my file upload script would no longer work after I have added the tag enctype="multipart/form-data" in the form.
This is the complete form:
echo '
<form action="/group/'.$_GET['id'].'/add_content" method="POST" enctype="multipart/form-data" class="form-horizontal">
<fieldset>
<legend>Beitrag hinzufügen</legend>
<div class="form-group">
<label for="inputPassword" class="col-lg-2 control-label">Inhalt</label>
<div class="col-lg-10">
<div class="well">
<textarea class="form-control" required="required" name="content_content" placeholder="Schreibe den Inhalt deines Beitrages hier hin..." rows="15"></textarea>
</div>
</div>
</div>
<div class="form-group">
<label for="inputPassword" class="col-lg-2 control-label">Bilder</label>
<div class="col-lg-10">
<div style="margin-top: 6px;"><b>Anhänge sind Freiwillig. Für diese Anhänge gelten besondere Bestimmungen, diese kannst du in den Nutzungsbestimmungen nachlesen!</b><br>
<b>Es sind folgende Dateiendungen erlaubt: PNG, GIF, JPG, BMP</b><br><br></div>
<!-- <input type="file" name="content_pictures[0]" accept="image/*" /><br>
<input type="file" name="content_pictures[1]" accept="image/*" /> -->
<input readonly="" class="form-control floating-label" placeholder="Durchsuchen..." type="text">
<input id="inputFile" name="content_pictures[0]" accept="image/*" type="file">
<input readonly="" class="form-control floating-label" placeholder="Durchsuchen..." type="text">
<input id="inputFile" name="content_pictures[1]" accept="image/*" type="file">
</div>
</div>
<div class="form-group">
<label for="inputPassword" class="col-lg-2 control-label">Video</label>
<div class="col-lg-10">
<div style="margin-top: 6px;"><b>Anhänge sind Freiwillig. Für diese Anhänge gelten besondere Bestimmungen, diese kannst du in den Nutzungsbestimmungen nachlesen!</b><br>
<b>Es sind folgende Dateiendungen erlaubt: AVI, MP4, WMV, FLV</b><br><br></div>
<!-- <input type="file" name="content_video[0]" accept="video/*" /> -->
<input readonly="" class="form-control floating-label" placeholder="Durchsuchen..." type="text">
<input id="inputFile" name="content_video[0]" accept="video/*" type="file">
</div>
</div>
<div class="form-group">
<div class="col-lg-10 col-lg-offset-2">
<a class="btn btn-danger" href="/group/'.$_GET['id'].'/members">Abbrechen</a>
<input type="submit" name="submitt" value="Beitrag hinzufügen" class="btn btn-success" style="background-color: #00CC66;">
</div>
</div>
</fieldset>
</form>
';
And here is the corresponding PHP script:
if(isset($_POST['submitt'])) {
$content = $_POST['content_content'];
$group_id = $_GET['id'];
$user_id = $aaa['id'];
$user_name = $aaa['username'];
$query = "INSERT INTO groups_content (group_id, autor_id, autor_name, content, date) VALUES (:group_id, :autor_id, :autor_name, :content, :date)";
$smt = $db->prepare($query);
$smt->execute(array(':group_id' => $group_id, ':autor_id' => $user_id, ':autor_name' => $user_name, ':content' => $content, ':date' => time()));
$query = "SELECT LAST_INSERT_ID(id) AS id FROM groups_content WHERE autor_id = :autor_id ORDER BY id DESC";
$smt2 = $db->prepare($query);
$smt2->execute(array(':autor_id' => $user_id));
$lastid = $smt2->fetch(PDO::FETCH_ASSOC);
foreach ($_FILES["content_pictures"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["content_pictures"]["tmp_name"][$key];
$name = $_FILES["content_pictures"]["name"][$key];
$file_namerev = strrev($name);
$parts = explode(".",$file_namerev);
$endung = strrev($parts[0]);
if($endung == "png" || $endung == "gif" || $endung == "jpg" || $endung == "bmp" || $endung == "PNG" || $endung == "GIF" || $endung == "JPG" || $endung == "BMP") {
$file = "$randomstring.$endung";
$query = "INSERT INTO groups_content_media (content_id, media_art, media_file) VALUES (:id, `1`, :file)";
$smt3 = $db->prepare($query);
$smt3->execute(array(':id' => $lastid['id'], ':file' => $file));
move_uploaded_file($tmp_name, "upload_group_content_media_image/$randomstring.$endung");
} else {
echo '<div class="alert alert-danger">Die Bilder wurden aufgrund einer unerlaubten Dateiendung nicht hochgeladen! Der Rest wurde gespeichert!</div>';
}
}
}
foreach ($_FILES["content_video"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["content_video"]["tmp_name"][$key];
$name = $_FILES["content_video"]["name"][$key];
$file_namerev = strrev($name);
$parts = explode(".",$file_namerev);
$endung = strrev($parts[0]);
if($endung == "avi" || $endung == "mp4" || $endung == "wmv" || $endung == "flv" || $endung == "AVI" || $endung == "MP4" || $endung == "WMV" || $endung == "FLV") {
