Evertime I upload a picture, the FILENAME is NOT CHANGING the static value(filename) that is inserting in database is always "0.png" I don't know how is that happening, Please Help me how to fix this problem.
Here is my code:
<?php
session_start();
include("../db_connection.php");
$seller_id = $_SESSION['seller_id'];
$trade_name = $_POST ['trade_name'];
$s_address = $_POST ['s_address'];
$opening_time = $_POST ['opening_time'];
$opening_days = $_POST ['opening_days'];
$order_cutoff = $_POST ['order_cutoff'];
$seller_delivery_time = $_POST ['seller_delivery_time'];
$area_covered_delivery = $_POST ['area_covered_delivery'];
$delivery_fee = $_POST ['delivery_fee'];
$extension = pathinfo($_FILES['s_image']['name'], PATHINFO_EXTENSION);
$sql = mysqli_query($db, "UPDATE selling_details
SET
opening_time = '$opening_time',
opening_days = '$opening_days',
order_cutoff = '$order_cutoff',
seller_delivery_time = '$seller_delivery_time',
area_covered_delivery = '$area_covered_delivery',
delivery_fee = '$delivery_fee'
WHERE seller_id= '" . $_SESSION['seller_id'] . "' ");
if ($sql)
{
$id = mysqli_insert_id($db);
$filename = $id.'.'.$extension;
if(move_uploaded_file($_FILES['s_image']['tmp_name'], 'upload/'.$filename))
{
$sql2 = mysqli_query($db, "UPDATE seller
SET
trade_name = '".$trade_name."',
s_address = '".$s_address."',
s_image = '".$filename."'
WHERE seller_id= '" . $_SESSION['seller_id'] . "' ");
if ($sql2)
{
header('location: seller_menu.php');
}
else
{
echo "error occured : " . mysqli_error($db);
}
}
else
{
echo "error occured : " . mysqli_error($db);
}
}
?>
The function mysqli_insert_id returns the id of the row you just inserted into your database, and since you don't insert anything (you just update) the value the function returns is 0, so the name of your image is $id.'.'.$extension ==> 0.png.
Since you update the seller_id, and you have it inside $_SESSION['seller_id'], you can use it in your code:
$filename = $_SESSION['seller_id'].'.'.$extension;
Related
I'm adding data to a PostgreSQL database via a PHP form. It all feels a bit sketchy. My main concern is that; in the event of a variable being null/empty the add fails. How do I prevent this?
The simplified code is like this:
$name = $_POST['name'];
$movie = $_POST['movie'];
$query = "INSERT INTO data.base(name, movie) VALUES('" . $name . "', '" . $movie . "')";
$result = pg_query($query);
if ( $result ) {
echo 'Thanks';
} else {
echo 'Error';
}
So if the $movie variable is null/empty the whole add fails.
I could do something like this I suppose:
$name = $_POST['name'];
if ( ! $name ) {
$name = '0';
}
But I'd rather keep the cell empty as opposed to inserting false data.
Any help would be much appreciated.
PHP 7+ is required for my solution.
If your name and movie column can be null, and devault value is null you can do something like this:
$name = $_POST['name'] ?? null;
$movie = $_POST['movie'] ?? null;
$query = "INSERT INTO data.base(name, movie) VALUES('" . $name . "', '" . $movie . "')";
$result = pg_query($query);
if ( $result ) {
echo 'Thanks';
} else {
echo 'Error';
}
unfortunatelly it will be an empty row in you table.
But if you don't want junk rows, do something like this:
$name = $_POST['name'] ?? false;
$movie = $_POST['movie'] ?? false;
if ( $name and $movie ) {
$query = "INSERT INTO data.base(name, movie) VALUES('" . $name . "', '" . $movie . "')";
$result = pg_query($query);
echo 'Thanks';
} else {
echo 'Error';
}
I recommend you to escaping the inputs.
I want to update or set a photo on specific user, when I tried to upload an image, the image is not uploaded on my folder "upload" and the name of the photo (which is a number but 0 e.g: 1.jpg) is inserted in database and the file extension is missing inside the database can someone help me with this
HERE IS MY CODE:
<?php
session_start();
include("../db_connection.php");
$seller_id = $_SESSION['seller_id'];
$trade_name = $_POST ['trade_name'];
$s_address = $_POST ['s_address'];
$opening_time = $_POST ['opening_time'];
$opening_days = $_POST ['opening_days'];
$order_cutoff = $_POST ['order_cutoff'];
$seller_delivery_time = $_POST ['seller_delivery_time'];
$area_covered_delivery = $_POST ['area_covered_delivery'];
$delivery_fee = $_POST ['delivery_fee'];
$extension = pathinfo($_FILES['s_image']['name'], PATHINFO_EXTENSION);
$sql = mysqli_query($db, "UPDATE selling_details
SET
opening_time = '$opening_time',
opening_days = '$opening_days',
order_cutoff = '$order_cutoff',
seller_delivery_time = '$seller_delivery_time',
area_covered_delivery = '$area_covered_delivery',
delivery_fee = '$delivery_fee'
WHERE seller_id= '" . $_SESSION['seller_id'] . "' ");
if ($sql)
{
$id = mysqli_insert_id($db);
$filename = $id.'.'.$extension;
if(move_uploaded_file($_FILES['s_image']['tmp_name'], 'upload/'.$filename))
{
}
else
{
echo "error occured : " . mysqli_error($db);
}
$sql2 = mysqli_query($db, "UPDATE seller
SET
trade_name = '$trade_name',
s_address = '$s_address',
s_image = '$filename'
WHERE seller_id= '" . $_SESSION['seller_id'] . "' ");
if ($sql2)
{
header('location: seller_menu.php');
}
else
{
echo "error occured : " . mysqli_error($db);
}
}
?>
Try like this... If your field is varchar means it will work. and you need to declare the variable using .[concodinate] operator. Not tested check and let me know.
