this is really weird and I don't know why it is like this. I have my other files work fine (login, registration, and memberadd) however, on memberaddprocess file, when it try to connect to the database, it says that my database doesn't exist. The other works fine, only the memberadd process. If anyone knows why, please kindly explain.
This is my memberadd.php code
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/chtml-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="Web Programming :: Assignment 2" />
<meta name="Keywords" content="Web, programming" />
<title>Member Login</title>
</head>
<body>
<h1>My Member System</h1>
</body>
</html>
<?php
require_once('sqlconnect.inc.php');
if(isset($_SESSION['membername'] ))
{
echo "".$_SESSION['membername']."<p>Add Member Page</p>";
$conn = #mysqli_connect($host,
$user,
$pswd,
$dbnm);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {
#mysqli_select_db($conn, $dbnm)
or die ("Database not available");
}
$memberHid = $_SESSION['membername'];
$query = "SELECT member_name FROM team";
$result = mysqli_query($conn, $query);
if(!$result) {
echo "<p>Query failed to execute, Error with: ", $query, "</p>";
}
$queryFetch = mysqli_fetch_row($result);
//echo "<p> $queryResult1</p>";
$m=0;
while($queryFetch)
{
$mQueryFetch[$m] = $queryFetch[0];
$queryFetch = mysqli_fetch_row($result);
$m++;
}
$i=0;
$query2 = "SELECT member_id
FROM team
WHERE member_name='$memberHid'";
$result2 = #mysqli_query($conn, $query2);
$queryFetchResult = mysqli_fetch_row($result);
$memId = $queryFetchResult[0];
$query3 = "SELECT COUNT(*)
FROM myteam
WHERE member_id1 = '$memId'"; //query for counting the no of friends
$resultSelect = #mysqli_query($conn,$query3)
or die ("<p>Query failed to execute.</p>". "<p>Error with:" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
$arCount = mysqli_fetch_row($resultSelect);
echo "<p>Number of Current team member is"." ". $arCount[0]." "."</p>";
$querySelect = "SELECT member_id2 FROM myteam WHERE member_id1 = '$memId'";
$resultSelect2 = #mysqli_query($conn, $querySelect);
$memArr = mysqli_fetch_row($resultSelect2);
if($memArr)
{
while($memArr)
{
foreach($memArr as $value)
{
$querySelect3 = "SELECT member_name
FROM team
WHERE member_id = '$value'";
$queryResult = #mysqli_query($conn,$querySelect3);
$fetchArr = mysqli_fetch_row($queryResult);
foreach($fetchArr as $value)
{
$newDat[$a] = $value;
$a++;
}
}
$memArr = mysqli_fetch_row($resultSelect2);
}
$curLog = array_diff($mQueryFetch, $newDat); //for displaying profile names without the currently logged in user and his old friends profile names
$querySelect2 = "SELECT member_name
FROM team;";
$querySelectResult = #mysqli_query($conn,$querySelect2)
or die ("<p>Query Failed to Execute.</p>". "<p>Error with" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
echo "<table width='20%' border='1'>";
echo "<tr><th>Member Name</th>";
echo "<th>Status</th></tr>";
$fetchArray = mysqli_fetch_row($querySelectResult);
foreach($diff as $value)
{
if($value!=$_SESSION['membername'])
{
echo "<tr><td>{$value}</td>";
$memberHid1 = $value;
$memberHid = $_SESSION['membername'];
echo "<td>"?>
<form action ="memberaddprocess.php" method = "post" >
<?php echo'<input type="hidden" name="memberHid1" value="'.htmlspecialchars($memberHid1).'" />';?>
<?php echo'<input type="hidden" name="memberHid" value="'.htmlspecialchars($memberHid).'" />';?>
<p><input type="submit" name="Addmember" value="AddMember" /></p>
</form>
<?php "</td></tr>";
}
$fetchArray = mysqli_fetch_row($querySelectResult);
}
echo"</table>";
}
else
{
$n=0;
$querySelect2 = "SELECT member_name FROM team ; ";
$querySelectResult = #mysqli_query($conn, $querySelect2)
or die ("<p>Query Failed to Execute.</p>". "<p>Error with" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