$file = "$randomstring.$endung";
$query = "INSERT INTO groups_content_media (content_id, media_art, media_file) VALUES (:id, `2`, :file)";
$smt4 = $db->prepare($query);
$smt4->execute(array(':id' => $lastid, ':file' => $file));
move_uploaded_file($tmp_name, "upload_group_content_media_image/$randomstring.$endung");
} else {
echo '<div class="alert alert-danger">Das Video wurde aufgrund einer unerlaubten Dateiendung nicht hochgeladen! Der Rest wurde gespeichert!</div>';
}
}
}
echo '<div class="alert alert-success">Ihr Beitrag wurde erfolgreich gespeichert. Sie werden in 3 Sekunden weitergeleitet.</div>';
echo '<meta http-equiv="refresh" content="3; url=/group/'.$_GET['id'].'/home">';
}
Related
I have one registerform.. when I fill it out, it dosent save in the DB. But the error only says: There is one error saving. I am new to PHP , but I am like 3 hours now trying to find the error.. Hope someone can help me here! Thank you!
<?php
session_start();
$pdo = new PDO('mysql:host=localhost;dbname=test', 'root', '');
?>
<!DOCTYPE html>
<html>
<head>
<title>Registrierung</title>
</head>
<body>
<?php
$showFormular = true; //Variable ob das Registrierungsformular anezeigt werden soll
if(isset($_GET['register'])) {
$error = false;
$email = $_POST['email'];
$passwort = $_POST['passwort'];
$passwort1 = $_POST['passwort1'];
$hotelname = $_POST['hotelname'];
$ansprech = $_POST['ansprech'];
$telefon = $_POST['telefon'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo 'Bitte eine gültige E-Mail-Adresse eingeben<br>';
$error = true;
}
if(strlen($passwort) == 0) {
echo 'Bitte ein Passwort angeben<br>';
$error = true;
}
if($passwort != $passwort1) {
echo 'Die Passwörter müssen übereinstimmen<br>';
$error = true;
}
//Überprüfe, dass die E-Mail-Adresse noch nicht registriert wurde
if(!$error) {
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$result = $statement->execute(array('email' => $email));
$user = $statement->fetch();
if($user !== false) {
echo 'Diese E-Mail-Adresse ist bereits vergeben<br>';
$error = true;
}
}
//Keine Fehler, wir können den Nutzer registrieren
if(!$error) {
$passwort_hash = password_hash($passwort, PASSWORD_DEFAULT);
$statement = $pdo->prepare("INSERT INTO users (email, passwort, hotelname, ansprech, telefon) VALUES (:email, :passwort, :hotelname, :ansprech, :telefon;)");
$result = $statement->execute(array('email' => $email, 'passwort' => $passwort_hash, 'hotelname' => $hotelname, 'ansprech' => $ansprech, 'telefon' => $telefon));
if($result) {
echo 'Du wurdest erfolgreich registriert. Zum Login';
$showFormular = false;
} else {
echo 'Beim Abspeichern ist leider ein Fehler aufgetreten<br>';
}
}
}
if($showFormular) {
?>
<form action="?register=1" method="post">
<form class="form-horizontal">
<fieldset>
<!-- Form Name -->
<legend>Form Name</legend>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="Hotelname">Hotelname</label>
<div class="col-md-4">
<input name="hotelname" class="form-control input-md" id="hotelname" required="" type="text" placeholder="Hotelname">
</div>
</div>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="Ansprechpartner">Ansprechpartner</label>
<div class="col-md-4">
<input name="ansprech" class="form-control input-md" id="ansprech" required="" type="text" placeholder="Ansprechpartner">
</div>
</div>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="Email">Email</label>
<div class="col-md-4">
<input name="email" class="form-control input-md" id="email" required="" type="text" placeholder="Email-Adresse">
</div>
</div>
<!-- Text input-->
<div class="form-group">
<label class="col-md-4 control-label" for="Telefon">Telefon</label>
<div class="col-md-4">
<input name="telefon" class="form-control input-md" id="telefon" required="" type="text" placeholder="Telefonnummer">
</div>
</div>
<!-- Password input-->
<div class="form-group">
<label class="col-md-4 control-label" for="passwort">Passwort</label>
<div class="col-md-4">
<input name="passwort" class="form-control input-md" id="passwort" required="" type="password" placeholder="Passwort">
</div>
</div>
<!-- Password input-->
<div class="form-group">
<label class="col-md-4 control-label" for="passwort1">Passwort Wiederholen</label>
<div class="col-md-4">
<input name="passwort1" class="form-control input-md" id="passwort1" required="" type="password" placeholder="Passwort Wiederholen">
</div>
</div>
</fieldset>
<input type="submit" value="Abschicken">
</form>
<?php
} //Ende von if($showFormular)
?>
</body>
After Submitting only error is:
Saving error , but not showing me what line or something.
