Error in Uploading File

Error in Uploading File - php

I have problem with the Uploading in my Project
This is my Code Of 'User' class
<?php
class User{
public function uploadAvatar() {
$alowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["avatar"]["name"]);
$extention = end($temp);
if(($_FILES["avatar"]["type"] == "image/gif")
|| ($_FILES["avatar"]["type"] == "image/jpeg")
|| ($_FILES["avatar"]["type"] == "image/jpg")
|| ($_FILES["avatar"]["type"] == "image/pjpeg")
|| ($_FILES["avatar"]["type"] == "image/x-png")
|| ($_FILES["avatar"]["type"] == "image/png")
&& ($_FILES["avatar"]["size"] > 50000)
&& in_array($extention, $alowedExts)) {
if($_FILES["avatar"]["error"] > 0) {
redirect('register.php', $_FILES['avatar']['error'],'error');
} else {
if (file_exists("/images/avatars/" . $_FILES["avatar"]["name"])) {
redirect('register.php', 'File Already Exists', 'error');
} else{
move_uploaded_file($_FILES["avatar"]["tmp_name"],
"images/avatars/" . $_FILES["avatar"]["name"]);
return true;
}
}
} else {
redirect('register.php','invalid file type','error');
}
}
}?>
and here is my Register
<?php
//create User Object
$user = new User;
if(isset($_POST['register'])){
//create Data Array
$data = Array();
$data['name'] = $_POST['name'];
$data['email'] = $_POST['email'];
$data['username'] = $_POST['username'];
$data['password'] = md5($_POST['password']);
$data['password2'] = md5($_POST['password2']);
$data['about'] = $_POST['about'];
$data['last_activity'] = date("Y-m-d h:i:s");
if($user->uploadAvatar){
$data['avatar'] = $_FILES['avatar']['name'];
} else {
$data['avatar'] = 'noimage.png';
}
} ?>
This is my Form:
<form role="form" enctype="multipart/form-data" method="post" action="register.php">
<div class="form-group">
<label>Name*</label>
<input type="text" class="form-control" name="name" placeholder="Enter Name"/>
</div>
<div class="form-group">
<label>Email Address*</label>
<input type="email" class="form-control" name="email" placeholder="Enter Your Email Address"/>
</div>
<div class="form-group">
<label>Choose UserName*</label>
<input type="text" class="form-control" name="username" placeholder="Create Username"/>
</div>
<div class="form-group">
<label>Password*</label>
<input type="password" class="form-control" name="password" placeholder="Enter A Password"/>
</div>
<div class="form-group">
<label>Confirm Password*</label>
<input type="password" class="form-control" name="password2" placeholder="Enter Password Again"/>
</div>
<div class="form-group">
<label>Upload Avatar</label>
<input type="file" name="avatar" />
<p class="help-block"></p>
</div>
<div class="form-group">
<label>About Me</label>
<textarea id="about" rows="6" cols="80" class="form-control" name="about" placeholder="Tell Us About Yourself (Optional)"></textarea>
</div>
<input name="register" type="submit" class="btn btn-default" value="Register" />
</form>
But now when I run the registration it hass Error
Notice: Undefined property: User::$uploadAvatar in C:\xampp\htdocs\talkingspace\register.php on line 22
any help for this Error?

You try to access uploadAvatar as if it was a property but it's a method.
So you need to change this line:
if($user->uploadAvatar){
to this:
if($user->uploadAvatar()){

Related

Preventing Dublicate Email,Username,Number But Facing This Error [duplicate]

