Jump to content

[SOLVED] Uploading Images to server and MySQL

Dada78

By Dada78
in PHP Coding Help

 Share

Recommended Posts

  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Dada78 Member

Dada78

Posted
  • Author
Posted

that means it worked cause you have no echoing in it

 

Funny cause their is no image in the folder nor is the file path stored in the DB with the rest of the form information. So I can going to guess, no it didn't work.

 

I also don't think you have been following the thread for the reason I am where I am now.

Link to comment
Share on other sites
Dada78 Member

Dada78

Posted
  • Author
Posted

sorry, i meant:

print_r($_FILES);exit;

 

...forgot an S

 

Ok with that corrected code above this is what I am getting now

 

Array ( [imgdata] => Array ( [name] => gingerbreadhouse1.gif [type] => image/gif [tmp_name] => /var/tmp/phplJ4TjL [error] => 0 => 18022 ) )

 

What is /var/tmp/phplJ4TjL in the above code?

 

-Thanks

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

It is the path to the temporary file the image is stored in. That is why we need to move it.

 

Ok...getting there...try this:

 

<?php
   $image_dir = dirname(__FILE__).'/submitted/';
   if(!is_dir($image_dir)) die("Image dir does not exist");
   if(!is_writable($image_dir)) die("Image dir is not writable");

  // here, we check if the form has been submitted, because we need to handle
  // redirection before we handle outputting the HTML stuff.

  if(isset($_POST['submit'])){
    if(empty($_POST['displayname']))
      $error = '*Please fill in displayname field.';
    elseif(empty($_POST['displaytype']))
      $error = '*Please fill in displaytype field.';
    elseif(empty($_POST['description']))
      $error = '*Please fill in description field.';
    elseif(empty($_POST['address']))
      $error = '*Please fill in address field.';
    elseif(empty($_POST['city']))
      $error = '*Please fill in city field.';
    elseif(empty($_POST['state']))
      $error = '*Please fill in state field.';
    elseif(empty($_POST['postal']))
      $error = '*Please fill in postal field.';
    elseif(empty($_POST['country']))
      $error = '*Please fill in country field.';
    elseif(!is_uploaded_file($_FILES['imgdata']['tmp_name']))
      $error = '*Please upload a picture.';
    elseif($_FILES['imgdata']['error']){
      $uploadErrors = array(
        UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
        UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
        UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.',
        UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
        UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
        UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
        UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.',
      );
      $error = '*'.$uploadErrors[$_FILES['imgdata']['error']];
    }else{
      // MAKE CONNECTION
      include ('db_connect.php');
      $displayname = mysql_real_escape_string($_POST['displayname']);
      $displaytype = mysql_real_escape_string($_POST['displaytype']);
      $description = mysql_real_escape_string($_POST['description']);
      $address = mysql_real_escape_string($_POST['address']);
      $address2 = mysql_real_escape_string($_POST['address2']);
      $city = mysql_real_escape_string($_POST['city']);
      $state = mysql_real_escape_string($_POST['state']);
      $postal = mysql_real_escape_string($_POST['postal']);
      $country = mysql_real_escape_string($_POST['country']);
      $website = mysql_real_escape_string($_POST['website']);

      //Add user
      mysql_query("INSERT INTO users (displayname, displaytype, description, address, address2, city, state, postal, country, website) VALUES ('$displayname', '$displaytype', '$description', '$address', '$address2', '$city', '$state', '$postal', '$country', '$website')")or die (mysql_error());

      //Move image
      $userid = mysql_insert_id();
      $ext = substr($_FILES['imgdata']['name'], strrpos($_FILES['imgdata']['name'], '.') + 1);
      $filename = $userid.$ext;
      if(!is_readable($_FILES['imgdata']['tmp_name']))
        die("Can't read temp file: ".$_FILES['imgdata']['tmp_name']);
      if(!move_uploaded_file($_FILES['imgdata']['tmp_name'], $image_dir.$filename))
        die("Failed to move uploaded file to ".$image_dir.$filename);
    }
    //Add filename to DB
    mysql_query("UPDATE users SET imgurl = '".mysql_real_escape_string($filename)."' WHERE id = '$userid'");
}

?>

Link to comment
Share on other sites
Dada78 Member

Dada78

Posted
  • Author
Posted

Ok now it is working but the form is doing some weird stuff but I will deal with it later. I have been up for over 24hrs dealing with this so I am going to get some rest. If you want to see what it is doing and what I am talking about you can go to the link below.

