I'm using Blue-imp file-upload to upload files everything seems to be working great with one expception. I users data being saved to user directories based on their userId but when I try to delete the data from the database it deletes by $name variable, which is the filename.
That means all users with the a file with the same filename are being deleted from the database. How can I set the delete in my uploadHander.php file to delete by name and userId? Or by the insert id?
class CustomUploadHandler extends UploadHandler {
protected function handle_form_data($file, $index) {
$file->description = $_REQUEST['description'][$index];
$file->userId = $_REQUEST['userId'][$index];
$file->location = $_REQUEST['location'][$index];
$file->customId = $_REQUEST['customId'][$index];
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `userId`, `description`,`location`,`customId`,`url`)'
.' VALUES (?, ?, ?, ?, ?, ?,?,?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sissssss',
$file->name,
$file->size,
$file->type,
$file->userId,
$file->description,
$file->location,
$file->customId,
$file->url
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
protected function set_additional_file_properties($file) {
parent::set_additional_file_properties($file);
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$sql = 'SELECT `type`, `description`,`location`,`userId`,`customId`,`url` FROM `'
.$this->options['db_table'].'` WHERE `name`=? and `id`=?';
$query = $this->db->prepare($sql);
$query->bind_param('ss', $file->name,$file->id);
$query->execute();
$query->bind_result(
$type,
$description,
$location,
$userId,
$customId,
$url
);
while ($query->fetch()) {
$file->type = $type;
$file->description = $description;
$file->location = $location;
$file->userId = $userId;
$file->customId=$customId;
$file->url=$url;
}
}
}
public function delete($print_response = true) {
$response = parent::delete(false);
foreach ($response as $name => $deleted) {
if ($deleted) {
$sql = 'DELETE FROM `'.$this->options['db_table'].'` WHERE `name`=? AND `id`=?';
$query = $this->db->prepare($sql);
$query->bind_param('ss',$name,$id);
$query->execute();
}
}
return $this->generate_response($response, $print_response);
}
}
$upload_handler = new CustomUploadHandler($options);
I found one error in your code
$query->bind_param('ss',$name,$id);
Use
query->bind_param('si',$name,$id);
$id is an integer and you were defining it by string.
Hope this will work for you.
Use this code ==>
public function delete($print_response = true) {
$response = parent::delete(false);
foreach ($response as $name => $deleted) {
if ($deleted) {
$sql = 'DELETE FROM `'.$this->options['db_table'].'` WHERE `name`=? AND `id`=?';
$query = $this->db->prepare($sql);
$query->bind_param('si',$name,$id);
$query->execute();
}
}
return $this->generate_response($response, $print_response);
}
Related
I'm trying to update my database but whenever i do like this
if($query){
echo 'executed';
}
else {
echo 'error';
}
The problem I'm facing is that query is successfully updating database but result in false response here is my code
public static function updateItem($slug, $title, $description, $thumbnail, $preview, $main_file, $screenshot, $category, $amount, $review, $demo_url, $tags, $live, $video, $apc) {
$db = new Database;
$main_category = Login::encrypt_decrypt("decrypt", $apc);
$sub_category = Login::encrypt_decrypt("decrypt", $category);
$q = $db->updateRow("UPDATE items SET name = ?, description = ?, thumbnail = ?, main_file = ?, categories = ?, sub_category = ?, demo_url = ?, slug = ?, price = ?, reviewer_comment = ?, datetime = ?, status = ?, video_file = ?, item_tags_string = ?, preview_file = ?, screenshot_file = ?, live_file = ? WHERE user_id = ? AND temp_files != '' AND temp_file_real != '' AND status = ?", [$title, $description, $thumbnail, $main_file, $main_category, $sub_category, $demo_url, $slug, $amount, $review, Item::nowTime(), 'queue', $video, $tags, $preview, $screenshot, $live, Profile::getid(), 'temp']);
if($q){
echo 'good'; exit;
}
else {
echo 'wrong'; exit;
}
}
This is my database connection code
public function __construct($username = "root", $password = "", $host = "localhost", $dbname = "market", $options = []) {
$this->isConn = TRUE;
try {
$this->datab = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
$this->datab->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$this->datab->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
} catch (PDOException $e) {
throw new Exception($e->getMessage());
}
}
here is update query function
public function updateRow($query, $params = []) {
$this->insertRow($query, $params);
}
public function insertRow($query, $params = []) {
try {
$stmt = $this->datab->prepare($query);
$stmt->execute($params);
return TRUE;
} catch (PDOException $e) {
throw new Exception($e->getMessage());
}
}
can anyone tell me why I'm receiving false statement always
Your updateRow function doesn't return anything so '$q' is empty.