You're missing the colons :
$result = $statement->execute(array(':email' => $email));
and
$result = $statement->execute(array(':email' => $email, ':passwort' => $passwort_hash, ':hotelname' => $hotelname, ':ansprech' => $ansprech, ':telefon' => $telefon));
And as pointed by #user2486, there is an extra ; in :telefon; :
$statement = $pdo->prepare("INSERT INTO users (email, passwort, hotelname, ansprech, telefon) VALUES (:email, :passwort, :hotelname, :ansprech, :telefon)");
When I try to submit my form, it can't be submitted and shows an "invalid file format" error, no matter if any data is input or not. The file format code was collected from StackOverflow.
if(isset($_POST['submit']))
{
$type=2;
$fname = #$_POST['f_name'];
$eml = #$_POST['email_id'];
$mo_num = #$_POST['mn'];
$message = #$_POST['message'];
$uploaded_file_a= #$_FILES['file_a']['name'];
$uploaded_file_b= #$_FILES['file']['name'];
// in a Array > all Supported Document Formats are Stored //
$allowedExts = array("pdf", "doc", "docx", "ppt", "pptx","jpeg","jpg","png","x-png");
// In a Temporary Array > The File Name + File Extension is Stored //
$temp = explode(".", $_FILES["file"]["name"]);
// Getting the Extension //
$extension = end($temp);
// Checking File // PDF | DOC | DOCX | XLS | XLSX | PPT | PPTX
if ((
(#$_FILES['file']['type'] == "image/jpeg")
|| (#$_FILES['file']['type'] == "image/jpg")
|| (#$_FILES['file']['type'] == "image/png")
|| (#$_FILES['file']['type'] == "image/x-png")
|| (#$_FILES["file"]["type"] == "application/pdf")
|| (#$_FILES["file"]["type"] == "application/msword")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")
|| (#$_FILES["file"]["type"] == "application/vnd.ms-excel")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet")
|| (#$_FILES["file"]["type"] == "application/application/vnd.ms-powerpoint")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.presentationml.presentation"))
&&
(#$_FILES['file']['error'] == 0)
&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts))
{
$fileName_a = date("YmdHis") . "_" . $_FILES['file_a']['name'];
$fileName = date("YmdHis") . "_" . $_FILES['file']['name'];
$valToBind = array(
':F_NM' => $fname,
':EM' => $eml,
':MOB' => $mo_num,
':TY' => $type,
':MS' => $message,
':PILEA'=> #$fileName_a,
':PILE'=> #$fileName
);
$query = $conn1->prepare("
INSERT INTO `testimonials` (`user_name`,`email`,`phone`,`testimonial_type`,`testimonial_message`,`photo_file`,`image_file`) VALUES
(:F_NM,:EM,:MOB,:TY,:MS,:PILEA,:PILE);
");
$query->execute($valToBind);
$rowNumber = $query->rowCount();
$lastInsertId = $conn1->lastInsertId();
if($lastInsertId > 0)
{
{ move_uploaded_file(
$_FILES['file_a']['tmp_name'], "admin/upload/testimonials/". $fileName_a
);}
{ move_uploaded_file(
$_FILES['file']['tmp_name'], "admin/upload/testimonials/". $fileName
);}
echo '<div class="alert alert-success " >
Your Testimonials has been sent to us.
