Array to string conversion in - php

Somebody solve my problem. Update query not work.
Error in Update query this step... Array to string conversion $query .= "image = '{$image}' "; ------------------------------------------------------------------------------------------------------------------------------------
if (isset($_POST['submit'])) {
$file = rand(1000,100000)."-".$_FILES['image']['name'];
$file_loc = $_FILES['image']['tmp_name'];
$folder="uploads/";
$new_file_name = strtolower($file);
$image =str_replace(' ','-',$new_file_name);
move_uploaded_file($file_loc,$folder.$image);
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$address1 = $_POST["address1"];
$address2 = $_POST["address2"];
$city = $_POST["city"];
$state = $_POST["state"];
$zipcode = $_POST["zipcode"];
$email = $_POST["email"];
$country = $_POST["country"];
$phone = $_POST["phone"];
$image = $_FILES["image"];
$username = $_POST["username"];
$passwordold = $_POST["oldpassword"];
$passwordone = $_POST["passwordone"];
$passwordtwo = $_POST["passwordtwo"];
$sessions = $_SESSION['admin_id'];
$query = "UPDATE user SET ";
$query .= "firstname = '{$firstname}', ";
$query .= "lastname = '{$lastname}', ";
$query .= "addressone = '{$address1}', ";
$query .= "addresstwo = '{$address2}', ";
$query .= "city = '{$city}', ";
$query .= "state = '{$state}', ";
$query .= "zipcode = '{$zipcode}', ";
$query .= "email = '{$email}', ";
$query .= "country = '{$country}', ";
$query .= "phone = '{$phone}', ";
$query .= "image = {$image} ";
$query .= "WHERE id = {$sessions} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
echo "<pre>";
print_r($_FILES);
print_r($_POST);
echo "</pre>";
}


$_FILES["image"] is an array. You can only pass string in sql queries. May be you need to serialize the array and then store it in the database.

Related

PHP function() return not working after sending email via outlook

Help newbie here, return $id is not working after sending email via outlook. Any tips?
function save_book(){
extract($_POST);
$data = " booked_cid = '$cid' ";
$data .= ", name = '$name' ";
$data .= ", emp_id = '$emp_id' ";
$data .= ", emp_email = '$emp_email' ";
$data .= ", reservation_date = '$res_date' ";
$data .= ", schedule_id = '$sched' ";
$data .= ", workstations = '$workstations' ";
$save = $this->db->query("INSERT INTO checked set ".$data);
$id=$this->db->insert_id;
$name = $_POST['name'];
$email = $_POST['emp_email'];
$res = $_POST['res_date'];
$sched = $_POST['sched'];
$cat = $_POST['cid'];
$worksta = $_POST['workstations'];
if($save){
$subject="Reservation System Confirmation";
$message="Confirmation of your Reservation on $sched at $cat, $worksta ";
$to="$email";
com_load_typelib("outlook.application");
if (!defined("olMailItem")) {define("olMailItem",0);}
$outlook_Obj = new COM("outlook.application") or die("Unable to start Outlook");
echo "Loaded MS Outlook, version {$outlook_Obj->Version}\n";
$oMsg = $outlook_Obj->CreateItem(olMailItem);
$oMsg->Recipients->Add($to);
$oMsg->Subject=$subject;
$oMsg->Body=$message;
$oMsg->Save();
$oMsg->Send();
return $id;
}
}