$fetchArray = mysqli_fetch_row($querySelectResult);
while($fetchArray)
{
if($fetchArray[0] != $_SESSION['membername'])
{
$name[$n] = $fetchArray[0];
$n++;
}
$fetchArray = mysqli_fetch_row($querySelectResult);
}
sort($name);
echo "<table width='20%' border='1'>";
echo "<tr><th>Member Name</th>";
echo "<th>Status</th></tr>";
for($n = 0; $n<sizeof($name); $n++)
{
$memberHid1 = $name[$n];
$memberHid = $_SESSION['membername'];
echo "<tr><td>{$memberHid1}</td>";
echo "<td>"?>
<form action ="memberaddprocess.php" method = "post" >
<?php echo'<input type="hidden" name="memberHid1" value="'.htmlspecialchars($memberHid1).'" />';?>
<?php echo'<input type="hidden" name="memberHid" value="'.htmlspecialchars($memberHid).'" />';?>
<p><input type="submit" name="Addmember"value="AddMember" /></p>
</form>
<?php "</td></tr>";
}
echo "</table>";
}
echo"<p><a href='memberlist.php'>List members</a></p>";
echo"<p><a href='logout.php'>Log out</a></p>";
}
else
{
echo "<p> Unauthorized access.Pls login</p>";
echo"<p><a href='login.php'>Log in</a></p></div>";
}
?>
This is my memberaddprocess.php code
<?php
//////////////////////////////////////
session_start();
require_once('sqlconnect.inc.php');
/////////////////////////////////////
$memberHid1 = $_POST['memberHid1'];
$new_session = $_POST['memberHid'];
$conn = #mysqli_connect($host,
$user,
$pswd,
$dbnm);
if (!$conn) {
echo "<p>Database connection failure</p>";
} else {
#mysqli_select_db($conn, $dbnm)
or die ("Database not available");
}
$query = "SELECT member_id
FROM team
WHERE member_name = '$memberHid1'";
$queryResult = #mysqli_query($conn, $query)
or die ("<p>Unable to execute query.</p>". "<p>Error code:" . mysqli_errno($conn) .":" . mysqli_error($conn));
$fetchArr = mysqli_fetch_row($queryResult);
$memberHid3 = $fetchArr[0];
$memberHid = $_SESSION['membername'] = $new_session;
$query2 = "SELECT member_id
FROM member
WHERE member_name = '$memberHid'";
$queryResult2 = #mysqli_query($conn,$query2)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn));
$fetchArr2 = mysqli_fetch_row($queryResult2);
$memberHid4 = $fetchArr2[0];
$query3 = "INSERT INTO myteam
VALUES($memberHid4, $memberHid3)";
$queryResult3 = #mysqli_query($conn,$query3)
or die ("<p>Unable to execute query.</p>". "<p>Error code" . mysqli_errno($conn) .":" . mysqli_error($conn))."</p>";
echo "<p>$memberHid1"." "." Successfully added</p>";
$queryCount = "SELECT COUNT(*)
FROM team";
$countResult = #mysqli_query($conn,$queryCount);
$fetchCountArr = mysqli_fetch_row($countResult);
for($n=0;$n<$fetchCountArr[0];$n++)
{
$pst = $n+1;
$query4 = "SELECT member_id2
FROM myteam
WHERE friend_id1 = '$pst'";
$countResult2 = #mysqli_query($conn,$query4);
$countArr = mysqli_fetch_row($countResult2);
$a=0;
while($countArr)
{
$a++;
$countArr = mysqli_fetch_row($countResult2); //echo "<p>$a</p>";
}
$query4 = "UPDATE team
SET num_of_members= '$a'
WHERE member_id = '$pst' ";
$countResult2 = #mysqli_query($conn,$query4);
}
$querySelect = "SELECT member_id2
FROM myteam
WHERE member_id1 = '$memberHid4'";
$querySelectResult = #mysqli_query($conn, $querySelect);
$fetchArr = mysqli_fetch_row($querySelectResult);
while($fetchArr)
{
foreach($fetchArr as $value)
{
//echo $value;
$querySelect2 = "SELECT member_name
FROM friends where friend_id='$value'";
$querySelectResult2 = #mysqli_query($conn, $querySelectResult2);
$fetchArr2 = mysqli_fetch_row($querySelectResult2);
foreach($fetchArr2 as $value)
{
//echo $value;
}
}
$fetchArr = mysqli_fetch_row($querySelectResult);
}
header("Location:memberadd.php");
echo('Updated memberlist</p></div>');
//header('Location: friendadd.php');
?>
It's no easy to determine the problem, but i found a topic on mysql forum (MySQL says a table doesn't exist, when it does) that could be related with your problem.