</div>';
}
}
else
{
echo'<div class="alert alert-success " > Invalid File Format </div>';
}
}
?>
<form class="row contact_form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<div class="col-md-12 col-sm-6">
<input type="text" class="form-control" name="f_name" placeholder="Full Name">
</div>
<div class="col-md-12 col-sm-6">
<input type="email" class="form-control" name="email_id" placeholder="Email">
</div>
<div class="col-md-12 col-sm-6">
<input type="text" class="form-control" name="mn" placeholder="Mobile Number">
</div>
<div class="col-md-12 col-sm-6">
<label> Your Photo</label><br>
<input type="file" name="file_a" class="form-control" >
</div>
<div class="col-md-12 col-sm-6">
<label> Testimonial in msword, pdf or Image (if scanned)</label><br>
<input type="file" name="file" class="form-control" >
</div>
<div class="col-md-12 col-sm-6">
<textarea name="message" class="form-control" placeholder="Testimonial Message (if written)"></textarea>
</div>
<div class="col-md-12 col-sm-6">
<input type="submit" name="submit" value="Submit Resume" class="btn btn-primary btn-block" >
</div>
</form>
i have modified you code to handle if no file is submitted.
if(isset($_POST['submit']))
{
$type=2;
$fname = #$_POST['f_name'];
$eml = #$_POST['email_id'];
$mo_num = #$_POST['mn'];
$message = #$_POST['message'];
$uploaded_file_a= #$_FILES['file_a']['name'];
$uploaded_file_b= #$_FILES['file']['name'];
// in a Array > all Supported Document Formats are Stored //
$allowedExts = array("pdf", "doc", "docx", "ppt", "pptx","jpeg","jpg","png","x-png");
// In a Temporary Array > The File Name + File Extension is Stored //
$temp = explode(".", $_FILES["file"]["name"]);
// Getting the Extension //
$extension = end($temp);
// Checking File // PDF | DOC | DOCX | XLS | XLSX | PPT | PPTX
if ((
(#$_FILES['file']['type'] == "image/jpeg")
|| (#$_FILES['file']['type'] == "image/jpg")
|| (#$_FILES['file']['type'] == "image/png")
|| (#$_FILES['file']['type'] == "image/x-png")
|| (#$_FILES["file"]["type"] == "application/pdf")
|| (#$_FILES["file"]["type"] == "application/msword")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.wordprocessingml.document")
|| (#$_FILES["file"]["type"] == "application/vnd.ms-excel")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet")
|| (#$_FILES["file"]["type"] == "application/application/vnd.ms-powerpoint")
|| (#$_FILES["file"]["type"] == "application/vnd.openxmlformats-officedocument.presentationml.presentation"))
&&
(#$_FILES['file']['error'] == 0)
&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts) && $_FILES['file']['tmp_name'] != '')
{
$fileName_a = date("YmdHis") . "_" . $_FILES['file_a']['name'];
$fileName = date("YmdHis") . "_" . $_FILES['file']['name'];
$valToBind = array(
':F_NM' => $fname,
':EM' => $eml,
':MOB' => $mo_num,
':TY' => $type,
':MS' => $message,
':PILEA'=> #$fileName_a,
':PILE'=> #$fileName
);
$query = $conn1->prepare("
INSERT INTO `testimonials` (`user_name`,`email`,`phone`,`testimonial_type`,`testimonial_message`,`photo_file`,`image_file`) VALUES
(:F_NM,:EM,:MOB,:TY,:MS,:PILEA,:PILE);
");
$query->execute($valToBind);
$rowNumber = $query->rowCount();
$lastInsertId = $conn1->lastInsertId();
if($lastInsertId > 0)
{
{ move_uploaded_file(
$_FILES['file_a']['tmp_name'], "admin/upload/testimonials/". $fileName_a
);}
{ move_uploaded_file(
$_FILES['file']['tmp_name'], "admin/upload/testimonials/". $fileName
);}
echo '<div class="alert alert-success " >
Your Testimonials has been sent to us.
</div>';
}
}
else
{
echo'<div class="alert alert-success " > Invalid File Format </div>';
}
}
?>
<form class="row contact_form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<div class="col-md-12 col-sm-6">
<input type="text" class="form-control" name="f_name" placeholder="Full Name">
</div>
<div class="col-md-12 col-sm-6">
<input type="email" class="form-control" name="email_id" placeholder="Email">
</div>
<div class="col-md-12 col-sm-6">
<input type="text" class="form-control" name="mn" placeholder="Mobile Number">
</div>
<div class="col-md-12 col-sm-6">
<label> Your Photo</label><br>
<input type="file" name="file_a" class="form-control" >
</div>
<div class="col-md-12 col-sm-6">
<label> Testimonial in msword, pdf or Image (if scanned)</label><br>
<input type="file" name="file" class="form-control" >
</div>
<div class="col-md-12 col-sm-6">
<textarea name="message" class="form-control" placeholder="Testimonial Message (if written)"></textarea>
</div>
<div class="col-md-12 col-sm-6">
<input type="submit" name="submit" value="Submit Resume" class="btn btn-primary btn-block" >
</div>
</form>
Thanks
Amit
i am inserting data into mysql using php it's work partialy it's inserting everything but not single quotes(') ex. principle's message. and when i insert it like principle"s message. it's inserting in database but it's only displaying principle in text box after inserting. and my file is save.php is here.