 

http://www.mesquitechristmas.com/local/submit.php

 

For some reason in the website field it has two http:// Also you can reload the form and submit the same thing over and over again and flood it.

 

Anyways, Thank you so much for your help, it was greatly appreciated. This has been a torn in my side for weeks.

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

Form looks fine to me. To prevent reloading, you can forward the page. After the final SQL query, add the following lines:

 

...
    //Add filename to DB
    mysql_query("UPDATE users SET imgurl = '".mysql_real_escape_string($filename)."' WHERE id = '$userid'");

    //Forward to done page
    header('Location: thanks.php');
    exit;
}
...

 

You can replace thanks.php with whatever you want.

Link to comment
Share on other sites
Dada78 Member

Dada78

Posted
  • Author
Posted

Ok after doing some testing on this to try to find holes and what not. When a user doesn't upload a picture in addition to the normal error of "Please upload a picture" etc. I get this error at the top of the page and not sure what it means.

 

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'mesquit1'@'localhost' (using password: NO) in /home/mesquit1/public_html/local/submit.php on line 66

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/mesquit1/public_html/local/submit.php on line 66

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'mesquit1'@'localhost' (using password: NO) in /home/mesquit1/public_html/local/submit.php on line 66

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/mesquit1/public_html/local/submit.php on line 66

 

 

 

Also I figured out why the form is staying filled out when you refresh the page. It is because I have the values for each field set at

 

value="http://<?php echo $website; ?>"

 

and so on for each field. I did that in case someone forgets to fill out a field they won't have to fill out the entire form again. Just the field that they forget. Is that right or is their an easier way so the user doesn't have to fill out the entire form again.

 

-Thanks

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

Yeah...I don't know how I missed that before. The last mysql_query and header call need to go inside the IF like so...

 

<?php
   $image_dir = dirname(__FILE__).'/submitted/';
   if(!is_dir($image_dir)) die("Image dir does not exist");
   if(!is_writable($image_dir)) die("Image dir is not writable");

  // here, we check if the form has been submitted, because we need to handle
  // redirection before we handle outputting the HTML stuff.

  if(isset($_POST['submit'])){
    if(empty($_POST['displayname']))
      $error = '*Please fill in displayname field.';
    elseif(empty($_POST['displaytype']))
      $error = '*Please fill in displaytype field.';
    elseif(empty($_POST['description']))
      $error = '*Please fill in description field.';
    elseif(empty($_POST['address']))
      $error = '*Please fill in address field.';
    elseif(empty($_POST['city']))
      $error = '*Please fill in city field.';
    elseif(empty($_POST['state']))
      $error = '*Please fill in state field.';
    elseif(empty($_POST['postal']))
      $error = '*Please fill in postal field.';
    elseif(empty($_POST['country']))
      $error = '*Please fill in country field.';
    elseif(!is_uploaded_file($_FILES['imgdata']['tmp_name']))
      $error = '*Please upload a picture.';
    elseif($_FILES['imgdata']['error']){
      $uploadErrors = array(
        UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
        UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
        UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.',
        UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
        UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
        UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
        UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.',
      );
      $error = '*'.$uploadErrors[$_FILES['imgdata']['error']];
    }else{
      // MAKE CONNECTION
      include ('db_connect.php');
      $displayname = mysql_real_escape_string($_POST['displayname']);
      $displaytype = mysql_real_escape_string($_POST['displaytype']);
      $description = mysql_real_escape_string($_POST['description']);
      $address = mysql_real_escape_string($_POST['address']);
      $address2 = mysql_real_escape_string($_POST['address2']);
      $city = mysql_real_escape_string($_POST['city']);
      $state = mysql_real_escape_string($_POST['state']);
      $postal = mysql_real_escape_string($_POST['postal']);
      $country = mysql_real_escape_string($_POST['country']);
      $website = mysql_real_escape_string($_POST['website']);