public function updateRow($query, $params = []) {
return $this->insertRow($query, $params);
}
I am using a jquery-file-upload plugin with its own server-side file to run with. like here on github https://github.com/blueimp/jQuery-File-Upload/wiki/PHP-MySQL-database-integration
At first,everything went good,but after I added 2 other value to the database and to the PHP server-end files, it always return an error of 'SyntaxError: Unexpected token <'
here's my modifications of the codes:
protected function handle_form_data($file, $index) {
$untitle = #$_REQUEST['title'][$index];
$potitle = urlencode($untitle);
$file->title = $potitle;
$file->description = #$_REQUEST['description'][$index];
$file->cat =# $_REQUEST['cat'][$index];
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $url, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $url, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `cat`, `url`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$url = get_download_url($name, $version = null);
$file->url = $url;
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->cat,
$file->url,
$file->title,
$file->description
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
I am currently inserting a title and description, via mysql, inside of the blueimp/jquery-file-upload script. I used this tutorial to get me there, however, i need to add another variable. The variable is the session of the current logged in user's ID $_SESSION["userid"], and i want to insert it into a column i added called uid. Usually it's simple to impliment another column into the insert, however this script is very touchy and anytime i mess with it, even the slightest bit, i get "SyntaxError: Unexpected token <". Any help would be greatly appreciated.
/server/php/index.php
$options = array(
'delete_type' => 'POST',
'db_host' => 'localhost',
'db_user' => 'fpform_fanuser',
'db_pass' => '*****',
'db_name' => 'fpform_fandata',
'db_table' => 'files'
);
error_reporting(E_ALL | E_STRICT);
require('UploadHandler.php');
class CustomUploadHandler extends UploadHandler {
protected function initialize() {
$this->db = new mysqli(
$this->options['db_host'],
$this->options['db_user'],
$this->options['db_pass'],
$this->options['db_name']
);
parent::initialize();
$this->db->close();
}
protected function handle_form_data($file, $index) {
$file->title = #$_REQUEST['title'][$index];
$file->description = #$_REQUEST['description'][$index];
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
protected function set_additional_file_properties($file) {
parent::set_additional_file_properties($file);
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$sql = 'SELECT `id`, `type`, `title`, `description` FROM `'
.$this->options['db_table'].'` WHERE `name`=?';
$query = $this->db->prepare($sql);
$query->bind_param('s', $file->name);
$query->execute();
$query->bind_result(
$id,
$type,
$title,
$description
);
while ($query->fetch()) {
$file->id = $id;
$file->type = $type;
$file->title = $title;
$file->description = $description;
}
}
}
public function delete($print_response = true) {
$response = parent::delete(false);
foreach ($response as $name => $deleted) {
if ($deleted) {
$sql = 'DELETE FROM `'
.$this->options['db_table'].'` WHERE `name`=?';
$query = $this->db->prepare($sql);
$query->bind_param('s', $name);
$query->execute();
}
}
return $this->generate_response($response, $print_response);
}
}
$upload_handler = new CustomUploadHandler($options);
Assuming you want to change your INSERT query (there is only one INSERT query in the code that you posted), this is what you need to change:
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`, `uid`)'
.' VALUES (?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$_SESSION['userid']
);
$query->execute();
$file->id = $this->db->insert_id;
}
I think you have to add another entry into the first parameter of bind_param:
$query->bind_param(
**'sisss',**
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$_SESSION['userid']
should be
$query->bind_param(
**'sissss',**
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$_SESSION['userid']
Minus the asterisks, of course, or whatever the correct data type is (see the parameter types section at http://us.php.net/manual/en/mysqli-stmt.bind-param.php).
One oddity, I tried passing a literal string as the last param, and it threw this error:
"PHP Fatal error: Cannot pass parameter 7 by reference in /var/www/html/jqfileuploadertest/server/php/index.php on line 66"
But when I changed 'mystring' to $file->name it worked fine. This will take some wrestling because I want to timestamp these...I have a feeling just adding "NOW()" isn't going to work...
Updated: I wanted to add two fields for each file, the ID of who uploaded it (which I think is what the OP is looking to do) as well as a timestamp. I added those as hidden inputs in the form:
<input name="contributor[]" type="hidden" value="myuserid" />
<input name="uploadedOn[]" type="hidden" value="2014-03-28 10:00:00" />
If your form is a php script you can dynamically generate both.
Then added this to index.php line ~44:
$file->contributor = #$_REQUEST['contributor'][$index];
$file->uploadedOn = #$_REQUEST['uploadedOn'][$index];
And modified this part of index.php where the sql statement is prepared:
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`,`contributor`, `dateUploaded`)'
.' VALUES (?, ?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisssss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$file->contributor,
$file->uploadedOn
);
And it worked.