<?php session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_SESSION['user'])) {
if($_GET['catId'] == '' || $_GET['catId'] == null)
header('location:../user/logout.php');
$inc = -1;
if($_POST['title'] == '' || $_POST['title'] == null) {
$inc++;$_SESSION['error'][$inc] = "TITLE IS REQUIRED";
}
$selectImg=mysql_query("SELECT pri_img FROM aboutus_tbl WHERE id=4");
if ($_GET['catId']==4) {
if($_FILES["file"]["name"]) {
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 5242880)
&& in_array($extension, $allowedExts))
$imageNewName = md5(date("l, F d, Y h:i" ,time()) . (microtime())) . "." . $extension;
else {
$inc++;$_SESSION['error'][$inc] = "IVALID IMAGE";
}
}
else {
$inc++;$_SESSION['error'][$inc] = "IMAGE IS REQUIRED";
}
}
function inputValues() {
$_SESSION['values']['title'] = $_POST['title'];
$_SESSION['values']['sub_title1'] = $_POST['sub_title1'];
$_SESSION['values']['desc1'] = $_POST['desc1'];
$_SESSION['values']['sub_title2'] = $_POST['sub_title2'];
$_SESSION['values']['desc2'] = $_POST['desc2'];
$_SESSION['values']['sub_title3'] = $_POST['sub_title3'];
$_SESSION['values']['desc3'] = $_POST['desc3'];
header("location:../../views/aboutus_content/list.php?catId=".$_GET['catId']);
}
if($inc > -1)
inputValues();
else {
require_once('../../includes/connect.php');
if($_GET['catId']==4 && isset($_FILES["file"]["name"])) {
$update="UPDATE aboutus_tbl SET title='".$_POST['title']."',sub_title1='".$_POST['sub_title1']."',desc1='".$_POST['desc1']."',sub_title2='".$_POST['sub_title2']."',desc2='".$_POST['desc2']."',sub_title3='".$_POST['sub_title3']."',desc3='".$_POST['desc3']."',pri_img='".$imageNewName."' WHERE id='".$_GET['catId']."'";
}
else{
$update="UPDATE aboutus_tbl SET title='".$_POST['title']."',sub_title1='".$_POST['sub_title1']."',desc1='".$_POST['desc1']."',sub_title2='".$_POST['sub_title2']."',desc2='".$_POST['desc2']."',sub_title3='".$_POST['sub_title3']."',desc3='".$_POST['desc3']."' WHERE id='".$_GET['catId']."'";
}
if(mysql_query($update)) {
if($_GET['catId']==4 && isset($_FILES["file"]["name"])) {
move_uploaded_file($_FILES["file"]["tmp_name"],"../../public/img/principal/".$imageNewName);
unlink("../../public/img/principal/".mysql_result($selectImg, 0, "pri_img"));
}
$_SESSION['message'] = $_POST['title']." SUCESSFULLY UPDATED";
header('location:../../views/aboutus_content/list.php?catId='.$_GET['catId']);
} else {
$_SESSION['error'] = "ERROR : '".mysql_error()."' CODE : ".mysql_errno();
inputValues();
}
}
} else
header('location:../user/logout.php')
?>
and designing file is here list.php
<?php
ob_start();
include '../../includes/header.php';
if(!isset($_GET['catId']) || $_GET['catId']=='')
header('location:../error');
$contactResult = mysql_query("SELECT * FROM aboutus_tbl WHERE id='".$_GET['catId']."'");
if(mysql_num_rows($contactResult) != 1)
header('location:../error');
else {
?>
<div class="mainbar">
<div class="page-head">
<div class="container">
<div class="row">
<div class="col-md-12 col-sm-12 col-xs-12">
<h2><i class="fa fa-desktop"></i> <?php echo mysql_result($contactResult, 0, "title");?> Content</h2>
</div>
<div class="clearfix"></div>
</div>
</div>
</div>
<div class="container">
<?php
if(isset($_SESSION['error'])) {
echo"<div class='alert alert-danger'>";
for($i=0;$i<sizeof($_SESSION['error']);$i++)
echo "<p><b>".$_SESSION['error'][$i]."</b></p>";
echo"</div>";
unset($_SESSION['error']);
}
if(isset($_SESSION['message'])) {
echo"<div class='alert alert-success'><p><b>".$_SESSION['message']."</b></p></div>";
unset($_SESSION['message']);