It's important to make sure that there is no other mysql instance on the computer. This could result in your problem too.
Related
I'm implementing a thesis system using PHP and experiencing problems with echo $rowcount from database. Here is my coding:
<?php include "document.php";
echo '<article>';
function displaySearchOption()
{
echo '<br><form action="documentList.php" method="post">
Search:<br>
<table border=1>
<input type=text name = searchKey size=100 >
<td><input type=submit name = searchByName value="Search Title"></td>
<td><input type=submit name = searchByThesisId value="Search ID"></td>
<td><input type=submit name = searchByLecturerName value="Search Advisor"></td>
<td><input type=submit name = searchByStudentName value="Search Student"></td>
<td><input type=submit name = searchByProgram value="Search Program"></td>
<td><input type=submit name = searchByYear value="Search Year"></td>
<td><input type=submit name = displayAll value="Show All"></td>
</table>
</form>';
}
$result = displaySearchOption();
displayAddNewThesisButton();
function displayAddNewThesisButton()
{
echo '<form action="addDocument.php" method="post">
<input type=submit name =addNewThesis value="Add New Thesis">
</form>';
}
//to delete - 1
if (isSet($_POST['deleteThesis']))
{
echo 'To delete staff: '. $_POST['thesisNumber'];
deleteThesisRecord($_POST['thesisNumber']);
}
else if(isSet($_POST['searchByName']))
{
echo 'To search document: '. $_POST['thesisNumber'];
$result = getListOfThesisByDocumentName ($_POST['searchKey']);
}
else if(isSet($_POST['searchByThesisId']))
{
echo 'To search document ID: '. $_POST['thesisNumber'];
$result = getListOfThesisByThesisId($_POST['searchKey']);
}
else if(isSet($_POST['searchByLecturerName']))
{
echo 'To search advisor: '. $_POST['thesisNumber'];
$result = getListOfThesisByLecturerName($_POST['searchKey']);
}
else if(isSet($_POST['searchByStudentName']))
{
echo 'To search student: '. $_POST['thesisNumber'];
$result = getListOfThesisByStudentName($_POST['searchKey']);
}
else if(isSet($_POST['searchByProgram']))
{
echo 'To search Program: '. $_POST['thesisNumber'];
$result = getListOfThesisByProgram($_POST['searchKey']);
}
else if(isSet($_POST['searchByYear']))
{
echo 'To search document year: '. $_POST['thesisNumber'];
$result = getListOfThesisByDocumentYear($_POST['searchKey']);
}
else
$result = getListOfThesis(); //call function in document.php
$rowcount = mysqli_num_rows($result);
echo '</br>' .$rowcount. ' records found';
if($rowcount != 0) //document record found
//Display Table Header
echo "<table border='1'>
<tr>
<th width='10%'>No</th>
<th width='75%'>Thesis</th>
<th width='30%'>Update/Delete</th>
</tr>";
$count=1;
while($row=mysqli_fetch_assoc($result)) //Display thesis information
{
$thesisNumber = $row['Thesis_no'];
echo "<tr>";
echo "<td><center>".$count."</center></td>";
echo "<td> ID: " . $row['Thesis_no'].
"</br></br><strong> Name: </strong>" . strtoupper($row['Student_name']).
"</br></br><strong> Title: </strong>" . strtoupper($row['Thesis_name']).
"</br></br><strong> Lecturer Name: </strong>" . strtoupper($row['Lecturer_name']).
"</br></br><strong> Program: </strong>" . strtoupper($row['Program']).