Multiple file field updates - php form

I cannot get my two file upload fields working with my update form. I'm able to get create_form to upload the files to my server and input info into the SQL database, but I can't get the edit to take without receiving an error. Files don't upload and info doesn't update in SQL. Please help!
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php
session_start();
if($_SESSION["login_user"] != true) {
echo("Access denied!");
exit();
}
?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/validation_functions.php");?>
<?php find_selected_event_page(); ?>
<?php
if (!$current_event) {
// page ID was missing or invalid or
// page couldn't be found in database
redirect_to("manage_content.php");
}
?>
<?php
if (isset($_POST['submit'])) {
// Process the form
// validations
$required_fields = array("visible");
validate_presences($required_fields);
if (empty($errors)) {
// Perform Update
$id = $current_event["id"];
$visible = mysql_prep($_POST["visible"]);
$homepage = mysql_prep($_POST["homepage"]);
$fa_id = mysql_prep($_POST["fa_id"]);
$title = mysql_prep($_POST["title"]);
$caption = mysql_prep($_POST["caption"]);
$url = mysql_prep($_POST["url"]);
$month = mysql_prep($_POST["month"]);
$date = mysql_prep($_POST["date"]);
$year = mysql_prep($_POST["year"]);
$summary = mysql_prep($_POST["summary"]);
$full_text = mysql_prep($_POST["full_text"]);
$image = rand(1000,100000)."-".$_FILES['image']['name'];
$image_loc = $_FILES['image']['tmp_name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
$image_folder="images/";
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_folder="files/";
$final_image=str_replace(' ','-',$new_image_name);
$final_file=str_replace(' ','-',$new_file_name);
if($_FILES) {
unlink("images/".$current_event['image']);
move_uploaded_file($image_loc,$image_folder.$final_image);
unlink("files/".$current_event['file']);
move_uploaded_file($file_loc,$file_folder.$final_file); }
else
{
// if no image selected the old image remain as it is.
$final_image = $current_event['image']; // old image from database
$fine_file = $current_event['file']; // old image from database
}
$query = "UPDATE `events` SET ";
$query .= "`visible` = '{$visible}', ";
$query .= "`homepage` = '{$homepage}', ";
$query .= "`fa_id` = '{$fa_id}', ";
$query .= "`title` = '{$title}', ";
$query .= "`caption` = '{$caption}', ";
$query .= "`url` = '{$url}', ";
$query .= "`month` = '{$month}', ";
$query .= "`date` = '{$date}', ";
$query .= "`year` = '{$year}', ";
$query .= "`summary` = '{$summary}', ";
$query .= "`full_text` = '{$full_text}', ";
$query .= "`image` = '{$final_image}', ";
$query .= "`image_type` = '{$image_type}', ";
$query .= "`image_size` = '{$image_new_size}' ";
$query .= "`file` = '{$final_file}', ";
$query .= "`file_type` = '{$file_type}', ";
$query .= "`file_size` = '{$file_new_size}' ";
$query .= "WHERE `events`.`id` = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection)) {
// Success
echo "<pre>".$query."</pre>";
$_SESSION["message"] = "Item updated.";
redirect_to("manage_content.php");
} else {
// Failure
//$_SESSION["message"] = "Item creation failed.";
//redirect_to("new_news.php");
echo "Error: " . $query . "<br>" . $result->error;
}
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
Here is the error:
Error: UPDATE events SET visible = 'Y', homepage = 'Y', fa_id = '460463', title = 'Event', caption = 'Event Caption', url = '', month = '1', date = '', year = '2017', summary = 'Support event.', full_text = 'Join event', image = '', image_type = '', image_size = '' file = '', file_type = '', file_size = '' WHERE events.id = 1 LIMIT 1

Update form with two file fields

I cannot get my two file upload fields working with my update form. I'm able to get create_form to upload the files to my server and input info into the SQL database, but I can't get the edit to take without receiving an error. Files don't upload and info doesn't update in SQL. Please help!
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php
session_start();
if($_SESSION["login_user"] != true) {
echo("Access denied!");
exit();
}
?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/validation_functions.php");?>
<?php find_selected_event_page(); ?>
<?php
if (!$current_event) {
// page ID was missing or invalid or
// page couldn't be found in database
redirect_to("manage_content.php");
}
?>
<?php
if (isset($_POST['submit'])) {
// Process the form
// validations
$required_fields = array("visible");
validate_presences($required_fields);
if (empty($errors)) {
// Perform Update
$id = $current_event["id"];
$visible = mysql_prep($_POST["visible"]);
$homepage = mysql_prep($_POST["homepage"]);
$fa_id = mysql_prep($_POST["fa_id"]);
$title = mysql_prep($_POST["title"]);
$caption = mysql_prep($_POST["caption"]);
$url = mysql_prep($_POST["url"]);
$month = mysql_prep($_POST["month"]);
$date = mysql_prep($_POST["date"]);
$year = mysql_prep($_POST["year"]);
$summary = mysql_prep($_POST["summary"]);
$full_text = mysql_prep($_POST["full_text"]);
$image = rand(1000,100000)."-".$_FILES['image']['name'];
$image_loc = $_FILES['image']['tmp_name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
$image_folder="images/";
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_folder="files/";
$final_image=str_replace(' ','-',$new_image_name);
$final_file=str_replace(' ','-',$new_file_name);
if($_FILES) {
unlink("images/".$current_event['image']);
move_uploaded_file($image_loc,$image_folder.$final_image);
unlink("files/".$current_event['file']);
move_uploaded_file($file_loc,$file_folder.$final_file); }
else
{
// if no image selected the old image remain as it is.
$final_image = $current_event['image']; // old image from database
$fine_file = $current_event['file']; // old image from database
}
$query = "UPDATE `events` SET ";
$query .= "`visible` = '{$visible}', ";
$query .= "`homepage` = '{$homepage}', ";
$query .= "`fa_id` = '{$fa_id}', ";
$query .= "`title` = '{$title}', ";
$query .= "`caption` = '{$caption}', ";
$query .= "`url` = '{$url}', ";
$query .= "`month` = '{$month}', ";
$query .= "`date` = '{$date}', ";
$query .= "`year` = '{$year}', ";
$query .= "`summary` = '{$summary}', ";
$query .= "`full_text` = '{$full_text}', ";
$query .= "`image` = '{$final_image}', ";
$query .= "`image_type` = '{$image_type}', ";
$query .= "`image_size` = '{$image_new_size}' ";
$query .= "`file` = '{$final_file}', ";
$query .= "`file_type` = '{$file_type}', ";
$query .= "`file_size` = '{$file_new_size}' ";
$query .= "WHERE `events`.`id` = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection)) {
// Success
echo "<pre>".$query."</pre>";
$_SESSION["message"] = "Item updated.";
redirect_to("manage_content.php");
} else {
// Failure
//$_SESSION["message"] = "Item creation failed.";
//redirect_to("new_news.php");
echo "Error: " . $query . "<br>" . $result->error;
}
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
The error I get is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'file = '', file_type = '', file_size = '' WHERE events.id = 1 LIMIT 1' at line 1