This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 1 year ago.
But i am facing this error
Fatal error: Uncaught TypeError: mysqli_query(): Argument #1 ($mysql) must be of type mysqli, bool given in F:\Xampp\htdocs\User-Registration-System\index.php:20 Stack trace: #0 F:\Xampp\htdocs\User-Registration-System\index.php(20): mysqli_query(false, 'SELECT * FROM `...') #1 {main} thrown in F:\Xampp\htdocs\User-Registration-System\index.php on line 20
<?php include 'connection.php';
if (isset($_REQUEST['register'])) {
$username = $_POST['username'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = md5($_POST['password']);
$cpassword = md5($_POST['cpassword']);
if (
empty($_POST['username']) ||
empty($_POST['email']) ||
empty($_POST['mobile']) ||
empty($_POST['password']) ||
empty($_POST['cpassword'])
) {
echo 'Please fill all required fields!';
} else {
$usernameQuery = "SELECT * FROM `register` WHERE `username`='$username'";
$uq = mysqli_query($conn, $usernameQuery);
$emailQuery = "SELECT * FROM `register` WHERE `email`='$email'";
$eq = mysqli_query($conn, $emailQuery);
$mobileQuery = "SELECT * FROM `register` WHERE `mobile`=$mobile";
$pq = mysqli_query($conn, $mobileQuery);
if (mysqli_num_rows($uq > 0)) {
echo "username already exist";
} elseif (mysqli_num_rows($eq > 0)) {
echo "username already exist";
} elseif (mysqli_num_rows($pq > 0)) {
echo "someone already register with this phone number";
} elseif ($password === $cpassword) {
$iquery = "INSERT INTO `register`(`username`,`eamil`,`mobile`,`password`) VALUES('$username','$email','$mobile','$password')";
mysqli_query($conn, $iquery);
} else (header('location:index.php'));
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap#5.0.0-beta3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-eOJMYsd53ii+scO/bJGFsiCZc+5NDVN2yr8+0RDqr0Ql0h+rP48ckxlpbzKgwra6" crossorigin="anonymous">
</head>
<body>
<div class="container">
<div class="h1">Register Here</div>
<form action="" method="post">
<div class="form-group">
<label for="exampleInputEmail1">Username</label>
<input type="text" class="form-control" name="username" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter email">
</div>
<div class="form-group">
<label for="exampleInputEmail1">Email</label>
<input type="email" class="form-control" name="email" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter email">
</div>
<div class="form-group">
<label for="exampleInputEmail1">Mobile</label>
<input type="text" class="form-control" name="mobile" id="exampleInputEmail1" aria-describedby="emailHelp" placeholder="Enter email">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" name="password" id="exampleInputPassword1" placeholder="Password">
</div>
<div class="form-group">
<label for="exampleInputPassword1">Confirm Password</label>
<input type="password" class="form-control" name="cpassword" id="exampleInputPassword1" placeholder="Password">
</div>
<br>
<button type="submit" name="register" class="btn btn-primary">Submit</button>
</form>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap#5.0.0-beta3/dist/js/bootstrap.bundle.min.js" integrity="sha384-JEW9xMcG8R+pH31jmWH6WWP0WintQrMb4s7ZOdauHnUtxwoG2vI5DkLtS3qm9Ekf" crossorigin="anonymous"></script>
</body>
</html>

I solve this problem , actually i was using > in under function that is a mistake.
if (mysqli_num_rows($uq) > 0)){}