$sql2 = mysqli_query($db, "UPDATE seller
SET
trade_name = '".$trade_name."',
s_address = '".$s_address."',
s_image = '".$filename."'
WHERE seller_id= '" . $_SESSION['seller_id'] . "' ");
Edited:
Try to change like this because if your file upload complete then save into your DB is correct way...In your code is run the second sql2 query if not file upload into the folder.
if ($sql) {
$id = mysqli_insert_id($db);
$filename = $id.'.'.$extension;
if(move_uploaded_file($_FILES['s_image']['tmp_name'], 'upload/'.$filename)) {
$sql2 = mysqli_query($db, "UPDATE seller
SET
trade_name = '".$trade_name."',
s_address = '".$s_address."',
s_image = '".$filename."'
WHERE seller_id= '" . $_SESSION['seller_id'] . "' ");
if ($sql2) {
header('location: seller_menu.php');
}else{
echo "error occured : " . mysqli_error($db);
}
}
} else {
echo "error occured : " . mysqli_error($db);
}
$upload_dir = "upload"; // The directory for the images to be saved in
$upload_path = $upload_dir."/";
$userfile_tmp = $_FILES['s_image'.$i]['tmp_name'];
$filename = basename($_FILES['s_image'.$i]['name']);
$file_Size = $_FILES['s_image']['size'];
$extension = strtolower(substr($filename, strrpos($filename, '.') + 1));
if (empty($extension)) {$error='No extension exist!';}
if(isset($_FILES['s_image']['name']) && $_FILES['s_image']['name']==true && $file_Size >0 && $error=='')
{
$filename = $id.'.'.$extension;
$new_image_location=$upload_path.$filename;
//chmod($new_image_location, 0777);
if(move_uploaded_file($userfile_tmp, $new_image_location))
{
$sql2 = mysqli_query($db, "UPDATE seller
SET
trade_name = '$trade_name',
s_address = '$s_address',
s_image = '$filename'
WHERE seller_id= '" . $_SESSION['seller_id'] . "' ");
}else{
echo 'upload folder permission required!!';
//chmod($new_image_location, 0777);
}
}
So I'm trying to have the user update this table, but if the field is left blank i'd like the data to be left alone, not change it to a blank field or null, any ideas?
<?
elseif ($Code == "U")
{
$sql = "UPDATE movieDATA SET Name = '$Name', Genre = '$Genre', Starring = '$Starring', Year = '$Year', BoxOffice = '$BoxOffice' where IDNO = '$idno'";
$result= mysqli_query($link,$sql) or die(mysqli_error($link));
$showresult = mysqli_query($link,"SELECT * from movieDATA") or die("Invalid query: " . mysqli_error($link));
while ($row = mysqli_fetch_array($showresult))
{
echo ("<br> ID = ". $row["IDNO"] . "<br> NAME = " . $row["Name"] . "<br>");
echo("Genre = " . $row["Genre"] . "<br> Starring = " . $row["Starring"] . "<br>");
echo("Year = " . $row["Year"] . "<br> Box Office = " . $row["BoxOffice"] . "<br>");
}
}
?>
$fields = array(); // Take a blank array of fields and values.
$Name = trim($Name); // Trim the variable, user may add only spaces
$Genre = trim($Genre); // Do this for all variables.
$Starring = trim($Starring);
$Year = trim($Year);
$BoxOffice = trim($BoxOffice);
if (! empty($Name)) { // If user has filled the field, append to array.
$fields[] = "Name = '$Name'";
}
if (! empty($Genre)) {
$fields[] = "Name = '$Genre'";
}
if (! empty($Starring)) {
$fields[] = "Name = '$Starring'";
}
if (! empty($Year)) {
$fields[] = "Name = '$Year'";
}
if (! empty($BoxOffice)) {
$fields[] = "Name = '$BoxOffice'";
}
if (! empty($fields)) { // If the array is not empty, go for Query.
$sql = "UPDATE movieDATA SET "; // If user has not added any field value,
$sql .= implode(', ', $fields); // no SQL Query will be fired.
$sql .= " WHERE IDNO = '$idno'";
}
Your requirement:
Not to update the fields which user has left blank.
