I browsed many references in this site and found that this works successfully:
<?php
//tes to rename a sub folder
$oldDir="test";
$newDir = "testing";
if (!is_dir(dirname($newDir))) {
mkdir(dirname($newDir), 0777, true);
}
rename($oldDir,$newDir);
echo 'successfully renamed into';
?>
Now,I need to rename a category label (directory). But, It gave me error:
"warning"."No such file or directory in ...." when I have a category name inside $_POST, as in illustrated below:
First, submit.php
<?php
$displCat = $mydb->prepare("SELECT * FROM labelz ORDER BY label_name");
$displCat->execute();
$dataCat = $displCat->fetchAll();
foreach ($dataCat as $tampil_cat) {
$idcat=$tampil_cat['id'];
$cat=$tampil_cat['label_name'];
?>
<form action="u.php?id=<?php echo $idcat; ?>" method="post" name="frmupdatekat">
<div class="modal-body" style="overflow:auto;">
<h4>Edit Kategori: <?php echo $idcat.". ".$cat; ?></h4>
<input type="text" class="form-control" id="txtOldKat" name="txtOldKat" value="<?php echo $cat; ?>" style="border:0px;"/>
<input type="text" class="form-control" id="txtUpdateKategori" name="txtUpdateKategori"/>
<br />
<input type="submit" name="cmdUpdateKategori" id="cmdUpdateKategori" class="btn btn-success" style="vertical-align:middle; height:27px; padding:4px; font:12px Arial;" value="Update Kategori"/>
<br />
<br />
</div>
</form>
//.......
?>
Second, u.php
<?php
session_start();
include('conn.php');
if (isset($_GET['id'])){
$id=isset($_GET['id']) ? $_GET['id'] : '';
$txtOldKat=trim($_POST['txtOldKat']);
$txtUpdateKategori=trim($_POST['txtUpdateKategori']);
rename($txtOldKat,$txtUpdateKategori);
echo "<script>alert('Haadeeeehhh, ini koq error muluuuuuuuuuuuu!');</script>";
exit(); // stop to see if errors here.
if (isset($_POST['cmdUpdateKategori'])){
if (empty($_POST['txtUpdateKategori'])){
echo "<script>alert('Admin, Anda belum mengganti nama Kategori!');</script>";
echo "<meta http-equiv='refresh' content='0; url=adminz/kategori.php?target=kategori'>";
exit();
}
else{
$sql="SELECT * FROM labelz WHERE id=:id";
$sth = $mydb->prepare($sql);
$sth->execute(array(':id' => $id ));
//....... others code
?>
I then used previous scripts but not work even to use:
__DIR__
__dirname(__FILE__)
realpath()
etc.
I also check if the $old_cat exists and it really exists.
Here's the screenshot from filezilla (and also check in cpanel).
Then try using trim() in post value.
I also read here: http://php.net/manual/en/function.rename.php to see if I was wrong.
It seems, it doesn't work inside $_POST.
So, What should I do since I need it to do inside that $_POST.
Otherwise, you may have other solution to.
If you find this is duplicate question, pls let me know the link.
Thanks a lot for your advice/suggestion/solution.
Do some error checks in your code, make sure $old_cat exists prior to renaming, make sure $new_cat is in fact a valid file/folder name and doesn't already exist, make sure $old_cat and $new_cat are actually set.
Related
<?php include('header.php');
include ('config.php');
if(isset($_POST['submit_image'])){
$imgname=$_FILES["myimage"]["name"] ;
$target="ProfileImages/";
$filetarget=$target.$imgname;
$tempname=$_FILES["myimage"]["tmp_name"];
$result = move_uploaded_file($tempname,$filetarget);
if($result){
$id=$_SESSION['id'];
$caption=$_POST['caption'];
$q="INSERT into `images` (id,path,caption) VALUES ('$id','$filetarget','$caption')";
$res=mysqli_query($con,$q);
if($res)
{
$msg="Photo Uploaded Sucessfully..";
$_SESSION['msg']=$msg;
header('location:profile.php');
}
}
else{
$msg="Error Not Uploaded...Try Again";
$_SESSION['msg']=$msg;
header('location:profile.php');
}
}
?>
<form method="POST" enctype="multipart/form-data">
<h2><u>Select Image</u></h2><br><input type="file" name="myimage"><br>
<h2><u>Caption</u></h2><br>
<textarea rows="4" cols="25" name="caption"></textarea>
<input type="submit" name="submit_image" value="Upload">
</form>
Heading
I was trying to upload pictures through this code, but after some time I checked it was not working...Can any of you help me how to fix this?