}
?>
<div class="hide alert alert-danger" id="errorContainer"></div>
<div class="row">
<div class="col-lg-12">
<form action="../../controllers/aboutus_content/save.php?catId=<?php echo $_GET['catId'];?>" method="post" class="contactForms" role="form" enctype="multipart/form-data">
<div class="col-lg-6">
<div class="form-group">
<label for="title"><span class="text-danger">* </span>Title</label>
<input name="title" id="title" data-validation-allowing="'" class="form-control" placeholder="Enter Title" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['title']; echo mysql_result($contactResult, 0, "title");?>" />
</div>
<div class="form-group">
<label for="sub_title1"><span class="text-danger">* </span>Sub Title 1</label>
<input name="sub_title1" id="sub_title1" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 1" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title1']; else echo mysql_result($contactResult, 0, "sub_title1");?>" />
</div>
<div class="form-group">
<label for="desc1"><span class="text-danger">* </span>Description 1</label>
<textarea name="desc1" id="desc1" data-validation-allowing="'" class="form-control" placeholder="Enter Description 1"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc1']; else echo mysql_result($contactResult, 0, "desc1");?></textarea>
</div>
<div class="form-group">
<label for="sub_title2"><span class="text-danger">* </span>Sub Title 2</label>
<input name="sub_title2" id="sub_title2" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 2" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title2']; else echo mysql_result($contactResult, 0, "sub_title2");?>" />
</div>
<div class="form-group">
<label for="desc2"><span class="text-danger">* </span>Description 2</label>
<textarea name="desc2" id="desc2" data-validation-allowing="'" class="form-control" placeholder="Enter Description 2"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc2']; else echo mysql_result($contactResult, 0, "desc2");?></textarea>
</div>
</div>
<div class="col-lg-6">
<div class="form-group">
<label for="sub_title3"><span class="text-danger">* </span>Sub Title 3</label>
<input name="sub_title3" id="sub_title3" data-validation-allowing="'" class="form-control" placeholder="Enter Sub Title 3" value="<?php if(isset($_SESSION['values'])) echo $_SESSION['values']['sub_title3']; else echo mysql_result($contactResult, 0, "sub_title3");?>" />
</div>
<div class="form-group">
<label for="desc3"><span class="text-danger">* </span>Description 3</label>
<textarea name="desc3" id="desc3" data-validation-allowing="'" class="form-control" placeholder="Enter Description 3"><?php if(isset($_SESSION['values'])) echo $_SESSION['values']['desc3']; else echo mysql_result($contactResult, 0, "desc3");?></textarea>
</div>
<div class="form-group">
<label for="pri_img"><span class="text-danger">* </span>Principle Image(Only For Principal's Message)</label>
<input type="file" name="file" id="file" class="form-control">
</div>
</div>
<div class="form-group text-center">
<input type="submit" class="btn btn-info" value="Save" />
Reset
</div>
</form>
</div>
</div>
</div>
</div>
<?php
}
?>
<script type="text/javascript">
window.onload = function() {
$(document).ready(function() {
$('.aboutus_content').addClass('current');
$('.aboutus_content').addClass('open');
$(".courImgItm<?php echo $_GET['catId']?>").addClass('active');
});
}
</script>
<?php
include '../../includes/footer.php';
if(isset($_SESSION['values']))
unset($_SESSION['values']);
ob_flush();
?>
please help me.