"</br></br><strong> Date: </strong>" . $row['Date'].
"</br></br><strong> File Path: </strong>" . $row['filePath'].
"</br></br><strong> Abstract: </strong>" . $row['Abstract'].
"</td>";
echo "</br>";
//add button Update
echo "<td><form action='updateDocumentForm.php' method='post' align='center'>
<input type='hidden' name='thesisNumber' value='$thesisNumber' />
<input type='submit' name='updateThesis' alt='Update' value='Update' />
</form>";
//add button Delete
echo "</br><form action='documentList.php' method='post' align='center'>
<input type='hidden' name='thesisNumber' value='$thesisNumber' />
<input type='submit' name='deleteThesis' alt='Delete' value='Delete' />
</form>";
echo "</td>";
echo "</tr>";
$count++;
}
mysqli_free_result($result); //free the result
mysqli_close($con); //close the connection
echo '</article>';
?>
The problem is when I try to echo $rowcount. I still can't figure out what is the cause of the problem. Anyone can help me?
Here is the coding where I echo $rowcount:
else if(isSet($_POST['searchByYear']))
{
echo 'To search document year: '. $_POST['thesisNumber'];
$result = getListOfThesisByDocumentYear($_POST['searchKey']);
}
else
$result = getListOfThesis(); //call function in document.php
$rowcount = mysqli_num_rows($result);
echo '</br>' .$rowcount. ' records found';
and here is the function:
<?php
function getListOfThesis()
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " .
mysqli_connect_error();
}
$sqlStr = "SELECT * FROM document order by Date";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function deleteThesisRecord($Thesis_no)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="delete from document WHERE Thesis_no = '".$Thesis_no . "'";
$qry = mysqli_query($con,$sql);
if(!$qry)
{
echo 'error deleting record<br>';
echo mysqli_error($con);
}
else
{
$count=mysqli_affected_rows($con);
echo '<br>'.$count .' record/s deleted';
}
mysqli_close($con);
}
function getListOfThesisByThesisId($Thesis_no)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$sqlStr = "SELECT * FROM document ";
$sqlStr = $sqlStr . " where Thesis_no = '".$Thesis_no."'";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function getListOfThesisByDocumentYear($Date)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$sqlStr = "SELECT * FROM document ";
$sqlStr = $sqlStr . " where Date = '".$Date."'";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function getListOfThesisByDocumentName($Thesis_name)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$sqlStr = "SELECT * FROM document ";
$sqlStr = $sqlStr . " where Thesis_name like '%".$Thesis_name."%'";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function getListOfThesisByLecturerName($Lecturer_name)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$sqlStr = "SELECT * FROM document ";
$sqlStr = $sqlStr . " where Lecturer_name like '%".$Lecturer_name."%'";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function getListOfThesisByStudentName($Student_name)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$sqlStr = "SELECT * FROM document ";
$sqlStr = $sqlStr . " where Student_name like '%".$Student_name."%'";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function getListOfThesisByProgram($Program)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$sqlStr = "SELECT * FROM document ";
$sqlStr = $sqlStr . " where Program like '%".$Program."%'";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function updateThesisRecord($Thesis_no, $Thesis_name, $Lecturer_name, $Student_name, $Program, $Abstract, $Date)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$sqlStr = "update document ";
$sqlStr = $sqlStr . " set Student_name = '".$Student_name."'";
$sqlStr = $sqlStr . ", Lecturer_name ='".$Lecturer_name ."',Thesis_name ='".$Thesis_name."'";
$sqlStr = $sqlStr . ", Program ='".$Program ."'";
$sqlStr = $sqlStr . ", Abstract ='".$Abstract ."',Date ='".$Date."'";
$sqlStr = $sqlStr . " where Thesis_no = '".$Thesis_no."'";
$qry = mysqli_query($con,$sqlStr);
return $qry;
}
function getThesisInformation($Thesis_no)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sqlStr = "SELECT * FROM document ";
$sqlStr = $sqlStr . " where Thesis_no ='".$Thesis_no."'";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function getThesisInformationResult($Thesis_no)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sqlStr = "SELECT * FROM document WHERE Thesis_no = '".$Thesis_no."'";
$qry = mysqli_query($con,$sqlStr );
return $qry;
}
function addNewThesisRecord($Thesis_no, $Thesis_name, $Lecturer_name, $Student_name, $Program, $Abstract, $Date, $filePath)
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO document(Thesis_no, Thesis_name, Lecturer_name, Student_name, Program, Abstract, Date, filePath)
VALUES ('$Thesis_no', '$Thesis_name', '$Lecturer_name', '$Student_name', '$Program', '$Abstract', '$Date', '$filePath')";
$qry = mysqli_query($con,$sql);
if(!$qry)
return false; // error new staff record was not added
else
return true;
}
function generateNewThesisId()
{
$con = mysqli_connect('localhost','web2','web2','ethesisdb');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql= 'SELECT * FROM document';
$qryResult=mysqli_query($con,$sql);
$noOfRecord = mysqli_affected_rows($con)+1;
$newThesisId = '10'.$noOfRecord;
return $newThesisId;
}
?>
I have a SQL update below and there's no error but it doesn't reflect any changes I have made to the database. I also paste here the 2 previous php which will lead to the update php. SQL query for UPDATE shows no error too.