update
$query .= "`image_size` = '{$image_new_size}' ";
to
$query .= "`image_size` = '{$image_new_size}' ,";
so your final query
$query = "UPDATE `events` SET ";
$query .= "`visible` = '{$visible}', ";
$query .= "`homepage` = '{$homepage}', ";
$query .= "`fa_id` = '{$fa_id}', ";
$query .= "`title` = '{$title}', ";
$query .= "`caption` = '{$caption}', ";
$query .= "`url` = '{$url}', ";
$query .= "`month` = '{$month}', ";
$query .= "`date` = '{$date}', ";
$query .= "`year` = '{$year}', ";
$query .= "`summary` = '{$summary}', ";
$query .= "`full_text` = '{$full_text}', ";
$query .= "`image` = '{$final_image}', ";
$query .= "`image_type` = '{$image_type}', ";
$query .= "`image_size` = '{$image_new_size}', ";
$query .= "`file` = '{$final_file}', ";
$query .= "`file_type` = '{$file_type}', ";
$query .= "`file_size` = '{$file_new_size}' ";
$query .= "WHERE `events`.`id` = {$id} ";
$query .= "LIMIT 1";

How to store UUID from one MySQL query and use it in another one by using PDO

I'm using this query in my php file:
<?php
require_once("database/config.php");
$customerNr = $_POST['customer_nr'];
$customerUuid = '';
$name = '';
$query = "SELECT HEX(uuid) AS customer_uuid, name FROM customers
WHERE customer_number = :customerNr";
$sql = $db->prepare($query);
$sql->bindValue(":customerNr", $customerNr);
$sql->execute();
if ($row = $sql->fetch()) {
$name .= $row["name"];
$customerUuid .= $row["customer_uuid"];
}
When I use echo "$customerNr<br>$name<br>$customerUuid"; I can see all these data.Now I want to use $customerUuid in another query in the same php file but it's not working.
$addressUuid = '';
$street = '';
$zipCode = '';
$city = '';
$query = "SELECT HEX(uuid) AS address_uuid, street, zip_code, city
FROM addresses WHERE customer_uuid = UNHEX(:customerUuid)";
$sql = $db->prepare($query);
$sql->bindValue(":customerUuid", $customerUuid);
$sql->execute();
if ($row = $sql->fetch()) {
$street .= $row["street"];
$zipCode .= $row["zip_code"];
$city .= $row["city"];
$addressUuid .= $row["address_uuid"];
}
Could anybody help me how to prepare this query?