inserting a blank row before inserting the correct one mysql

I am working on a angular5 / php backend project, and I am having an issue where I have a registration form, when the user registers it creates a blank row (empty strings values) in the user table followed by the correct row (colomn values).
The following is my form:
<form *ngIf="!isLogin" (submit)="onRegisterSubmit()" [formGroup]="registerForm">
<div class="form-control">
<input type="text" name="firstname" id="firstname" class="form-control" placeholder="Firstname" formControlName="fn">
<div class="throw_error" *ngIf="registerForm.controls.fn.invalid && registerForm.controls.fn.touched">
<div *ngIf="registerForm.controls.fn.errors?.required">This field is required</div>
<div *ngIf="registerForm.controls.fn.errors?.minlength">This field must be at least 3 characters</div>
<div *ngIf="registerForm.controls.fn.errors?.maxlength">This field must have at most 10 characters</div>
</div>
</div>
<div class="form-control">
<input type="text" name="lastname" id="lastname" class="form-control" placeholder="Lastname" formControlName="ln">
<div class="throw_error" *ngIf="registerForm.controls.ln.invalid && registerForm.controls.ln.touched">
<div *ngIf="registerForm.controls.ln.errors?.required">This field is required</div>
<div *ngIf="registerForm.controls.ln.errors?.minlength">This field must be at least 3 characters</div>
<div *ngIf="registerForm.controls.ln.errors?.maxlength">This field must have at most 10 characters</div>
</div>
</div>
<div class="form-control">
<input type="email" name="email2" id="email2" class="form-control" placeholder="Email Address" formControlName="email2">
<div class="throw_error" *ngIf="registerForm.controls.email2.invalid && registerForm.controls.email2.touched">
<div *ngIf="registerForm.controls.email2.errors?.required">This field is required</div>
<div *ngIf="registerForm.controls.email2.errors?.email && !registerForm.controls.email2.errors?.required">This email is invalid</div>
</div>
</div>
<div class="form-control">
<input type="password" name="password2" id="password2" class="form-control" placeholder="Password" formControlName="password2">
<div class="throw_error" *ngIf="registerForm.controls.password2.invalid && registerForm.controls.password2.touched">
<div *ngIf="registerForm.controls.password2.errors?.required">This field is required</div>
<div *ngIf="registerForm.controls.password2.errors?.minlength">This field must be at least 6 characters</div>
<div *ngIf="registerForm.controls.password2.errors?.maxlength">This field must have at most 15 characters</div>
</div>
</div>
<div class="form-control">
<input type="password" name="confirmPassword" id="confirm-password" class="form-control" placeholder="Confirm Password" formControlName="confPass">
<div class="throw_error" *ngIf="registerForm.controls.confPass.touched && registerForm.controls.confPass.errors?.MatchPassword">Passwords do not match</div>
</div>
<div class="form-control">
<div class="row">
<div class="col-sm-3"></div>
<div class="col-sm-6">
<input type="submit" name="register-submit" id="register-submit" [disabled]="registerForm.invalid"
class="form-control btn btn-register" value="Submit">
<span class="throw_error" id="success">{{resultReg}}</span>
</div>
<div class="col-sm-3"></div>
</div>
</div>
</form>
This is my typescript code for the registration function:
onRegisterSubmit() {
const regFormValue = this.registerForm.value;
this.http.post("http://localhost/ProjetErgonomie/RegUser.php", regFormValue)
.subscribe(data => {
this.receivedData = data;
if (this.receivedData.success) {
this.resultReg = "User added successfully";
} else {
this.resultReg = this.receivedData.errors;
}
}, (error) => {
console.log(error);
});
}
And this is my RegUser.php page:
<?php
header("Access-Control-Allow-Headers: Content-Type");
header("Access-Control-Allow-Origin: *");
require_once ('./DBConnect.php');
$conn = mysqli_connect($servername, $username, $password, $db ,$port);
$regUserData = json_decode(file_get_contents("php://input"),true);
$fn = $regUserData['fn'];
$ln = $regUserData['ln'];
$email = $regUserData['email2'];
$pass = $regUserData['password2'];
$confPass = $regUserData['confPass'];
$errorsReg = "";
$dataReg=array();
if($fn === '' || $ln === '' || $email === '' || $pass === '' || $confPass === ''){
$errorsReg = 'Please fill all fields';
$dataReg['success'] = FALSE;
}
else{
$checkUserQuery = "select * from user where Email = '".$email."'";
$result = $conn->query($checkUserQuery);
if(mysqli_num_rows($result)>0){
$errorsReg = 'User already exists';
$dataReg['success'] = FALSE;
}
else{
$sql = "INSERT INTO user (Firstname, Lastname, Email, Password, NewUser)
VALUES ('".$fn."','".$ln."','".$email."','".md5($pass)."',1)";
mysqli_query($conn,$sql);
$dataReg['success'] = TRUE;
}
}
$dataReg['errors']=$errorsReg;
echo json_encode($dataReg);
can you please tell me why am I getting a blank row before having the correct row inserted?