Run your string through this first:
mysql_real_escape_string($string);
It'll fix it for ya
try using this way
in your sql query---
$m1=$_REQUEST['message'];
$msg='".str_replace("\"",""",str_replace("'","''",$m1))."';
hope this will help
I have problem with the Uploading in my Project
This is my Code Of 'User' class
<?php
class User{
public function uploadAvatar() {
$alowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["avatar"]["name"]);
$extention = end($temp);
if(($_FILES["avatar"]["type"] == "image/gif")
|| ($_FILES["avatar"]["type"] == "image/jpeg")
|| ($_FILES["avatar"]["type"] == "image/jpg")
|| ($_FILES["avatar"]["type"] == "image/pjpeg")
|| ($_FILES["avatar"]["type"] == "image/x-png")
|| ($_FILES["avatar"]["type"] == "image/png")
&& ($_FILES["avatar"]["size"] > 50000)
&& in_array($extention, $alowedExts)) {
if($_FILES["avatar"]["error"] > 0) {
redirect('register.php', $_FILES['avatar']['error'],'error');
} else {
if (file_exists("/images/avatars/" . $_FILES["avatar"]["name"])) {
redirect('register.php', 'File Already Exists', 'error');
} else{
move_uploaded_file($_FILES["avatar"]["tmp_name"],
"images/avatars/" . $_FILES["avatar"]["name"]);
return true;
}
}
} else {
redirect('register.php','invalid file type','error');
}
}
}?>
and here is my Register
<?php
//create User Object
$user = new User;
if(isset($_POST['register'])){
//create Data Array
$data = Array();
$data['name'] = $_POST['name'];
$data['email'] = $_POST['email'];
$data['username'] = $_POST['username'];
$data['password'] = md5($_POST['password']);
$data['password2'] = md5($_POST['password2']);
$data['about'] = $_POST['about'];
$data['last_activity'] = date("Y-m-d h:i:s");
if($user->uploadAvatar){
$data['avatar'] = $_FILES['avatar']['name'];
} else {
$data['avatar'] = 'noimage.png';
}
} ?>
This is my Form:
<form role="form" enctype="multipart/form-data" method="post" action="register.php">
<div class="form-group">
<label>Name*</label>
<input type="text" class="form-control" name="name" placeholder="Enter Name"/>
</div>
<div class="form-group">
<label>Email Address*</label>
<input type="email" class="form-control" name="email" placeholder="Enter Your Email Address"/>
</div>
<div class="form-group">
<label>Choose UserName*</label>
<input type="text" class="form-control" name="username" placeholder="Create Username"/>
</div>
<div class="form-group">
<label>Password*</label>
<input type="password" class="form-control" name="password" placeholder="Enter A Password"/>
</div>
<div class="form-group">
<label>Confirm Password*</label>
<input type="password" class="form-control" name="password2" placeholder="Enter Password Again"/>
</div>
<div class="form-group">
<label>Upload Avatar</label>
<input type="file" name="avatar" />
<p class="help-block"></p>
</div>
<div class="form-group">
<label>About Me</label>
<textarea id="about" rows="6" cols="80" class="form-control" name="about" placeholder="Tell Us About Yourself (Optional)"></textarea>
</div>
<input name="register" type="submit" class="btn btn-default" value="Register" />
</form>
But now when I run the registration it hass Error
Notice: Undefined property: User::$uploadAvatar in C:\xampp\htdocs\talkingspace\register.php on line 22
any help for this Error?
You try to access uploadAvatar as if it was a property but it's a method.
So you need to change this line:
if($user->uploadAvatar){
to this:
if($user->uploadAvatar()){
I have a basic image upload which is working nice but now I need to save it in my MySql DB 3 images not only one, How can I save 3 images in the same form with my upload script?
I need to save 3 images because is an article blog in my page and I want to show the 3 images in a slider in the preview, so because that, I need to save 3 images in the same id.
Another think is, How can just save one or two without the upload script show me error because one or two or even the three files upload are empty?
Here I show you my upload script:
<?php
require_once("connection.php");
require_once("settings.php");
$alert = "";
if(isset($_FILES['foto_ser1'])) {
$extension = pathinfo($_FILES['foto_ser1']['name']);
$extension = $extension["extension"];
$allowed_paths = explode(", ", $allowed_ext);
$valid = 0;
for($i = 0; $i < count($allowed_paths); $i++) {
if ($allowed_paths[$i] == "$extension") {
$valid = 1;
}
}
if ($valid == 1 && $_FILES["foto_ser1"]["size"] <= $max_weight) {
if (file_exists("../assets/img/servicios/" . $_FILES["foto_ser1"]["name"])) {
$alert = '<p class="error">' . $_FILES["foto_ser1"]["name"] . ' El nombre del archivo ya existe!' . '</p>';
} else {
move_uploaded_file($_FILES["foto_ser1"]["tmp_name"], "../assets/img/servicios/" . $_FILES["foto_ser1"]["name"]);
$save1 = $_FILES["foto_ser1"]["name"];