      //Add user
      mysql_query("INSERT INTO users (displayname, displaytype, description, address, address2, city, state, postal, country, website) VALUES ('$displayname', '$displaytype', '$description', '$address', '$address2', '$city', '$state', '$postal', '$country', '$website')")or die (mysql_error());

      //Move image
      $userid = mysql_insert_id();
      $ext = substr($_FILES['imgdata']['name'], strrpos($_FILES['imgdata']['name'], '.') + 1);
      $filename = $userid.$ext;
      if(!is_readable($_FILES['imgdata']['tmp_name']))
        die("Can't read temp file: ".$_FILES['imgdata']['tmp_name']);
      if(!move_uploaded_file($_FILES['imgdata']['tmp_name'], $image_dir.$filename))
        die("Failed to move uploaded file to ".$image_dir.$filename);

      //Add filename to DB
      mysql_query("UPDATE users SET imgurl = '".mysql_real_escape_string($filename)."' WHERE id = '$userid'");

      //Forward to done page
      header('Location: thanks.php');
      exit;
    }
}

?>

 

For the form, using the echo is fine, but for the website one, use the following:

 

value="<?php echo $_POST['website'] ? htmlspecialchars($_POST['website']) : "http://"; ?>"

You can't use $website because that variable doesn't get created unless the form validates. So make sure you use the $_POST variable instead. Also, wrap them in htmlspecialchars() to keep characters like a double quote from interfering.

Link to comment
Share on other sites
Dada78 Member

Dada78

Posted
  • Author
Posted

Ok almost done just one little issue. Now that it was working I added my sessions information and changed the form query to UPDATE instead of INSERT so the information will submit to for the correct registered user that is registered by email in sessions. The form is all working and I am not getting any errors but no picture or image is getting inserted now.

 

Here is the current updated code.

 

<?php

   include ('session.php');
   $email = $_SESSION['email'];

   $image_dir = dirname(__FILE__).'/submitted/';
   if(!is_dir($image_dir)) die("Image dir does not exist");
   if(!is_writable($image_dir)) die("Image dir is not writable");

  // here, we check if the form has been submitted, because we need to handle
  // redirection before we handle outputting the HTML stuff.

  if(isset($_POST['submit'])){
    if(empty($_POST['displayname']))
      $error = '*Please fill in displayname field.';
    elseif(empty($_POST['displaytype']))
      $error = '*Please fill in displaytype field.';
    elseif(empty($_POST['description']))
      $error = '*Please fill in description field.';
    elseif(empty($_POST['address']))
      $error = '*Please fill in address field.';
    elseif(empty($_POST['city']))
      $error = '*Please fill in city field.';
    elseif(empty($_POST['state']))
      $error = '*Please fill in state field.';
    elseif(empty($_POST['postal']))
      $error = '*Please fill in postal field.';
    elseif(empty($_POST['country']))
      $error = '*Please fill in country field.';
    elseif(!is_uploaded_file($_FILES['imgdata']['tmp_name']))
      $error = '*Please upload a picture.';
    elseif($_FILES['imgdata']['error']){
      $uploadErrors = array(
        UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
        UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
        UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.',
        UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
        UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
        UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
        UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.',
      );
      $error = '*'.$uploadErrors[$_FILES['imgdata']['error']];
    }else{
      // MAKE CONNECTION
      include ('db_connect.php');
      $displayname = mysql_real_escape_string($_POST['displayname']);
      $displaytype = mysql_real_escape_string($_POST['displaytype']);
      $description = mysql_real_escape_string($_POST['description']);
      $address = mysql_real_escape_string($_POST['address']);
      $address2 = mysql_real_escape_string($_POST['address2']);
      $city = mysql_real_escape_string($_POST['city']);
      $state = mysql_real_escape_string($_POST['state']);
      $postal = mysql_real_escape_string($_POST['postal']);
      $country = mysql_real_escape_string($_POST['country']);
      $website = mysql_real_escape_string($_POST['website']);