Solution:
Add if condition to check if every field is filled up.
One way to do this:
$q_set = [];
if (!empty($Name)) {
$q_set []= "Name = '$Name'";
}
if (!empty($Genre)) {
$q_set []= "Genre = '$Genre'";
}
/* ... */
if (!empty($q_set)) {
$sql = "UPDATE movieDATA SET " . implode(',', $q_set)
. " WHERE IDNO = '$idno'";
}
Note, that the variables passed into SQL should be escaped
use query for access the $current_rank this value want to access in different query but this value can not access any where in different query so how to access $current_rank......
$query = "select * from menu_master where menu_id =
$row_id and hotel_id='" . $_REQUEST['hotel_id'] . "'";
$result = mysql_query($query)."<br/>";
while($row=mysql_fetch_array($result))
{
$rank = $row['set_rank'];
}
$current_rank = $rank;
//echo $current_id = $row_id."<br/>";
//echo $new_rank =$_REQUEST['set_rank']."<br/>";
$sql = "select * from menu_master where set_rank = '$new_rank ' and hotel_id='".$_REQUEST['hotel_id']."'" ;
// echo $sql."<br/>";
$rs = mysql_query($sql)."<br/>";
while($row = mysql_fetch_array($rs))
{
$menu_id = $row['menu_id'];
$sql="update menu_master
set set_rank=$current_rank where menu_id= $menu_id and hotel_id='".$_REQUEST['hotel_id']."'";
//echo $sql."<br/>";
mysql_query($sql)."<br/>";
}
$sql="update menu_master set menu_name = '" . mysql_real_escape_string($_REQUEST['menu_name']) . "',
menu_name_ar = '" . mysql_real_escape_string($_REQUEST['menu_name_ar']) . "',
is_active = '" . $is_active . "',
set_rank = $new_rank where menu_id = '$current_id' and hotel_id='".$_REQUEST['hotel_id']."'";
//echo $sql."<br/>";
//exit;
mysql_query($sql);
Your current_rank seems to be an array. If you have single value in current_rank, then do not use while loop for it.
Just use $row=mysql_fetch_array($result);
$current_rank = $row['set_rank'];
Also you have commented out this line.
//echo $new_rank =$_REQUEST['set_rank']."";
So you have no value for $new_rank
So I have this login php script that I am using and it works fine on one server (returns "success" || "invalid login") and then this other server it breaks because it returns a line break and then "success" or "invalid login"
My guess is a php.ini setting. I am just not sure which one.
<?php
include("../config.php");
include("../connect.php");
$adminCheck = mysql_query("SELECT * FROM admins WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . mysql_real_escape_string($_POST['password']) . "'");
if (mysql_num_rows($adminCheck) == 1)
{
$result = mysql_fetch_array($adminCheck);
$_SESSION['user']['level'] = "admin";
$_SESSION['user']['userid'] = $result['id'];
$_SESSION['user']['username'] = $result['username'];
echo "success";
}
else
{
$clientCheck = mysql_query("SELECT * FROM clients WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . mysql_real_escape_string($_POST['password']) . "'");
if (mysql_num_rows($clientCheck) == 1)
{
$result = mysql_fetch_array($clientCheck);
$_SESSION['user']['level'] = "client";
$_SESSION['user']['userid'] = $result['id'];
$_SESSION['user']['username'] = $result['username'];
$_SESSION['user']['client'] = $result['client'];
echo "success";
}
else
{
echo "invalid login";
}
}
?>
I'd bet you a coke that connect.php or config.php contain a \n (or \r\n) before or after their <?php ?> parts.
This is most likely due to your includes. The code you posted has no reason to have one, and there is no php.ini setting that I'm aware of to add such.
Post your config and connect (with username/pw hidden) for us to help further.
The code displayed does not indicate the occurrence of a line-break.
On a side note since you are only outputting one value from your booleans then you could initialize a variable to hold the response and then only echo the response once:
<?php
include("../config.php");
include("../connect.php");
$response = 'success';
$adminCheck = mysql_query("SELECT * FROM admins WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . mysql_real_escape_string($_POST['password']) . "'");
if (mysql_num_rows($adminCheck) == 1)
{
$result = mysql_fetch_array($adminCheck);
$_SESSION['user']['level'] = "admin";
$_SESSION['user']['userid'] = $result['id'];
$_SESSION['user']['username'] = $result['username'];
}
else
{
$clientCheck = mysql_query("SELECT * FROM clients WHERE username = '" . mysql_real_escape_string($_POST['username']) . "' AND password = '" . mysql_real_escape_string($_POST['password']) . "'");
if (mysql_num_rows($clientCheck) == 1)
{
$result = mysql_fetch_array($clientCheck);
$_SESSION['user']['level'] = "client";
$_SESSION['user']['userid'] = $result['id'];
$_SESSION['user']['username'] = $result['username'];
$_SESSION['user']['client'] = $result['client'];
}
else
{
$response = "invalid login";
}
}
echo $response;
?>