$statement = $conn->prepare("INSERT INTO SERVICIOS (titulo, descripcion, categoria, foto_ser1, foto_ser2, foto_ser3) VALUES (?, ?, ?, ?, ?, ?)");
if ($statement->execute(array($_POST['titulo'],$_POST['descripcion'],$_POST['categoria'],$save1,$save2,$save3)));
$dbSuccess = true;
$alert = '<p class="ok">' . ' Servicio agregado satisfactoriamente!' . '</p>';
$dbh = null;
}
} else {
$alert = '<p class="error">' . ' Tipo de archivo inválido!' . '</p>';
}
}
?>
form page.php:
<form class="form-horizontal" id="servicios" name="data" method="post" enctype="multipart/form-data">
<fieldset>
<?php echo $alert1; ?>
<div class="control-group">
<label class="control-label col-md-4"><?php echo $translate->__('Title'); ?> :</label>
<div class="col-md-5">
<input type="text" class="form-control" name="titulo" />
</div>
</div>
<div class="control-group">
<label class="control-label col-md-4"><?php echo $translate->__('Article info'); ?> :</label>
<div class="col-md-5">
<textarea id="maxlength_textarea" class="form-control" maxlength="225" name="descripcion" /></textarea>
</div>
</div>
<div class="control-group">
<label class="control-label col-md-4"><?php echo $translate->__('Article category'); ?> :</label>
<div class="col-md-5">
<input type="text" class="form-control" name="categoria" />
</div>
</div>
<div class="control-group">
<label class="control-label col-md-4"><?php echo $translate->__('File to upload 1'); ?> :</label>
<div class="col-md-3">
<input name="foto_ser1" type="file" />
</div>
</div>
<div class="control-group">
<label class="control-label col-md-4"><?php echo $translate->__('File to upload 2'); ?> :</label>
<div class="col-md-3">
<input name="foto_ser2" type="file" />
</div>
</div>
<div class="control-group">
<label class="control-label col-md-4"><?php echo $translate->__('File to upload 3'); ?> :</label>
<div class="col-md-3">
<input name="foto_ser3" type="file" />
</div>
</div>
<div class="control-group">
<div class="row">
<div class="col-md-12">
<div class="col-sd-offset-9 col-md-12"><br />
<button class="btn btn-info" name="enviar"><i class="fa fa-check"></i> <?php echo $translate->__('Save'); ?></button>
</div>
</div>
</div>
</div>
</fieldset>
</form>
<div id="loading" style="display:none;"><img src="assets/img/ajax_loader.gif" /></div>
EDIT
The new code:
<?php
require_once("includes/connection.php");
require_once("includes/settings.php");
$alert = "";
if(isset($_FILES['foto_ser{$i}'])) {
for($i = 1; $i <= 3; $i++) {
if ($_FILES["foto_ser{$i}"]['error'] === UPLOAD_ERR_OK) {
if ($valid == 1 && $_FILES["foto_ser{$i}"]["size"] <= $max_weight) {
if (file_exists("assets/img/servicios/" . $_FILES["foto_ser{$i}"]["name"])) {
$alert = '<div class="alert alert-block alert-danger fade in">
<button type="button" class="close" data-dismiss="alert"></button>
<h4 class="alert-heading">Error!</h4>
<p>' . $_FILES["foto_ser{$i}"]["name"] . ' El nombre de la foto ya existe!' . '</p></div>';
} else {
move_uploaded_file($_FILES["foto_ser{$i}"]["tmp_name"], "assets/img/servicios/" . $_FILES["foto_ser{$i}"]["name"]);
$save1 = $_FILES["foto_ser{$i}"]["name"];
$save2 = $_FILES["foto_ser{$i}"]["name"];
$save3 = $_FILES["foto_ser{$i}"]["name"];
$activo = is_array($_POST['activo'])
? implode(', ', $_POST['activo'])
: $_POST['activo'];
$statement = $conn->prepare("INSERT INTO SERVICIOS (titulo_ser, stitulo_ser, servicios, precio, foto_ser1, foto_ser2, foto_ser3, categoria, subcategoria, visto, activo) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
if ($statement->execute(array($_POST['titulo_ser'],$_POST['stitulo_ser'],$_POST['servicios'],$_POST['precio'],$save1,$save2,$save3,$_POST['categoria'],$_POST['subcategoria'],$_POST['visto'],$activo)));
$dbSuccess = true;
$alert = '<div class="alert alert-block alert-success fade in">
<button type="button" class="close" data-dismiss="alert"></button>
<h4 class="alert-heading">Success!</h4>' . ' Nuevo servicio agregado satisfactoriamente!' . '</p></div>';
$dbh = null;
}
} else {
$alert = '<div class="alert alert-block alert-danger fade in">
<button type="button" class="close" data-dismiss="alert"></button>
<h4 class="alert-heading">Error!</h4>
<p>' . ' Tipo de imagen inválida!' . '</p></div>';
}
}
}
}
?>
You need to have upload handling. Right now your code is simply ASSUMING that all uploads will always succeed. Indeed, it assumes there will NEVER not be an upload.
In short, you need something like this:
for ($i = 1; $i <= 3; $i++) {
if ($_FILES["foto_ser{$i}"]['error'] === UPLOAD_ERR_OK) {
...file #$i has succeeded...
}
}
Your code is also quite dangerous - you're directly using the user-provided ['name']parameter in your move_uploaded_files call, which allows a malicious user to scribble a file of their choosing ANYWHERE on your server.