Turn on the PHP Error Reporting!
Isolate the working script and try to find out where the issue is. Make sure if:
the parser enters the first if
is the $filetarget valid file name
was the file move successful
was the query successful
is the redirection to valid page
If you do not have debugger, disable the header('location:profile.php'); to stay on the page and see errors and/or print testing messages such as echo "I am here on line ".__LINE__; to make sure the parser is in.
I am trying to add variable into session and read that variable in function.
so here is index.php:
<?php
include("include/config.php");
if(!empty($txt_user) && !empty($txt_pass))
{
$result=login_func($txt_user,$txt_pass);
if($result==1)
{
header("Location: homepage.php");
}else{
$alert_class="alert-danger";
}
}
?>
<form action="<?php echo("".$_SERVER['PHP_SELF']."");?>" method='post' class='form-validate' id="test">
<div class="form-group">
<div class="email controls">
<input type="text" name='txt_user' placeholder="Kullanıcı Adınız" class='form-control' data-rule-required="true">
</div>
</div>
<div class="form-group">
<div class="pw controls">
<input type="password" name="txt_pass" placeholder="Şifreniz" class='form-control' data-rule-required="true">
</div>
</div>
<div class="submit">
<input type="submit" value="Giriş Yap" class='btn btn-primary'>
</div>
</form>
config.php:
<?php
ini_set('session.gc_maxlifetime', 3600);
session_start();
ob_start();
include("class.php");
include("functions.php");
**connections to db**
?>
functions.php:
function login_func($user,$pass)
{
$sql=mysql_query("SELECT * FROM table WHERE user_name='$user' AND pass='$pass' LIMIT 1");
$control_number=mysql_num_rows($sql);
if(($control_number==1))
{
$_SESSION['login_id']=#mysql_result($sql,0,'id');
$_SESSION['login_name']=#mysql_result($sql,0,'name');
$_SESSION['login_email']=#mysql_result($sql,0,'email');
return 1; // true
}else{
return 2; //false
}
}
So if i add following commands to homepage.php i get empty result for each echo:
echo $_SESSION['login_id'];
echo $_SESSION['login_name'];
echo $_SESSION['login_email'];
even also if i do same echo action just in function it doesnt give any output too.
So i am stuck on here and cant find what cause this problem. thanks for your helps.
please dont worry about syntax errors I think that only problem is using wrong sessions and sessions conf.
You are trying to access $txt_user and $txt_pass variables as registered globals.
Unless you are using php 5.3 and below the register_globals is removed from PHP.
Registering globals is a huge security risk and should be avoided in any case.
Try using $_POST['txt_user'] and $_POST['txt_pass'] instead
I know its a duplicate one but i'm getting this error while trying to fetch data passed from a link..I dont know how to resolve it.
here is my code:
add_package.php
echo "<td><a href='delete.php?name3=" . $row['package_type']."&id3=".$row['p_id']."'>Delete</a></td>";
echo "<td><a href='edit_package.php?name3=" . $row['package_type']."&id3=".$row['p_id']."'>Update</a></td>";
here the delete link works perfectly but when i click update it takes to the edit_package page where i'm getting an undefined error..
code for edit_package.php:
<?php
include('db.php');
$id4 = $_GET['id3'];//update the page
$name4 = $_GET['name3'];//helps to update the package
echo $id4;
echo $name4;//getting values here correctly..