"Invalid File Format" error when trying to submit form

When I try to submit my form, it can't be submitted and shows an "invalid file format" error, no matter if any data is input or not. The file format code was collected from StackOverflow.
if(isset($_POST['submit']))
{
$type=2;
$fname = #$_POST['f_name'];
$eml = #$_POST['email_id'];
$mo_num = #$_POST['mn'];
$message = #$_POST['message'];
$uploaded_file_a= #$_FILES['file_a']['name'];
$uploaded_file_b= #$_FILES['file']['name'];
// in a Array > all Supported Document Formats are Stored //
$allowedExts = array("pdf", "doc", "docx", "ppt", "pptx","jpeg","jpg","png","x-png");
// In a Temporary Array > The File Name + File Extension is Stored //
$temp = explode(".", $_FILES["file"]["name"]);
// Getting the Extension //
$extension = end($temp);
// Checking File // PDF | DOC | DOCX | XLS | XLSX | PPT | PPTX
if ((
(#$_FILES['file']['type'] == "image/jpeg")
|| (#$_FILES['file']['type'] == "image/jpg")
|| (#$_FILES['file']['type'] == "image/png")
|| (#$_FILES['file']['type'] == "image/x-png")
|| (#$_FILES["file"]["type"] == "application/pdf")
|| (#$_FILES["file"]["type"] == "application/msword")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")
|| (#$_FILES["file"]["type"] == "application/vnd.ms-excel")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet")
|| (#$_FILES["file"]["type"] == "application/application/vnd.ms-powerpoint")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.presentationml.presentation"))
&&
(#$_FILES['file']['error'] == 0)
&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts))
{
$fileName_a = date("YmdHis") . "_" . $_FILES['file_a']['name'];
$fileName = date("YmdHis") . "_" . $_FILES['file']['name'];
$valToBind = array(
':F_NM' => $fname,
':EM' => $eml,
':MOB' => $mo_num,
':TY' => $type,
':MS' => $message,
':PILEA'=> #$fileName_a,
':PILE'=> #$fileName
);
$query = $conn1->prepare("
INSERT INTO `testimonials` (`user_name`,`email`,`phone`,`testimonial_type`,`testimonial_message`,`photo_file`,`image_file`) VALUES
(:F_NM,:EM,:MOB,:TY,:MS,:PILEA,:PILE);
");
$query->execute($valToBind);
$rowNumber = $query->rowCount();
$lastInsertId = $conn1->lastInsertId();
if($lastInsertId > 0)
{
{ move_uploaded_file(
$_FILES['file_a']['tmp_name'], "admin/upload/testimonials/". $fileName_a
);}
{ move_uploaded_file(
$_FILES['file']['tmp_name'], "admin/upload/testimonials/". $fileName
);}
echo '<div class="alert alert-success " >
Your Testimonials has been sent to us.
</div>';
}
}
else
{
echo'<div class="alert alert-success " > Invalid File Format </div>';
}
}
?>
<form class="row contact_form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<div class="col-md-12 col-sm-6">
<input type="text" class="form-control" name="f_name" placeholder="Full Name">
</div>
<div class="col-md-12 col-sm-6">
<input type="email" class="form-control" name="email_id" placeholder="Email">
</div>
<div class="col-md-12 col-sm-6">
<input type="text" class="form-control" name="mn" placeholder="Mobile Number">
</div>
<div class="col-md-12 col-sm-6">
<label> Your Photo</label><br>
<input type="file" name="file_a" class="form-control" >
</div>
<div class="col-md-12 col-sm-6">
<label> Testimonial in msword, pdf or Image (if scanned)</label><br>
<input type="file" name="file" class="form-control" >
</div>
<div class="col-md-12 col-sm-6">
<textarea name="message" class="form-control" placeholder="Testimonial Message (if written)"></textarea>
</div>
<div class="col-md-12 col-sm-6">