      //Add user
      mysql_query("UPDATE users SET displayname = '$displayname', displaytype = '$displaytype', description = '$description', address = '$address', address2 = '$address2', city = '$city', state = '$state', postal = '$postal', country = '$country', website = '$website' WHERE email='$email'")or die (mysql_error());

      $update = "Display Submitted";

      //Move image
      $userid = mysql_insert_id();
      $ext = substr($_FILES['imgdata']['name'], strrpos($_FILES['imgdata']['name'], '.') + 1);
      $filename = $userid.$ext;
      if(!is_readable($_FILES['imgdata']['tmp_name']))
        die("Can't read temp file: ".$_FILES['imgdata']['tmp_name']);
      if(!move_uploaded_file($_FILES['imgdata']['tmp_name'], $image_dir.$filename))
        die("Failed to move uploaded file to ".$image_dir.$filename);

      //Add filename to DB
      mysql_query("UPDATE users SET imgurl = '".mysql_real_escape_string($filename)."' WHERE id = '$userid'");

      //Forward to done page
      header('Location: user.php?action=edit');
      exit;
    }
}

?>

 

 

Only thing I can think of is this line

 

//Add filename to DB
      mysql_query("UPDATE users SET imgurl = '".mysql_real_escape_string($filename)."' WHERE id = '$userid'");

 

needs to be this maybe?

 

//Add filename to DB
      mysql_query("UPDATE users SET imgurl = '".mysql_real_escape_string($filename)."' WHERE email = '$email'");

 

Would that be right?

 

-Thanks

 

 

Link to comment
Share on other sites
Dada78 Member

Dada78

Posted
  • Author
Posted

Yes the user will always exist in the table.

 

I can query the ID like this.

 

$sql = "SELECT * FROM users WHERE email='$email'";
  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      $row = mysql_fetch_array($result);
      $id = $row["id"];    
    } else {
      die("No user found");
    }
  } else {
    die(mysql_error());
  }

 

But where would I need to put it and then change in the image query

 

-Thanks

 

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted 
<?php
   include ('session.php');
   $email = $_SESSION['email'];

   $image_dir = dirname(__FILE__).'/submitted/';
   if(!is_dir($image_dir)) die("Image dir does not exist");
   if(!is_writable($image_dir)) die("Image dir is not writable");

  //Get user info
  if(!($result = mysql_query("SELECT * FROM users WHERE email='$email'")))
    die(mysql_error());
  if(mysql_num_rows($result) !== 1)
    die("Too many users");
  $user = mysql_fetch_array($result);

  // here, we check if the form has been submitted, because we need to handle
  // redirection before we handle outputting the HTML stuff.
  if(isset($_POST['submit'])){
    if(empty($_POST['displayname']))
      $error = '*Please fill in displayname field.';
    elseif(empty($_POST['displaytype']))
      $error = '*Please fill in displaytype field.';
    elseif(empty($_POST['description']))
      $error = '*Please fill in description field.';
    elseif(empty($_POST['address']))
      $error = '*Please fill in address field.';
    elseif(empty($_POST['city']))
      $error = '*Please fill in city field.';
    elseif(empty($_POST['state']))
      $error = '*Please fill in state field.';
    elseif(empty($_POST['postal']))
      $error = '*Please fill in postal field.';
    elseif(empty($_POST['country']))
      $error = '*Please fill in country field.';
    elseif(!is_uploaded_file($_FILES['imgdata']['tmp_name']))
      $error = '*Please upload a picture.';
    elseif($_FILES['imgdata']['error']){
      $uploadErrors = array(
        UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
        UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
        UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.',
        UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
        UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
        UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
        UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.',
      );
      $error = '*'.$uploadErrors[$_FILES['imgdata']['error']];
    }else{
      // MAKE CONNECTION
      include ('db_connect.php');
      $displayname = mysql_real_escape_string($_POST['displayname']);
      $displaytype = mysql_real_escape_string($_POST['displaytype']);
      $description = mysql_real_escape_string($_POST['description']);
      $address = mysql_real_escape_string($_POST['address']);
      $address2 = mysql_real_escape_string($_POST['address2']);
      $city = mysql_real_escape_string($_POST['city']);
      $state = mysql_real_escape_string($_POST['state']);
      $postal = mysql_real_escape_string($_POST['postal']);
      $country = mysql_real_escape_string($_POST['country']);
      $website = mysql_real_escape_string($_POST['website']);