if(isset($_POST['submit']) )
{
$package=$_POST['package'];
if (ctype_alnum($package) && !empty($id4) && !empty($name4))
{
$sql13="select package_type,id from tbl_package where package_type='".$package."'";
$retvali=mysql_query($sql13,$conn);
$num_rows1 = mysql_num_rows($retvali);
if ($num_rows1 == 0 || $num_rows1=="")
{
$sql = "Update tbl_package set package_type='".$package."' where package_type='".$name4."' and p_id='".$id4."'";
$retval = mysql_query( $sql, $conn );
?><script>alert("Updated Successsfully");window.location ='http://localhost/demo/add_package.php';
</script><?php
}
else
{
?><script>alert("Already Exists");window.location ='http://localhost/demo/add_package.php';
</script><?php
}
}
else
{
?><script>alert("enter only letters and numbers")</script><?php
}
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<form id="form-validation" action="edit_package.php" method="post" class="form-horizontal" enctype="multipart/form-data" novalidate="novalidate">
<div class="col-md-6">
<div class="block" style="height:500px;">
<div class="block-title">
<h2><strong>State the Package For Tour</strong></h2>
</div>
<fieldset>
<div class="form-group">
<label class="col-md-4 control-label" for="val_username">Update Package <span class="text-danger">*</span></label>
<div class="col-md-6">
<div class="input-group">
<input type="text" id="package" name="package" class="form-control" required >
<span class="input-group-addon"><i class="fa fa-user"></i></span>
</div>
</div>
</div>
<div class="form-group form-actions">
<div class="col-md-8 col-md-offset-4">
<input type="submit" class="btn btn-info btn-primary " value="Update" name="submit">
</div>
</div>
</fieldset>
</form>
When i press update button i'm getting an undefined error i dont know why?..Thanks in advance
I'm attaching an image to it..
Try to change the <form>'s action URL to include your GET varaibles:
<form id="form-validation" action="edit_package.php?id3=<?php echo $_GET['id3']; ?>&name3=<?php echo $_GET['name3']; ?>" method="post" class="form-horizontal" enctype="multipart/form-data" novalidate="novalidate">
PLEASE NOTE: This is extremely unsafe! You need to sanitize ALL user input before using it. My example above, dis-regards security, and simply is to demonstrate my point. GET and POST data, are user variables. A malicious user could put bad code in the URL (ie ?name3=<badcode>) and it would be printed on the page, well in the source code, which they could easily pop out of. Also, in SQL queries, you need to escape the data or use prepared statements.
You should not be using mysql functions, switch to MySQLi or PDO. MySQL has been killed for a while now..
These are just asking for you to get hacked:
$sql13="select package_type,id from tbl_package where package_type='".$package."'";
and..
$sql = "Update tbl_package set package_type='".$package."' where package_type='".$name4."' and p_id='".$id4."'";
You are vulnerable to SQL injections, would could easily allow a malicious attacker to add/edit/view/delete data in your database.
The problem is, you have $package (which is raw data from POST) and $id4 and $name4 (which is raw data from GET) in your SQL query.
You would use mysql_real_escape_string() on them, but you should be using mysqli or PDO anyways...
Example:
$name4 = mysql_real_escape_string($_GET['name3']);
It's confusing, I don't know what the GET variable is called name3 but you assign it the variable $name4.. Whoever (even you) comes along later on will be lost in your code.
Updated:
Try this code. I swapped your GET for POST in your php code, and passed the GET variables from your URL as hidden fields in your form.
<?php
include('db.php');
if(isset($_POST['submit']) )
{
$package = mysql_real_escape_string($_POST['package']);
$id4 = mysql_real_escape_string($_POST['id3']); // why is variable named id4 but its id3??
$name4 = mysql_real_escape_string($_POST['name3']); // why is variable $name4 but its name3??
if (ctype_alnum($package) && !empty($id4) && !empty($name4))
{
$sql13 = "SELECT package_type,id FROM tbl_package WHERE package_type='$package' LIMIT 1";
$retvali = mysql_query($sql13, $conn);
$num_rows1 = mysql_num_rows($retvali);
if ($num_rows1 == 0 || $num_rows1=="")
{
$sql = "Update tbl_package set package_type='$package' WHERE package_type = '$name4' AND p_id='$id4'";
$retval = mysql_query( $sql, $conn );
echo '<script>alert("Updated Successsfully");window.location = "http://localhost/demo/add_package.php";</script>';
} else {
echo '<script>alert("Already Exists"); window.location = "http://localhost/demo/add_package.php";</script>';
}
} else {
echo '<script>alert("enter only letters and numbers");</script>';
}
}
?>
<form action="edit_package.php" method="post" enctype="multipart/form-data" novalidate="novalidate">
<input type="hidden" name="id3" value="<?php echo htmlspecialchars($_GET['id3'], ENT_QUOTES | ENT_HTML5); ?>" />
<input type="hidden" name="name3" value="<?php echo htmlspecialchars($_GET['name3'], ENT_QUOTES | ENT_HTML5); ?>" />
Update Package: <input type="text" id="package" name="package" class="form-control" required >
<input type="submit" class="btn btn-info btn-primary " value="Update" name="submit">
</form>
I removed your HTML formatting from the form. You had div tags that didn't match up.. I can't see your whole code, but it looks like you have a bunch of div's that are messed up (ie: not closed where they should be). I also added mysql_real_escape_string() to the passed variables, and htmlspecialchars() to the GET variables echo'd in the hidden fields of your form. It's a start.