<input type="submit" name="submit" value="Submit Resume" class="btn btn-primary btn-block" >
</div>
</form>

i have modified you code to handle if no file is submitted.
if(isset($_POST['submit']))
{
$type=2;
$fname = #$_POST['f_name'];
$eml = #$_POST['email_id'];
$mo_num = #$_POST['mn'];
$message = #$_POST['message'];
$uploaded_file_a= #$_FILES['file_a']['name'];
$uploaded_file_b= #$_FILES['file']['name'];
// in a Array > all Supported Document Formats are Stored //
$allowedExts = array("pdf", "doc", "docx", "ppt", "pptx","jpeg","jpg","png","x-png");
// In a Temporary Array > The File Name + File Extension is Stored //
$temp = explode(".", $_FILES["file"]["name"]);
// Getting the Extension //
$extension = end($temp);
// Checking File // PDF | DOC | DOCX | XLS | XLSX | PPT | PPTX
if ((
(#$_FILES['file']['type'] == "image/jpeg")
|| (#$_FILES['file']['type'] == "image/jpg")
|| (#$_FILES['file']['type'] == "image/png")
|| (#$_FILES['file']['type'] == "image/x-png")
|| (#$_FILES["file"]["type"] == "application/pdf")
|| (#$_FILES["file"]["type"] == "application/msword")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")
|| (#$_FILES["file"]["type"] == "application/vnd.ms-excel")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet")
|| (#$_FILES["file"]["type"] == "application/application/vnd.ms-powerpoint")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.presentationml.presentation"))
&&
(#$_FILES['file']['error'] == 0)
&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts) && $_FILES['file']['tmp_name'] != '')
{
$fileName_a = date("YmdHis") . "_" . $_FILES['file_a']['name'];
$fileName = date("YmdHis") . "_" . $_FILES['file']['name'];
$valToBind = array(
':F_NM' => $fname,
':EM' => $eml,
':MOB' => $mo_num,
':TY' => $type,
':MS' => $message,
':PILEA'=> #$fileName_a,
':PILE'=> #$fileName
);
$query = $conn1->prepare("
INSERT INTO `testimonials` (`user_name`,`email`,`phone`,`testimonial_type`,`testimonial_message`,`photo_file`,`image_file`) VALUES
(:F_NM,:EM,:MOB,:TY,:MS,:PILEA,:PILE);
");
$query->execute($valToBind);
$rowNumber = $query->rowCount();
$lastInsertId = $conn1->lastInsertId();
if($lastInsertId > 0)
{
{ move_uploaded_file(
$_FILES['file_a']['tmp_name'], "admin/upload/testimonials/". $fileName_a
);}
{ move_uploaded_file(
$_FILES['file']['tmp_name'], "admin/upload/testimonials/". $fileName
);}
echo '<div class="alert alert-success " >
Your Testimonials has been sent to us.
</div>';
}
}
else
{
echo'<div class="alert alert-success " > Invalid File Format </div>';
}
}
?>
<form class="row contact_form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<div class="col-md-12 col-sm-6">
<input type="text" class="form-control" name="f_name" placeholder="Full Name">
</div>
<div class="col-md-12 col-sm-6">
<input type="email" class="form-control" name="email_id" placeholder="Email">
</div>
<div class="col-md-12 col-sm-6">
<input type="text" class="form-control" name="mn" placeholder="Mobile Number">
</div>
<div class="col-md-12 col-sm-6">
<label> Your Photo</label><br>
<input type="file" name="file_a" class="form-control" >
</div>
<div class="col-md-12 col-sm-6">
<label> Testimonial in msword, pdf or Image (if scanned)</label><br>
<input type="file" name="file" class="form-control" >
</div>
<div class="col-md-12 col-sm-6">
<textarea name="message" class="form-control" placeholder="Testimonial Message (if written)"></textarea>
</div>
<div class="col-md-12 col-sm-6">
<input type="submit" name="submit" value="Submit Resume" class="btn btn-primary btn-block" >
</div>
</form>
Thanks
Amit