PDO Statement Not Setting Values

I'm trying to run a PDO update statement, but none of the fields are being updated. Here is my PDO query. I've gone through and tried to find where the values were being changed and found that where being assigned nothing. I found the problem right when the values are escaped (You'll see my comment placed there). I know it probably something I'm overlooking but I haven't been able to figure out yet.
if(isset($_POST['submit']))
{
if(isset($_POST['name'])){ $name = $_POST['name'];}else{ $name = '';}
if(isset($_POST['city'])){ $city = $_POST['city'];}else{ $city = '';}
if(isset($_POST['state'])){ $state = $_POST['state'];}else{ $state = '';}
if(isset($_POST['address_line1'])){ $address_line1 = $_POST['address_line1'];}else{ $address_line1 = '';}
if(isset($_POST['address_line2'])){ $address_line2 = $_POST['address_line2'];}else{ $address_line2 = '';}
if(isset($_POST['city'])){ $city = $_POST['city'];}else{ $city = '';}
if(isset($_POST['state'])){ $state = $_POST['state'];}else{ $state = '';}
if(isset($_POST['zip_code'])){ $zip_code = $_POST['zip_code'];}else{ $zip_code = '';}
if(isset($_POST['last_modified_by'])){ $last_modified_by = $_POST['last_modified_by'];}else{ $last_modified_by = 'admin';}
$last_modified_date = date('Y-m-d H:i:s');
$confirmcode = 'y';
if(isset($_POST['bitactive'])){ $bitactive = $_POST['bitactive'];}else{ $bitactive = '';}
//Test portion 1 = Values are correct
// echo $address_line1 . "<p>";
// echo $city . "<p>";
// echo $zip_code . "<p>";
// exit;
$support_broker_id = $_GET['id'];
$user_exists = "SELECT * FROM lu_agency WHERE agency_id =". $support_broker_id;
$statement = $conn->query($sql);
$result = $statement->fetch();
$count = $statement->rowCount();
$name = $row['name'];
$address_line1 = $row['address_line1'];
$address_line2 = $row['address_line2'];
$city = $row['city'];
$state = $row['state'];
$zip_code = $row['zip_code'];
$last_modified_by = $row['last_modified_by'];
$last_modified_date = $row['last_modified_date'];
$bitactive = $row['bitactive'];
//Test portion two: Values are correct
// echo $address_line1 . "<p>";
// echo $city . "<p>";
// echo $zip_code . "<p>";
// exit;
if($count > 0)
{
$sqlupdate = "UPDATE lu_agency
SET name = :name,
address_line1 = :address_line1,
address_line2 = :address_line2,
city = :city,
state = :state,
zip_code = :zip_code,
last_modified_by = :last_modified_by,
last_modified_date = :last_modified_date,
bitactive = :bitactive
WHERE agency_id= ". $support_broker_id;
//Here is where only $city and $support_broker_id have values, the others don't show up
echo $address_line1 . "<p>";
echo $city . "<p>";
echo $zip_code . "<p>";
echo $support_broker_id . "<p>";
exit;
$preparedstmt = $conn->prepare($sqlupdate);
$preparedstmt->execute(
array(
':name'=>$name,
':address_line1'=>$address_line1,
':address_line2'=>$address_line2,
':city'=>$city,
':state'=>$state,
':zip_code'=>$zip_code,
':last_modified_by'=>$last_modified_by,
':last_modified_date'=>$last_modified_date,
':bitactive'=>$bitactive
)
);
header("Location: http://173.254.127.52/~avenuet7/supporttables.php?msg=1");
}
}

$row is undefined. It should be $result:
$result = $statement->fetch(PDO::FETCH_ASSOC); // you declared `$result` not `$row`
And why not use prepared statements all through out:
$user_exists = "SELECT * FROM lu_agency WHERE agency_id =". $support_broker_id; // still directly injecting?
Final look:
$support_broker_id = $_GET['id'];
$user_exists = "SELECT * FROM lu_agency WHERE agency_id = :support_broker_id ";
// not `$sql` use `$user_exists`!
$statement = $conn->prepare($user_exists);
$statement->bindParam(':support_broker_id', $support_broker_id);
$statement->execute();
$count = $statement->rowCount();
if($count > 0) {
$result = $statement->fetch(PDO::FETCH_ASSOC);
$sqlupdate = "
UPDATE lu_agency SET
name = :name,
address_line1 = :address_line1,
address_line2 = :address_line2,
city = :city,
state = :state,
zip_code = :zip_code,
last_modified_by = :last_modified_by,
last_modified_date = :last_modified_date,
bitactive = :bitactive
WHERE agency_id = :support_broker_id
";
$preparedstmt = $conn->prepare($sqlupdate);
$preparedstmt->execute(
array(
':name' => $result['name'],
':address_line1' => $result['address_line1'],
':address_line2' => $result['address_line2'],
':city' => $result['city'],
':state' => $result['state'],
':zip_code' => $result['zip_code'],
':last_modified_by' => $result['last_modified_by'],
':last_modified_date' => $result['last_modified_date'],
':bitactive' => $result['bitactive'],
':support_broker_id' => $support_broker_id,
));
header("Location: http://173.254.127.52/~avenuet7/supporttables.php?msg=1");
}
Sidenote: Always add this after making a connection:
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

Categories