      //Move image
      $ext = substr($_FILES['imgdata']['name'], strrpos($_FILES['imgdata']['name'], '.') + 1);
      $filename = $user['id'].$ext;
      if(!is_readable($_FILES['imgdata']['tmp_name']))
        die("Can't read temp file: ".$_FILES['imgdata']['tmp_name']);
      if(!move_uploaded_file($_FILES['imgdata']['tmp_name'], $image_dir.$filename))
        die("Failed to move uploaded file to ".$image_dir.$filename);

      //Update user info
      mysql_query("UPDATE users SET displayname = '$displayname', displaytype = '$displaytype', description = '$description', address = '$address', address2 = '$address2', city = '$city', state = '$state', postal = '$postal', country = '$country', website = '$website', imgurl = '".mysql_real_escape_string($filename)."'  WHERE email='$email'")or die (mysql_error());

      $update = "Display Submitted";

      //Forward to done page
      header('Location: user.php?action=edit');
      exit;
    }
}
?>

Link to comment
Share on other sites
Dada78 Member

Dada78

Posted
  • Author
Posted

I am getting this error now. Got this last time but don't remember what you did that fixed it. I think something about the header call going inside of the query I think. It looks like it is though.

 

Here is the error

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'mesquit1'@'localhost' (using password: NO) in /home/mesquit1/public_html/local/submit.php on line 10

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/mesquit1/public_html/local/submit.php on line 10

Access denied for user 'mesquit1'@'localhost' (using password: NO)

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

yeah..my bad...gotta connect before you query :)

 

<?php
   include ('session.php');
   $email = $_SESSION['email'];

   // MAKE CONNECTION
   include ('db_connect.php');

  //Check image dir
  $image_dir = dirname(__FILE__).'/submitted/';
  if(!is_dir($image_dir)) die("Image dir does not exist");
  if(!is_writable($image_dir)) die("Image dir is not writable");

  //Get user info
  if(!($result = mysql_query("SELECT * FROM users WHERE email='$email'")))
    die(mysql_error());
  if(mysql_num_rows($result) !== 1)
    die("Too many users");
  $user = mysql_fetch_array($result);

  // here, we check if the form has been submitted, because we need to handle
  // redirection before we handle outputting the HTML stuff.
  if(isset($_POST['submit'])){
    if(empty($_POST['displayname']))
      $error = '*Please fill in displayname field.';
    elseif(empty($_POST['displaytype']))
      $error = '*Please fill in displaytype field.';
    elseif(empty($_POST['description']))
      $error = '*Please fill in description field.';
    elseif(empty($_POST['address']))
      $error = '*Please fill in address field.';
    elseif(empty($_POST['city']))
      $error = '*Please fill in city field.';
    elseif(empty($_POST['state']))
      $error = '*Please fill in state field.';
    elseif(empty($_POST['postal']))
      $error = '*Please fill in postal field.';
    elseif(empty($_POST['country']))
      $error = '*Please fill in country field.';
    elseif(!is_uploaded_file($_FILES['imgdata']['tmp_name']))
      $error = '*Please upload a picture.';
    elseif($_FILES['imgdata']['error']){
      $uploadErrors = array(
        UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
        UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
        UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.',
        UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
        UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
        UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
        UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.',
      );
      $error = '*'.$uploadErrors[$_FILES['imgdata']['error']];
    }else{
      $displayname = mysql_real_escape_string($_POST['displayname']);
      $displaytype = mysql_real_escape_string($_POST['displaytype']);
      $description = mysql_real_escape_string($_POST['description']);
      $address = mysql_real_escape_string($_POST['address']);
      $address2 = mysql_real_escape_string($_POST['address2']);
      $city = mysql_real_escape_string($_POST['city']);
      $state = mysql_real_escape_string($_POST['state']);
      $postal = mysql_real_escape_string($_POST['postal']);
      $country = mysql_real_escape_string($_POST['country']);
      $website = mysql_real_escape_string($_POST['website']);