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null, $uid) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range, $uid
);
$uid=$_SESSION['userid'];
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`,`uid`)'
.' VALUES (?, ?, ?, ?, ?,?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisssi',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$file->uid
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}`
The error you're getting is in the javascript console when you upload the file right? I seems to me that one of the files thats being loaded is 404 not found, and its trying to parse the received 404 page as a script file when really its an html file that starts with <... I had this happen once before. Check under network and view all the resources that are being loaded when it happens. Its likely that the correct 404 headers are not being returned either which is why it would be attempting to parse it.
i am using Blueimp jQuery File Upload script and have this part of code which is working:
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
Now i want to insert just one value which is Memberid. I extended the sql table succesfully with this column "usr_id" and modified the code like this:
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`, `usr_id`)'
.' VALUES (?, ?, ?, ?, ?, ';
$sql = $sql. $_SESSION['Memberid'] .")";
$query = $this->db->prepare($sql);
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
But it does not work. I never saw this way of inserting a sql query.
I hope someone can help.
TIA :)
// EDIT
I also tried this now and it does not work too. What I am doing wrong?
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`, `usr_id`)'
.' VALUES (?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisssi',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
"2"
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
According to the manual for 'bind_param' it must be passed variables. Alas, you passed a constant not a variable. i haven't tried the following code but it should do something sensible.
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`, `usr_id`)'
.' VALUES (?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$usrId = 2; // temporary variable to store the usr_id
$query->bind_param(
'sisssi',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$usrId
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
i'm kinda new in php with javascript/jQuery... I'm developing a system that must handle uploads. Using fileupload.js everything works but... I can't retrieve file info and store at mysql like name,extension,size,url ... When I try something I got an error message:
SyntaxError: Unexpected token <
The code that starts my problems is:
<?php
$options = array(
'delete_type' => 'POST',
'db_host' => 'localhost:3306',
'db_user' => 'root',
'db_pass' => '123456',
'db_name' => 'house',
'db_table' => 'midias'
);
error_reporting(E_ALL | E_STRICT);
require('UploadHandler.php');
class CustomUploadHandler extends UploadHandler {
protected function initialize() {
$this->db = new mysqli(
$this->options['db_host'],
$this->options['db_user'],
$this->options['db_pass'],
$this->options['db_name']
);
parent::initialize();
$this->db->close();
}
protected function handle_form_data($file, $index) {
$file->title = #$_REQUEST['title'][$index];
$file->description = #$_REQUEST['description'][$index];
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
$file->name,
$file->size,
$file->type,
$file->title, // I will try change for $_SESSION[userID]
$file->description // I will try change for dateOfUpload
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
protected function set_additional_file_properties($file) {
parent::set_additional_file_properties($file);
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$sql = 'SELECT `id`, `type`, `title`, `description` FROM `'
.$this->options['db_table'].'` WHERE `name`=?';
$query = $this->db->prepare($sql);
$query->bind_param('s', $file->name);
$query->execute();
$query->bind_result(
$id,
$type,
$title,
$description
);
while ($query->fetch()) {
$file->id = $id;
$file->type = $type;
$file->title = $title;
$file->description = $description;
}
}
}
public function delete($print_response = true) {
$response = parent::delete(false);
foreach ($response as $name => $deleted) {
if ($deleted) {
$sql = 'DELETE FROM `'
.$this->options['db_table'].'` WHERE `name`=?';
$query = $this->db->prepare($sql);
$query->bind_param('s', $name);
$query->execute();
}
}
return $this->generate_response($response, $print_response);
}
}
$upload_handler = new CustomUploadHandler($options);
I just can't figure out whats happening, I hope somebody can give me light
Thank you for attention, and sorry for the huge code ;s
I was experiencing the same problem.
I couln't replace $file->anything with a specific value. I tried 3, '3', "3" ... as int or String. All of those returned the same SyntaxError: Unexpected token
My solution
$myvar = "hvhjvcvv";
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`randomField`, `name`, `size`, `type`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param('ssisss', $myvar, $file->name, $file->size, $file->type, $file->title, $file->description);
$query->execute();
$file->id = $this->db->insert_id;
Hope this help.
Also note that the bad DB connection will return the same error ;)
Try this:
I change description by date_description; make sure you have that field in your database, and it's a datetime type.
session_start();
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `date_description`)'
.' VALUES (?, ?, ?, ?, now())';
$query = $this->db->prepare($sql);
$query->bind_param(
$file->name,
$file->size,
$file->type,
'$_SESSION[userID]'
);