single quotes and double quotes not inserting in datadase using php

i am inserting data into mysql using php it's work partialy it's inserting everything but not single quotes(') ex. principle's message. and when i insert it like principle"s message. it's inserting in database but it's only displaying principle in text box after inserting. and my file is save.php is here.
<?php session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_SESSION['user'])) {
if($_GET['catId'] == '' || $_GET['catId'] == null)
header('location:../user/logout.php');
$inc = -1;
if($_POST['title'] == '' || $_POST['title'] == null) {
$inc++;$_SESSION['error'][$inc] = "TITLE IS REQUIRED";
}
$selectImg=mysql_query("SELECT pri_img FROM aboutus_tbl WHERE id=4");
if ($_GET['catId']==4) {
if($_FILES["file"]["name"]) {
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 5242880)
&& in_array($extension, $allowedExts))
$imageNewName = md5(date("l, F d, Y h:i" ,time()) . (microtime())) . "." . $extension;
else {
$inc++;$_SESSION['error'][$inc] = "IVALID IMAGE";
}
}
else {
$inc++;$_SESSION['error'][$inc] = "IMAGE IS REQUIRED";
}
}
function inputValues() {
$_SESSION['values']['title'] = $_POST['title'];
$_SESSION['values']['sub_title1'] = $_POST['sub_title1'];
$_SESSION['values']['desc1'] = $_POST['desc1'];
$_SESSION['values']['sub_title2'] = $_POST['sub_title2'];
$_SESSION['values']['desc2'] = $_POST['desc2'];
$_SESSION['values']['sub_title3'] = $_POST['sub_title3'];
$_SESSION['values']['desc3'] = $_POST['desc3'];
header("location:../../views/aboutus_content/list.php?catId=".$_GET['catId']);
}
if($inc > -1)
inputValues();
else {
require_once('../../includes/connect.php');
if($_GET['catId']==4 && isset($_FILES["file"]["name"])) {
$update="UPDATE aboutus_tbl SET title='".$_POST['title']."',sub_title1='".$_POST['sub_title1']."',desc1='".$_POST['desc1']."',sub_title2='".$_POST['sub_title2']."',desc2='".$_POST['desc2']."',sub_title3='".$_POST['sub_title3']."',desc3='".$_POST['desc3']."',pri_img='".$imageNewName."' WHERE id='".$_GET['catId']."'";
}
else{
$update="UPDATE aboutus_tbl SET title='".$_POST['title']."',sub_title1='".$_POST['sub_title1']."',desc1='".$_POST['desc1']."',sub_title2='".$_POST['sub_title2']."',desc2='".$_POST['desc2']."',sub_title3='".$_POST['sub_title3']."',desc3='".$_POST['desc3']."' WHERE id='".$_GET['catId']."'";
}
if(mysql_query($update)) {
if($_GET['catId']==4 && isset($_FILES["file"]["name"])) {
move_uploaded_file($_FILES["file"]["tmp_name"],"../../public/img/principal/".$imageNewName);
unlink("../../public/img/principal/".mysql_result($selectImg, 0, "pri_img"));
}
$_SESSION['message'] = $_POST['title']." SUCESSFULLY UPDATED";
header('location:../../views/aboutus_content/list.php?catId='.$_GET['catId']);
} else {
$_SESSION['error'] = "ERROR : '".mysql_error()."' CODE : ".mysql_errno();
inputValues();
}
}
} else
header('location:../user/logout.php')
?>
and designing file is here list.php
<?php
ob_start();
include '../../includes/header.php';
if(!isset($_GET['catId']) || $_GET['catId']=='')
header('location:../error');
$contactResult = mysql_query("SELECT * FROM aboutus_tbl WHERE id='".$_GET['catId']."'");
if(mysql_num_rows($contactResult) != 1)
header('location:../error');
else {
?>
<div class="mainbar">
<div class="page-head">
<div class="container">
<div class="row">
<div class="col-md-12 col-sm-12 col-xs-12">
<h2><i class="fa fa-desktop"></i> <?php echo mysql_result($contactResult, 0, "title");?> Content</h2>
</div>
<div class="clearfix"></div>
</div>
</div>
</div>
<div class="container">
<?php
if(isset($_SESSION['error'])) {
echo"<div class='alert alert-danger'>";
for($i=0;$i<sizeof($_SESSION['error']);$i++)
echo "<p><b>".$_SESSION['error'][$i]."</b></p>";
echo"</div>";
unset($_SESSION['error']);
}
if(isset($_SESSION['message'])) {
echo"<div class='alert alert-success'><p><b>".$_SESSION['message']."</b></p></div>";
unset($_SESSION['message']);
}
?>
<div class="hide alert alert-danger" id="errorContainer"></div>
<div class="row">
<div class="col-lg-12">
<form action="../../controllers/aboutus_content/save.php?catId=<?php echo $_GET['catId'];?>" method="post" class="contactForms" role="form" enctype="multipart/form-data">
<div class="col-lg-6">
<div class="form-group">
<label for="title"><span class="text-danger">* </span>Title</label>
<input name="title" id="title" data-validation-allowing="'" class="form-control" placeholder="Enter Title" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['title']; echo mysql_result($contactResult, 0, "title");?>" />
</div>
<div class="form-group">
<label for="sub_title1"><span class="text-danger">* </span>Sub Title 1</label>
<input name="sub_title1" id="sub_title1" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 1" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title1']; else echo mysql_result($contactResult, 0, "sub_title1");?>" />
</div>
<div class="form-group">
<label for="desc1"><span class="text-danger">* </span>Description 1</label>
<textarea name="desc1" id="desc1" data-validation-allowing="'" class="form-control" placeholder="Enter Description 1"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc1']; else echo mysql_result($contactResult, 0, "desc1");?></textarea>
</div>
<div class="form-group">
<label for="sub_title2"><span class="text-danger">* </span>Sub Title 2</label>
<input name="sub_title2" id="sub_title2" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 2" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title2']; else echo mysql_result($contactResult, 0, "sub_title2");?>" />
</div>
<div class="form-group">
<label for="desc2"><span class="text-danger">* </span>Description 2</label>
<textarea name="desc2" id="desc2" data-validation-allowing="'" class="form-control" placeholder="Enter Description 2"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc2']; else echo mysql_result($contactResult, 0, "desc2");?></textarea>
</div>
</div>
<div class="col-lg-6">
<div class="form-group">
<label for="sub_title3"><span class="text-danger">* </span>Sub Title 3</label>
<input name="sub_title3" id="sub_title3" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 3" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title3']; else echo mysql_result($contactResult, 0, "sub_title3");?>" />
</div>
<div class="form-group">
<label for="desc3"><span class="text-danger">* </span>Description 3</label>
<textarea name="desc3" id="desc3" data-validation-allowing="'" class="form-control" placeholder="Enter Description 3"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc3']; else echo mysql_result($contactResult, 0, "desc3");?></textarea>
</div>
<div class="form-group">
<label for="pri_img"><span class="text-danger">* </span>Principle Image(Only For Principal's Message)</label>
<input type="file" name="file" id="file" class="form-control">
</div>
</div>
<div class="form-group text-center">
<input type="submit" class="btn btn-info" value="Save" />
Reset
</div>
</form>
</div>
</div>
</div>
</div>
<?php
}
?>
<script type="text/javascript">
window.onload = function() {
$(document).ready(function() {
$('.aboutus_content').addClass('current');
$('.aboutus_content').addClass('open');
$(".courImgItm<?php echo $_GET['catId']?>").addClass('active');
});
}
</script>
<?php
include '../../includes/footer.php';
if(isset($_SESSION['values']))
unset($_SESSION['values']);
ob_flush();
?>
please help me.