      //Move image
      $ext = substr($_FILES['imgdata']['name'], strrpos($_FILES['imgdata']['name'], '.') + 1);
      $filename = $user['id'].$ext;
      if(!is_readable($_FILES['imgdata']['tmp_name']))
        die("Can't read temp file: ".$_FILES['imgdata']['tmp_name']);
      if(!move_uploaded_file($_FILES['imgdata']['tmp_name'], $image_dir.$filename))
        die("Failed to move uploaded file to ".$image_dir.$filename);

      //Update user info
      mysql_query("UPDATE users SET displayname = '$displayname', displaytype = '$displaytype', description = '$description', address = '$address', address2 = '$address2', city = '$city', state = '$state', postal = '$postal', country = '$country', website = '$website', imgurl = '".mysql_real_escape_string($filename)."'  WHERE email='$email'")or die (mysql_error());

      $update = "Display Submitted";

      //Forward to done page
      header('Location: user.php?action=edit');
      exit;
    }
}
?>

Link to comment
Share on other sites
Dada78 Member

Dada78

Posted
  • Author
Posted

I noticed that and thought it seemed weird but I wasn't going to questioned it since you know what you are doing. That form works now perfect with no problems thank you so much!

 

Now I have tried to take all that am make a new form that just allows users to update their image in the User CP but nothing is happening and I get no errors. It also redirects back to the user.php instead of where I have it pointing. If I want the form to stay on the same page when it is submitted I don't need the header redirect right.

 

Here is the code for the entire file.

 

<?php

   include ('session.php');
   $email = $_SESSION['email'];

   $image_dir = dirname(__FILE__).'/submitted/';
   if(!is_dir($image_dir)) die("Image dir does not exist");
   if(!is_writable($image_dir)) die("Image dir is not writable");

  // MAKE CONNECTION
      include ('db_connect.php');

  //Get user info
  if(!($result = mysql_query("SELECT * FROM users WHERE email='$email'")))
    die(mysql_error());
  if(mysql_num_rows($result) !== 1)
    die("Too many users");
  $user = mysql_fetch_array($result);

  $sql = "SELECT * FROM users WHERE email='$email'";
  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      $row = mysql_fetch_array($result);
      $imgurl = $row["imgurl"];    
    } else {
      die("No user found");
    }
  } else {
    die(mysql_error());
  } 

  // here, we check if the form has been submitted, because we need to handle
  // redirection before we handle outputting the HTML stuff.

  if(isset($_POST['submit'])){
    if(!is_uploaded_file($_FILES['imagefile']['tmp_name']))
      $error = '*Please upload a picture.';
    elseif($_FILES['imagefile']['error']){
      $uploadErrors = array(
        UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
        UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
        UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.',
        UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
        UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
        UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
        UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.',
      );
      $error = '*'.$uploadErrors[$_FILES['imagefile']['error']];
    }else{

      //Move image
      $userid = mysql_insert_id();
      $ext = substr($_FILES['imagefile']['name'], strrpos($_FILES['imagefile']['name'], '.') + 1);
      $filename = $userid.$ext;
      if(!is_readable($_FILES['imagefile']['tmp_name']))
        die("Can't read temp file: ".$_FILES['imagefile']['tmp_name']);
      if(!move_uploaded_file($_FILES['imagefile']['tmp_name'], $image_dir.$filename))
        die("Failed to move uploaded file to ".$image_dir.$filename);

      //Add filename to DB
      mysql_query("UPDATE users SET imgurl = '".mysql_real_escape_string($filename)."' WHERE email = '$email'");

      $error = "Image Updated";

      //Forward to done page
      header('Location: user.php?action=images');
      exit;
    }
}