Please let me know if i miss out anything.
Appreciate it very much.
table 1: nmc_cd
table 2: nmc_category
table 3: nmc_publisher
This is the php to display the list of CDs and the key here is the CDID which once selected will be sent to the next php.
include 'database_conn.php'; //make db connection
$sql = "SELECT nmc_cd.CDID, nmc_cd.CDTitle, nmc_cd.CDYear, nmc_cd.CDPrice, nmc_category.catDesc, nmc_cd.catID
FROM nmc_cd
LEFT JOIN nmc_category ON nmc_cd.catID=nmc_category.catID";
$queryresult = mysqli_query($conn, $sql)
or die (mysqli_error($conn));
echo'<table cellpadding="0" cellspacing="0" class="db-table" table align="center">';
echo"<tr><th>Music Title</th><th>Year</th><th>Price</th><th>Category</th></tr>";
while($row = mysqli_fetch_assoc($queryresult)) {
$iCDID = $row['CDID'];
$CDTitle = $row['CDTitle'];
$CDYear = $row['CDYear'];
$CDPrice = $row['CDPrice'];
$CDCat = $row['catDesc'];
$CDCatID = $row['catID'];
echo "<tr><td>";
echo "$CDTitle";
echo "</td><td>";
echo "<div align='center'>$CDYear</div>\n";
echo "</td><td>";
echo "<div align='center'>$CDPrice </div>\n";
echo "</td><td>";
echo "<div align='center'>$CDCat</div>\n";
echo "</TD></tr>";
}
echo "</table>";
mysqli_free_result($queryresult);
mysqli_close($conn);
?>
In this php it display the selected CD and editing is permitted
<?php
header('Content-type: text/html; charset=iso-8859-1'); //set the charset parameter
include 'database_conn.php'; //make db connection
$code = $_GET['itemCode']; //collect form data from user input
$sql = "SELECT nmc_cd.CDID, nmc_cd.CDTitle, nmc_cd.CDYear, nmc_cd.CDPrice, nmc_cd.catID, nmc_cd.pubID, nmc_category.catDesc, nmc_publisher.pubID, nmc_publisher.pubName
FROM nmc_cd
JOIN nmc_category on (nmc_cd.catID = nmc_category.catID)
JOIN nmc_publisher on (nmc_cd.pubID = nmc_publisher.pubID)
WHERE nmc_cd.CDID = '$code'"; //link user input with primary key
$queryresult = mysqli_query($conn, $sql)
or die (mysqli_error($conn));
$row = mysqli_fetch_assoc($queryresult); //function fetches result row
$iCDID = $row['CDID'];
$CDTitle = $row['CDTitle'];
$CDYear = $row['CDYear'];
$CDPrice = $row['CDPrice'];
$CDCat = $row['catDesc'];
$CDPub = $row['pubName'];
$CDpubID = $row['pubID'];
<form method="get" action="UpdateCD.php">
<div align="center">
<div>Title <input type = "text" name = "CDTitle" value = "<?php echo $CDTitle; ?>" /></div></br>
<div>Year <input type = "text" name = "CDYear" value = "<?php echo $CDYear; ?>" /></div></br>
<div>Price <input type = "text" name = "CDPrice" value = "<?php echo $CDPrice; ?>" /></div></br>
Category
<select name="CDCat">
<option value= " ">
<?php
include 'database_conn.php'; //make db connection
if (! ( is_object($conn ) && ( get_class( $conn ) == 'mysqli' ))) {
die("DB connection failure.");
}
$rsCDCat = mysqli_query($conn, "SELECT nmc_category.catDesc FROM nmc_category");
if ( !$rsCDCat ) {
die("No result from DB query."); //probably invalid SQL, table error
}
if ( $rsCDCat->num_rows < 1 ) {
die("No rows returned from DB query."); //query runs but nothing is found in DB to match
}