Run your string through this first:
mysql_real_escape_string($string);
It'll fix it for ya

try using this way
in your sql query---
$m1=$_REQUEST['message'];
$msg='".str_replace("\"",""",str_replace("'","''",$m1))."';
hope this will help

Checking if file is larger than 1 MB

I would like to ask your help. I wrote a code which checks if all the fields are filled in and if the file is not larger than 1 MB. If everything is correct the file successfuly uploads to MySQL database. But if the file size is larger than 1 MB the code stops working. The error doesnt show up and all the fields become empty. Here`s the code (some of it is in Lithuanian, sorry):
<?php
error_reporting(E_ERROR);
session_start();
if (isset($_SESSION['login'])){
include 'config.php';
$username = $_SESSION['login'];
$result = mysqli_query($db,"SELECT * FROM users WHERE username='$username'");
$rws = mysqli_fetch_array($result);
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$autorius = mysqli_real_escape_string($db,$_POST['autorius']);$pavadinimas = mysqli_real_escape_string($db,$_POST['pavadinimas']);$puslapiai = mysqli_real_escape_string($db,$_POST['puslapiai']);$tema = mysqli_real_escape_string($db,$_POST['tema']);$pmintis = mysqli_real_escape_string($db,$_POST['pmintis']);$pveikejai = mysqli_real_escape_string($db,$_POST['pveikejai']);$aveikejai = mysqli_real_escape_string($db,$_POST['aveikejai']);$epizodas = mysqli_real_escape_string($db,$_POST['epizodas']);$nuomone = mysqli_real_escape_string($db,$_POST['nuomone']);$apie = mysqli_real_escape_string($db,$_POST['apie']);$foto = mysqli_real_escape_string($db,$_POST['foto']);$user_id = $rws['id'];
if (!empty($autorius) && !empty($pavadinimas) && !empty($puslapiai) && !empty($tema) && !empty($pmintis) && !empty($pveikejai) && !empty($aveikejai) && !empty($epizodas) && !empty($nuomone) && !empty($apie) && isset($foto) && $_FILES['foto']['size'] > 0 && $_FILES['foto']['size'] < 1000001) {
$fileName = $_FILES['foto']['name'];$tmpName = $_FILES['foto']['tmp_name'];$fileSize = $_FILES['foto']['size'];$fileType = $_FILES['foto']['type'];
$fp = fopen($tmpName, 'r');
$foto = fread($fp, filesize($tmpName));
$foto = addslashes($foto);
fclose($fp);
$query = "INSERT INTO books (id_user, autorius, pavadinimas, puslapiai, tema, pmintis, pveikejai, aveikejai, epizodas, nuomone, apie, foto, name, type, size) ".
"VALUES ('$user_id', '$autorius', '$pavadinimas', '$puslapiai', '$tema', '$pmintis', '$pveikejai', '$aveikejai', '$epizodas', '$nuomone', '$apie', '$foto', '$fileName', '$fileType', '$fileSize')";
$result = mysqli_query($db,$query);
$success = "Knygos aprašymas įkeltas";
echo $_FILES['foto']['size'];
}
else if (empty($autorius) || empty($pavadinimas) || empty($puslapiai) || empty($tema) || empty($pmintis) || empty($pveikejai) || empty($aveikejai) || empty($epizodas) || empty($nuomone) || empty($apie)) {
$error = "Užpildykite visus laukelius!";
}
else if (empty($foto)){
$error = "Pasirinkite viršelio nuotrauką!";
}
else if ($_FILES['foto']['size'] > 1000001){
$error = "Viršelio nuotraukos dydid neturi viršyti 1 MB!";
}
}
?>
<?php include 'bin/includes/header.html'; ?>
<div class="container">
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">Įkelti knygos aprašymą
<small>Ikelkite savo knygos aprašymą</small>
</h1>
<ol class="breadcrumb">
<li>Pagrindinis
</li>
<li class="active">Įkelti knygos aprašymą</li>
</ol>
</div>
</div>
<div class="row">
<div class="col-md-8">
<form name="upload" id="upload" method="post" enctype="multipart/form-data">
<div class="control-group form-group">
<?php
if(isset($success)) {
echo '<label style="color: #44FF00;">';
echo $success;
echo '</label>';
}
else {
echo '<label style="color: #FF3700;">';
echo $error;
echo '</label>';
} ?>
<div class="controls">