?>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>	
	<table width="100%" border="0" align="left" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<td><a href="user.php?action=editprofile">Edit Profile</a> | <a href="submit.php">Add Entry</a> | <a href="user.php?action=edit">Edit Display</a> | <a href="user.php?action=images">Edit Images</a> | <a href="user.php?action=promote">Promote Your Display</a> | <a href="logout.php">Log Out</a></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>  </td>
</tr>
<tr>
<td> <div align='center'><img src="/local/submitted/<?php echo $imgurl; ?>" width='460' height='345'></div></td>
</tr>
<tr>
<td> <div align='center'> This is your default display picture.</div></td>
</tr>
<tr>
<td> 
<?PHP
// then we check for the error message
if (isset($error)) {
   echo $error . '<br />';
}
?> 
</td>
<tr>
<tr>
<td>  </td>
</tr>
<tr>
<td> <p> <ul>
            <li> Photos may not contain nudity, violent or offensive material, or
copyrighted images. If you violate these terms your account will be deleted. </li>
            <li> Photos must be less than 5MB and in the following formats:  .jpg,.gif</li>
          </ul></p>
</td>
</tr>
<tr>
<td> <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td>
<table width="100%" border="0" bgcolor="#990000">

<td><form name="images" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
<table width="500" border="0" cellpadding="3" cellspacing="1">
  <tr class="bg2">
    <td valign='bottom' width="383"><input type="file" name="imagefile"></td>
    <td valign='middle'><div align='right'><input type="submit" name="submit" value="Update"></div></td>
  </tr>
</table>
</form></td>
</tr>
</table>
</td>
</tr>
</table></td>
</tr>
</table>

 

-Thanks

 

 

 

 

 

Link to comment
Share on other sites
Dada78 Member

Dada78

Posted
  • Author
Posted

Ok I have been playing around with this some more on this other form and page and when you click update without a picture it shows an error like it is suppose to. But when I add a picture and click update it says the picture as been updated but it doesn't update. Here is the code I am working with now

 

<?php

   include ('session.php');
   $email = $_SESSION['email'];

   $image_dir = dirname(__FILE__).'/submitted/';
   if(!is_dir($image_dir)) die("Image dir does not exist");
   if(!is_writable($image_dir)) die("Image dir is not writable");

  // MAKE CONNECTION
      include ('db_connect.php');

  //Get user info
  if(!($result = mysql_query("SELECT * FROM users WHERE email='$email'")))
    die(mysql_error());
  if(mysql_num_rows($result) !== 1)
    die("Too many users");
  $user = mysql_fetch_array($result);

  $sql = "SELECT * FROM users WHERE email='$email'";
  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      $row = mysql_fetch_array($result);
      $imgurl = $row["imgurl"];    
    } else {
      die("No user found");
    }
  } else {
    die(mysql_error());
  } 

  // here, we check if the form has been submitted, because we need to handle
  // redirection before we handle outputting the HTML stuff.

  if(isset($_POST['submit'])){
    if(!is_uploaded_file($_FILES['imagefile']['tmp_name']))
      $error = '*Please upload a picture.';
    elseif($_FILES['imagefile']['error']){
      $uploadErrors = array(
        UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
        UPLOAD_ERR_FORM_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
        UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded.',
        UPLOAD_ERR_NO_FILE => 'No file was uploaded.',
        UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
        UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
        UPLOAD_ERR_EXTENSION => 'File upload stopped by extension.',
      );
      $error = '*'.$uploadErrors[$_FILES['imagefile']['error']];
    }else{

      //Move image
      $userid = mysql_insert_id();
      $ext = substr($_FILES['imagefile']['name'], strrpos($_FILES['imagefile']['name'], '.') + 1);
      $filename = $userid.$ext;
      if(!is_readable($_FILES['imagefile']['tmp_name']))
        die("Can't read temp file: ".$_FILES['imagefile']['tmp_name']);
      if(!move_uploaded_file($_FILES['imagefile']['tmp_name'], $image_dir.$filename))
        die("Failed to move uploaded file to ".$image_dir.$filename);

      $error = "Image Updated";
    }
}

?>

 

-Thanks

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.