while($Catcatresult = mysqli_fetch_array($rsCDCat)){
$optioncat = "<option value='{$Catcatresult[0]}'";
if($Catcatresult[0] == $CDCat){
$optioncat .= " selected='selected'";
}
$optioncat .= ">{$Catcatresult[0]}</option>";
echo $optioncat;
}
?>
</select></br></br>
Publisher
<select name="CDPub">
<option value= " ">
<?php
include 'database_conn.php'; //make db connection
if (! ( is_object($conn ) && ( get_class( $conn ) == 'mysqli' ))) {
die("DB connection failure.");
}
$rsCDpub = mysqli_query($conn, "SELECT nmc_publisher.pubName FROM nmc_publisher");
if ( !$rsCDpub ) {
die("No result from DB query."); //probably invalid SQL, table error
}
if ( $rsCDpub->num_rows < 1 ) {
die("No rows returned from DB query."); //query runs but nothing is found in DB to match
}
while($Catpubresult = mysqli_fetch_array($rsCDpub)){
$option = "<option value='{$Catpubresult[0]}'";
if($Catpubresult[0] == $CDPub){
$option .= " selected='selected'";
}
$option .= ">{$Catpubresult[0]}</option>";
echo $option;
}
?></select></br></br>
<div><input type="submit" value="Update"></div>
</form>
In this update php, it gets the values from the previous php and update the table.
<?php
header('Content-type: text/html; charset=iso-8859-1');
include 'database_conn.php'; // make db connection
$pCDTitle = filter_has_var(INPUT_GET, 'CDTitle') ? $_GET['CDTitle']: null; // store all parameter in variable
$pCDPubName = filter_has_var(INPUT_GET, 'CDPub') ? $_GET['CDPub']: null;
$pCDYear = filter_has_var(INPUT_GET, 'CDYear') ? $_GET['CDYear']: null;
$pCDCategory = filter_has_var(INPUT_GET, 'CDCat') ? $_GET['CDCat']: null;
$pCDPrice = filter_has_var(INPUT_GET, 'CDPrice') ? $_GET['CDPrice']: null;
$pCDID = filter_has_var(INPUT_GET, 'CDID') ? $_GET['CDID']: null;
$pCDPubID = filter_has_var(INPUT_GET, 'pubID') ? $_GET['pubID']: null;
$sql = "UPDATE nmc_cd "
. "SET nmc_cd.CDTitle='$pCDTitle',nmc_cd.CDYear='$pCDYear',nmc_cd.CDPrice='$pCDPrice',nmc_cd.catID='$pCDCategory',nmc_cd.pubID='$pCDPubName'"
. "WHERE nmc_cd.CDID='$pCDID'";
if ($conn->query($sql) === TRUE) {
echo "<b><font face='verdana' font sise='3' color='red'>Record updated successfully</font></b>";
$sql = "SELECT * FROM nmc_cd "
. "JOIN nmc_category ON (nmc_cd.catID = nmc_category.catID)"
. "JOIN nmc_publisher ON (nmc_cd.pubID = nmc_publisher.pubID)"
. "WHERE nmc_cd.CDID = '$pCDID'"; //Query Database
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$CDID = $row['CDID'];
$CDTitle = $row['CDTitle'];
$CDYear = $row['CDYear'];
$CDPrice = $row['CDPrice'];
$catDesc = $row['CDCat'];
$pubName = $row['CDPub'];
$location = $row['location'];
echo "<table>";
echo "<tr><th>Title</th><th>Year</th><th>Price</th><th>Catergory</th><th>Publisher</th><th>Location</th></tr>";
echo "<tr><td>".$row["CDTitle"]."</td><td> ".$row["CDYear"]."</td><td> ".$row["CDPrice"]."</td><td> ".$row["CatCD"]."</td><td> ".$row["CatPub"]."</td><td> ".$row["location"]."</td></tr>"; //Display Data Table Data
echo "</table";
mysqli_close($conn);
} else {
echo "<b><font face='verdana' color='red'>Error updating record!!!</font></b>" . $conn->error;
}
?>
$sql = "UPDATE nmc_cd "
