Upload Image

[yandoo]

Hi there, only me again....

 

I am trying to get an image updaated to a folder and the url to be upated into a record in my database....So far the image is just uploaed into the folder, but the url is never updated into record of database???

 

There are no error messages of ay kind tho??

 

 

If somebody can please please help me, ill even pay you as im so desperate now and in danager of failure

 

 

Any body please help me???

 

<?php require_once('Connections/woodside.php'); ?>
<?php error_reporting(E_ALL);
ini_set('display_errors', '1');
//image upload test

$file_dir = "C:/wamp/www/Woodside/Images/";
$link_dir = "./Images/";
$file_url = "http://localhost/woodside/Images/";

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

  
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
   
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
if (isset($_POST['submit']))
{
$image_name = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
$uploadfile = $file_dir.basename($image_name);
print_r($_FILES);

print "</pre>";
  print "<center>Image path: $file_dir<br>\n";
  print "<center>Image name: $image_name<br>\n";
  print "<center>Image size: $image_size bytes<br>\n";
  print "<center>Image type: $image_type<p><br>\n\n";
      print "<img src=\"$file_url/$image_name\"><p>\n\n";

if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) 
{
   echo "File is valid, and was successfully uploaded.\n";

  $updateSQL = sprintf("UPDATE animal SET Image=('".$link_dir.$image_name."') WHERE AnimalID=%s",
                       GetSQLValueString($_POST['image'], "text"),
                       GetSQLValueString($_POST['panimal'], "int"));

  mysql_select_db($database_woodside, $woodside);
  $Result1 = mysql_query($updateSQL, $woodside) or die(mysql_error());



} else {
   echo "Possible file upload attack!\n";
}
//Uncomment these lines if you are having problems
echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";
  print "<center>Image path: $file_dir<br>\n";
  print "<center>Image name: $image_name<br>\n";
  print "<center>Image size: $image_size bytes<br>\n";
  print "<center>Image type: $image_type<p><br>\n\n";
      print "<img src=\"$file_url/$image_name\"><p>\n\n";

  $updateGoTo = "latestTESTv2.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}}

$colname_animal = "-1";
if (isset($_GET['recordID'])) {
  $colname_animal = (get_magic_quotes_gpc()) ? $_GET['recordID'] : addslashes($_GET['recordID']);
}
mysql_select_db($database_woodside, $woodside);
$query_animal = sprintf("SELECT AnimalID, Image FROM animal WHERE AnimalID = %s", $colname_animal);
$animal = mysql_query($query_animal, $woodside) or die(mysql_error());
$row_animal = mysql_fetch_assoc($animal);
$totalRows_animal = mysql_num_rows($animal);

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form name="form1" action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data"><br/>

<input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="file" accept=".jpg" size="20" name="image" title="Image Upload" /><br>

<input type="submit" name=submit value="Submit">
<input name="panimal" type="hidden" value="<?php echo $row_animal['AnimalID']; ?>" />
<input type="hidden" name="MM_update" value="form1">
</form>
</body>
</html>
<?php
mysql_free_result($animal);
?>

 

Thanks :-\

[yandoo]

Hi there,

 

I change this line of code:

$updateSQL = sprintf("UPDATE animal SET Image=('".$link_dir.$image_name."') WHERE AnimalID=%s",    GetSQLValueString($_POST['image'], "text"),
                       GetSQLValueString($_POST['panimal'], "int"));

 

 

to:

  $updateSQL = sprintf("UPDATE animal SET Image='%s' WHERE AnimalID=%u",
                       $link_dir.$image_name,
                       GetSQLValueString($_POST['panimal'], "int")); 

 

and both the image is uploaded to the folder and the url is updated in the record of the database...WooHoo

 

in my code there were 2 occurances of the print_r($_FILES); function (that printed to screen the image name, type and size)...These DONT appear at all when running the page????

 

Why would the image details not be displayed as the query is clearly working as it uploads the image and saves the url in the database record.

 

Thanks