You might be able to make better sense of your code and troubleshoot errors, if you wrote your code a bit cleaner. Not trying to bash you :) Proper indentation, spacing, and formatting go a long way. It makes it easier on your eyes, and on yourself, in times like these..
I left your <script> tags because I assumed there was a reason your wanted to popup a message box.. I would just use header('Location: /path/to/where.php'); and pass your error message through a session variable or something, like an array of errors, which you get, clear, and show on the page the errors.
to be honest this is more of a how to then help with code i already have. So i hope this is okay, else of course i will delete my question again. Anyway here goes i have a site with boxes, with a picture headline and a submit button. All the info in these boxes is being delivered, from my database. And of course in my database i also have a id cell, and if i try to echo out the id cell with the rest of the info in the box it shows up fine. But when i try to assign the id output variable to a header location, i do for some weird reason always get the id 3. Eventhough the id´s shows up perfectly fine, in the boxes. I have included my php code and i am still a beginner to php so sorry for this noob question. :)
session_start();
include 'connection.php';
$sqlSelect = mysqli_query($con,"SELECT * FROM inspi");
while ($feed=mysqli_fetch_array($sqlSelect))
{
$id = $feed['id'];
if(isset($_POST['readArticle']))
{
$id = $_SESSION['id'];
header("Location:"."redirect.php?".SID.$idArticle);
}
?>
<div class="contentBoxOne">
<img width="100%" height="170px" src="userpics/<?php echo $feed['image']; ?>">
<div class="line"></div>
<form method="post" action="">
<input type="submit" name="readArticle" class="readArticle" value="Læs nu!">
</form>
<?php $idArticle= $feed['id'];?>
<h2><?php echo $feed['headline'];?></h2>
</div>
You are setting $idArticle at the bottom of the loop but trying to use it at the top so it will be pulling it from the previous result. Try:
while ($feed=mysqli_fetch_assoc($sqlSelect)){
$idArticle= $feed['id'];
$sid = $_SESSION['id'];
if(isset($_POST['readArticle']))
{
header("Location:"."redirect.php?".$sid.$idArticle);
}
//rest of code
}
You will have to put div inside the loop.
I also replaced the header redirect with form action attribute (you may want to replace method POST with GET instead).
ID is passed with a hidden field
<?php
include 'connection.php';
$sqlSelect = mysqli_query($con,"SELECT * FROM inspi");
while ($feed=mysqli_fetch_assoc($sqlSelect))
{
$id = (int)$feed['id'];
?>
<div class="contentBoxOne">
<img width="100%" height="170px" src="userpics/<?php echo $feed['image']; ?>">
<div class="line"></div>
<form method="post" action="redirect.php">
<input type="hidden" name="id" value="<?php echo $id; ?>">
<input type="submit" name="readArticle" class="readArticle" value="Læs nu!">
</form>
<h2><?php echo $feed['headline']; ?></h2>
debug: <pre><?php print_r($feed); ?></pre>
</div>
<?php } // end of while loop ?>
I am trying to get a guest book to work using PHP. I have managed to make it function, the thing is that I don't want the guest book to be in my index.php. I want it to be on a dynamic page, index.php?=guestbook for instance.
The problem is that when I put the code on another page rather than index.php the thing that happends when I fill out the fields and press the submit button, I get redirected to index.php and nothing is submited to my database. This all works fine as long as the code is in the index.php.
My first question is: What is causing this?
Second question: How do I get the code to function properly eventhough I have it in index.php?=guestbook?
Thanks in advance!
I am using xampp btw.