. "SET nmc_cd.CDTitle='$pCDTitle',nmc_cd.CDYear='$pCDYear',nmc_cd.CDPrice='$pCDPrice',nmc_cd.catID='$pCDCategory',nmc_cd.pubID='$pCDPubName'"
. "WHERE nmc_cd.CDID='$pCDID'";
Should be:
$sql = "UPDATE nmc_cd "
. "SET nmc_cd.CDTitle='$pCDTitle',nmc_cd.CDYear='$pCDYear',nmc_cd.CDPrice='$pCDPrice',nmc_cd.catID='$pCDCategory',nmc_cd.pubID='$pCDPubName' "
. "WHERE nmc_cd.CDID='$pCDID'";
i.e. You are missing a SPACE character before the WHERE Clause.
(Note the end of 2nd line)
Look in the MySql logs. Make sure bad queries are logged to the file and you should see the syntax error. The other thing you can do is dump out the $sql string and run that in MySQL. See if it runs successfully or not.
The page only show message when I click submit button, but now I want the message show inside the form after click submit button.How can I add some code or change the code following to make the message can run inside the form?
Here is my php code:
<?php
function topic_go($id){
echo "<meta http-equiv=\"refresh\" content=\"0;url=main_forum.php?act=topic&id=".$id."\">";
}
$id = $_GET['id'];
if(!$_SESSION['sign_in']){
$sql4= "SELECT * FROM categories WHERE level <".$_SESSION['userlevel']."+1";
$res4= mysql_query($sql4) or die (mysql_error());
$row4 = mysql_fetch_assoc($res4);
$sql5= "SELECT * FROM sub_categories WHERE sub_id ='".$id."'";
$res5 = mysql_query($sql5) or die (mysql_error());
$row5 = mysql_fetch_assoc($res5);
echo "<script type=\"text/javascript\">";
echo "alert('Please Login To Create Topic!');";
echo "window.location='main_forum.php?act=forum&id=".$row5['sub_id']."'";
echo "</script>";
}else{
if($id){
$sql="SELECT * FROM sub_categories WHERE sub_id = '".$id."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
echo "The forum you are trying to create a topic on, does not exist!\n";
}else{
$row1 = mysql_fetch_assoc($res);
if ($row1['level'] == 1 && $admin_user_level == 0){
echo "You are not an administrator, you cannot post on this forum";
}else {
if (!$_POST['submit']) {
echo "<table bgcolor=\"#CFFAE4\" cellspacing=\"10\" align=\"center\">\n";
echo "<form method=\"post\" action=\"./main_forum.php?act=create&id=".$id."\">\n";
echo "<tr><td>Forum Sub Category</td><td><select name=\"cat\" style=\"font-size:16px;\">\n";
$sql2= "SELECT * FROM categories WHERE level <".$admin_user_level."+1";
$res2= mysql_query($sql2) or die (mysql_error());
while($row = mysql_fetch_assoc($res2)){
$sql3= "SELECT * FROM sub_categories WHERE sub_cid = '".$row['cat_id']."'";
$res3 = mysql_query($sql3) or die (mysql_error());
echo "<option value=\"0\">".$row['cat_name']."</option>\n";
while($row2 = mysql_fetch_assoc($res3)){
$selected = ($row2['sub_id'] == $id) ? " SELECTED" : "";
echo "<option value=\"".$row2['sub_id']."\"".$selected."> ".$row2['sub_name']."</option>\n";
}
}
echo "</select></td></tr>\n";
echo "<tr><td valign=\"top\">Topic Title</td><td><textarea name=\"title\" style=\"width:400px;height:50px;font-size:16px\"></textarea></td></tr>\n";
