
	$d = '<i>No description available.</i>';
}

//Check for a link (not required).
if (!empty($_POST['prod_link'])) {
	$pl = escape_data($_POST['prod_link']);
} else {
	$pl = '<i>No link available.</i>';
}

//Validate the category.
if ($_POST['category'] =='new') {

	//If it's a new category, add it to the category database.
	$query = 'INSERT INTO category (cat_name) VALUES (';

	if (!empty($_POST['cat_name'])) {
		$query .= "'" . escape_data($_POST['cat_name']) . "',";
	} else {
		$query .= 'NULL, ';
	}

	//Standard MySQL Version:
	$result = mysql_query ($query); //Run the query.
	$cat = mysql_insert_id(); //Get the category ID.

} elseif ( ($_POST['category'] =='existing') && ($_POST['existing'] > 0)) { //Existing category.
	$cat = (int) $_POST['existing'];
} else { //No category selected.
	$cat = FALSE;
	echo '<p><font color="red">Please enter or select the category!</font></p>';
}

if ($pn && $cat) {//If everything is ok.

//Add the print to the database.

$query = "INSERT INTO products (cat_id, prod_name, prod_photo, prod_size, prod_price, prod_description, prod_link) VALUES ($cat, '$pn', $pp, '$s', '$d', '$pl')";
if ($result = mysql_query ($dbc, $query)) { //Worked.
	echo '<p>The print has been added.</p>';
} else { //If the query did not run ok.
	echo '<p><font color="red">Your submission could not be processed due to a system error.</font></p>';
}
} else { //Failed a test.
echo '<p><font color="red">Please click "back" and try again.</font></p>';
}

} else {//Display the form.
?>

<form enctype="multipart/form-data" action="add_product.php" method="post">	
<fieldset><legend>Fill out the form to add a product to the catalog:</legend>
<p><b>Product Name:</b> <input type="text" name="prod_name" size="30" maxlength="60" /></p>
<p><b>Link to Product Site:</b><input type="text" name="prod_link" size="30" maxlength="100" /></p>
<input type="hidden" name="MAX_FILE_SIZE" value="5000000" />
<p><b>Image:</b><input type="file" name="prod_photo" /><small>The file name should not include spaces or other invalid characters, should have a file extension of .jpg or .gif and size should not exceed 500K.</small></p>
<p><b>Category:</b></p>
<p><input type="radio" name="category" value="existing" /> Existing => <select name="existing"><option>Select One</option>
<?php //retrieve all the artists and add to the pull down menu.
$query = "SELECT cat_id FROM category ORDER BY cat_name ASC";
$result = mysql_query ($dbc, $query);
while ($row = mysql_fetch_array ($result, mysql_ASSOC)) {
	echo "<option value=\"{$row['cat_name']}\">";
}
mysql_close($dbc); //Close the database connection
?>
</select></p>
<p><input type="radio" name="category" value="new" /> New =>
Category: <input type="text" name="cat_name" size="10" maxlength="20" />
</p>

<p><b>Price:</b>
<input type="text" name="prod_price" size="10" maxlength="10" /> <small>Do not include the dollar sign or commas.</small></p>

<p><b>Size:</b><input type="text" name="prod_size" size="30" maxlength="60" /><small>Include size if necessary, .oz, lbs. etc</small></p>

<p><b>Description:</b> <textarea name="prod_description" cols="40" rows="10"></textarea></p>
</fieldset>

<div align="center"><input type="submit" name="submit" value="Submit" /></div>
<input type="hidden" name="submitted" value="TRUE" />


</form>
<?php } //End of main conditional.
?>

</body>
</html>

 

 

[Barand]

My advice is don't store the image in the database. Move the uploaded file to a folder on the server and store the path/filename in the table.

[bradymills]

Thanks for the reply.

 

I have since created an uploads folder for the images and have done it this way. My concern in the maintenance of the folder.

 

Is there a way to delete the photo from the directory when a product in the catalog is deleted? Or is that something I will just have to live with?

 

Again, thanks sooooo much for the reply.

 

Regards!

[Barand]

In you deletion script for products, get the path/name of the image and unlink() it, then delete the product record.

[bradymills]

I'm using this... but it keeps giving me a WARNING: ../uploads is a directory in...

 

	if ($_POST['sure'] == 'Yes') { // Delete them.
	$query = "SELECT prod_photo FROM products WHERE prod_id=$id";
	$result = @mysql_query ($query);//Run the query
	if (mysql_affected_rows() == 1) { //if it ran ok then delete photo from directory.
		$file = "../uploads/" . $row['prod_photo'] . "";
		unlink("" . $file . "");
	}

	// Make the query.
	$query = "DELETE FROM products WHERE prod_id=$id";		
	$result = @mysql_query ($query); // Run the query.
	if (mysql_affected_rows() == 1) { // If it ran OK.

[Barand]

It may need the full path

 

$file = realpath("../uploads/" . $row['prod_photo'])  ;
unlink($file);  

[bradymills]

hmmm... still getting same message

 

Warning: unlink(/nfs/cust/3/10/56/565013/web/WiseNGreener/uploads): Is a directory in /nfs/cust/3/10/56/565013/web/WiseNGreener/admin/delete_product.php on line 42

 

any ideas?

 

Just for my information, do you do contract work? I need a really good PHP resource... something I don't have... and I'm a novice at this.

[Barand]

Warning: unlink(/nfs/cust/3/10/56/565013/web/WiseNGreener/uploads): Is a directory

 

There is no filename at the end for some reason.

 

And yes. PM me.

[Barand]

Just looked at your code again

 

Youve executed the query but you need to get the content of the row

 

$row = mysql_fetch_assoc($result);

[bradymills]

I can't private message you -- or I just don't know how on here. Says I can't send personal messages? I'm pretty new, maybe I have to earn that right... haha

[bradymills]

You are a genius. It worked... like magic

 

Like I said, I'm still learning all of this... and from time to time I have problems like this. Usually, I can figure it out, by coming on message boards... but, when I'm completely frustrated by something -- It really is no sweat off my back to just get the right guy and pay him, so I don't go insane. Assuming the account pays me enough to afford "genius" like yours.