See below for the code:
<html>
<head>
<link rel="stylesheet" href="stylesheet.css" type="text/css">
</head>
<body>
<h1>Guestbook</h1><hr>
<?php
mysql_select_db ("guestbookdatabase") or die ("Couldn't find database!");
$queryget = mysql_query ("SELECT * FROM guestbook ORDER BY id ASC") or die("Error witch query.");
$querygetrownum = mysql_num_rows ($queryget);
if ($querygetrownum == 0)
echo "No posts have been made yet. Be the first!";
while ($row = mysql_fetch_assoc ($queryget))
{
$id = $row ['id'];
$name = $row ['name'];
$email = $row ['email'];
$message = $row ['message'];
$date = $row ['date'];
$time = $row ['time'];
if ($id%2)
$guestbookcomment = "guestbookcomment";
else
$guestbookcomment = "guestbookcommentdark";
echo "
<div class='$guestbookcomment'>
<div class='postheader'>
<b>Posted by $name ($email) on $date at $time</b>
</div>
<div class='message'>
".nl2br(strip_tags($message))."
</div>
</div>
";}
echo "<hr>";
if($_POST['submit'])
{
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$date = date("Y-m-d");
$time = date("H:i:s");
if ($name&&$email&&$message)
{
$querypost = mysql_query ("INSERT INTO guestbook VALUES ('','$name','$email','$message','$date','$time')");
echo "Please wait... <meta http-equiv='refresh' content='2'>";
}
else
echo "Please fill out all fields.";
}
echo "
<form action='index.php' method='POST'>
Your name: <input type='text' name='name' class='name' maxlength='25' ><br> <br>
Your email: <input type='text' name='email' class='email' maxlength='35'><br><br>
<div class='your_message'>
Your message:<input type='textarea' name='message' class='messagetextarea' maxlength='250'><br><br>
</div>
<input type='submit' name='submit' value='Post'>
</form>
";
?>
</body>
</html>
1) The action property of your form should be the same as the name of the file where the code is in. :) You create a guestbook.php, for example, but the action still is 'index.php'. Hence the problem. You send the POST data to index.php but there's no code to process it.
2) The query string doesn't affect the form. Only the filename.
I hope I understood your problem correctly.
Have you tried updating your form's action parameter to:
index.php?=guestbook
instead of just index.php?
If the problem resides on the server end than the victim to your problem is .htaccess (mod rewrite);
Otherwise, what do you really mean by this line of code?
echo "Please wait... <meta http-equiv='refresh' content='2'>";
< meta > refresh tag requires location to be mentioned where the redirect otherwise according to you refreshes the current page..
<meta http-equiv="refresh" content="2;url=http://stackoverflow.com/">
First, I'm assuming the file you're showing is index.php
Second, don't use index.php?=guestbook. URL parameters work within a key => value structure. In you're case you've only defined the value and no key.
Try using index.php?page=guestbook. this way, in your index.php file you can do something like:
if($_GET['page'] == 'guestbook') {
// ... your guestbook php code.
}
Then try setting your forms action attribute like this: action="index.php?page=guestbook".
Third, I'm going to assume that you have mysql connection code that isn't shown here. If not, take a look at mysql_connect().
Fourth, NEVER use unescaped data in a SQL query. You MUST escape your data to protect your database from being destroyed. Take a look at this wikipedia article which describes SQL Injection in greater detail: http://en.wikipedia.org/wiki/SQL_injection
Then take a look at mysql_real_escape_string() to learn how to prevent it with PHP and MySQL.
Fifth, don't use <meta http-equiv='refresh' content='2'> for redirect. Use PHP's header() function to redirect users, like this:
header('location: index.php');
exit(); // be sure to call exit() after you call header()
Also, just so you know, you CAN close PHP tags for large HTML blocks rather than using echo to print large static chunks of HTML:
<?php
// ... a bunch of PHP
?>
<form action="index.php" method="POST">
Your name: <input type="text" name="name" class="name" maxlength="25" ><br> <br>
Your email: <input type="text" name="email" class="email" maxlength="35"><br><br>
<div class="your_message">
Your message:<input type="textarea" name="message" class="messagetextarea" maxlength="250"><br><br>
</div>
<input type="submit" name="submit" value="Post">
</form>
<?php
// ... some more PHP
?>