<input type="text" class="form-control" name="autorius" maxlength="60" placeholder="Autorius" value="<?php if(!empty($_POST['autorius'])) echo $_POST['autorius'];?>">
<p class="help-block"></p>
</div>
<div class="controls">
<input type="text" class="form-control" name="pavadinimas" maxlength="255" placeholder="Pavadinimas" value="<?php if(!empty($_POST['pavadinimas'])) echo $_POST['pavadinimas'];?>">
<p class="help-block"></p>
</div>
<div class="controls">
<input type="text" class="form-control" name="puslapiai" placeholder="Puslapių skaičius" value="<?php if(!empty($_POST['puslapiai'])) echo $_POST['puslapiai'];?>">
<p class="help-block"></p>
</div>
<div class="controls">
<input type="text" class="form-control" name="pveikejai" maxlength="999" placeholder="Pagrindiniai veikėjai" value="<?php if(!empty($_POST['pveikejai'])) echo $_POST['pveikejai'];?>">
<p class="help-block"></p>
</div>
<div class="controls">
<input type="text" class="form-control" name="aveikejai" maxlength="999" placeholder="Antraeiliai veikėjai" value="<?php if(!empty($_POST['aveikejai'])) echo $_POST['aveikejai'];?>">
<p class="help-block"></p>
</div>
<div class="controls">
<textarea placeholder="Tema" rows="2" class="form-control" name="tema" maxlength="999" style="resize:none"><?php if(!empty($_POST['tema'])) echo $_POST['tema'];?></textarea>
<p class="help-block"></p>
</div>
<div class="controls">
<textarea placeholder="Pagrindinė mintis" rows="2" class="form-control" name="pmintis" maxlength="999" style="resize:none"><?php if(!empty($_POST['pmintis'])) echo $_POST['pmintis'];?></textarea>
<p class="help-block"></p>
</div>
<div class="controls">
<textarea placeholder="Siužetas" rows="5" class="form-control" name="apie" maxlength="2999" style="resize:none"><?php if(!empty($_POST['apie'])) echo $_POST['apie'];?></textarea>
<p class="help-block"></p>
</div>
<div class="controls">
<textarea placeholder="Įsimintiniausias epizodas" rows="3" class="form-control" name="epizodas" maxlength="2999" style="resize:none"><?php if(!empty($_POST['epizodas'])) echo $_POST['epizodas'];?></textarea>
<p class="help-block"></p>
</div>
<div class="controls">
<textarea placeholder="Nuomonė apie knygą" rows="3" class="form-control" name="nuomone" maxlength="999" style="resize:none"><?php if(!empty($_POST['nuomone'])) echo $_POST['nuomone'];?></textarea>
<p class="help-block"></p>
</div>
<div class="controls">
<label>Įkelti viršelį (max 1MB)</label>
<input name="foto" type="file" id="foto">
<p class="help-block"></p>
</div>
<button type="submit" class="btn btn-primary">Įkelti</button>
</div>
</form>
</div>
</div>
<?php include 'bin/includes/footer.html'; ?>
<?php } else {
header("location: index.php");
}
Thanks for your help!

You should use this to get the file size:
$size = filesize($_FILES['foto']['tmp_name']);
This returns the filesize in byte. One MB are 1048576 bytes. You should check for the function not returning false.
In general: You should use exceptions for this purpose, it is much simplier to check for a condition and then check again. If you just want to use if-else-statements, you should rearrange it (check for errors first and then upload the thing in the else-case).
Why are you not saving the files in filesystem? This is a lot easier...

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Error in Uploading File - php

You try to access uploadAvatar as if it was a property but it's a method. So you need to change this line: if($user->uploadAvatar){ to this: if($user->uploadAvatar()){

Related

Preventing Dublicate Email,Username,Number But Facing This Error [duplicate]

inserting a blank row before inserting the correct one mysql

"Invalid File Format" error when trying to submit form

single quotes and double quotes not inserting in datadase using php

Checking if file is larger than 1 MB

Categories

Resources