echo "<tr><td valign=\"top\">Message</td><td><textarea name=\"message\" style=\"width:500px;height:300px;font-size:20px;\"></textarea></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"button\" onClick=\"history.go(-1);\" value=\"Back\" class=\"btnz btnz_color\"> <input type=\"submit\" name=\"submit\" value=\"Create Topic\" class=\"btnz btnz_color\"></td></tr>\n";
echo "</form></table>\n";
}else{
$cat = $_POST['cat'];
$title = $_POST['title'];
$msg = $_POST['message'];
if($cat && $title && $msg){
$sql = "SELECT level FROM sub_categories WHERE sub_id ='".$cat."'";
$res = mysql_query($sql) or die (mysql_error());
if(mysql_num_rows($res)==0){
echo "This forum sub category does not exist!\n";
} else{
$row = mysql_fetch_assoc($res);
if ($row['level'] == 1 && $admin_user_level !=1){
echo "You are not an admin therefore you cannot post a new topic!";
}else{
if (strlen($title) < 3 || strlen($title) > 1000){
echo "The title must between 3 and 1000 characters!\n";
}else{
if(strlen($msg) < 3 || strlen($msg) > 10000){
echo "The message must between 3 and 10,000 characters!\n";
}else{
$date = date("m-d-y") . " at " . date("h:i:s");
$time = time();
$sql2 = "INSERT INTO topics (topic_cid, topic_title, topic_uid, topic_date, topic_time, topic_message)
VALUES('".$cat."','".$title."','".$_SESSION['userid']."','".$date."','".$time."','".$msg."')";
$res2 = mysql_query($sql2) or die (mysql_error());
$tid = mysql_insert_id();
topic_go($tid);
}
}
}
}
}else{
echo "Please supply all fields!\n";
} }} }
}
}?>
Thank You For Helping!
I trying to do all my querys with prepared statements but is new for me and I have some troubles. This is first query and doesn't echo result from table. This is what I've done so far. May be is realy newbie question but is something completely new for me.
if(isset($_GET['joke_id'])){
$joke_id = $_GET['joke_id'];
$qry = $con->prepare("SELECT * FROM joke WHERE joke_cat = ?");
$qry->bind_param('i', $joke_id);
$qry->execute();
$result = $qry->get_result();
$result->fetch_array();
$result = mysqli_query($con, $qry) or die("Query failed: " . mysqli_errno($con));*/
$line = mysqli_fetch_array($result, MYSQL_BOTH);
if (!$line) echo '';
$previd = -1;
$currid = $line[0];
if (isset($_GET['id'])) {
$previous_ids = array();
do {
$previous_ids[] = $line[0];
$currid = $line[0];
if ($currid == $_GET['id']) break;
$previd = end($previous_ids);
$line = mysqli_fetch_array($result, MYSQL_BOTH);
} while ($line);
}
if ($line) {
echo "<div id=\"box\">";
echo nl2br($line['text']) . "<br /><br />";
echo "<div id=\"share\"><span class='st_facebook' displayText='Facebook'></span>
<span class='st_twitter' displayText='Tweet'></span>
<span class='st_googleplus' displayText='Google +'></span></div>";
echo '<br /><br /><br />';
echo "</div>";
}
else echo '<p>Empty category</p><br/>';
This is what I use right now before to try PDO and it's work with no problems.
qry = "SELECT * FROM joke WHERE joke_cat = '$joke_id'";
$result = mysqli_query($con, $qry) or die("Query failed: " . mysqli_errno($con));
$_GET['joke_id'] and $_GET['joke_cat'] is set ?
or try
$qry = $con->prepare("SELECT * FROM joke WHERE joke_cat =:joke_cat");
$qry->bindParam(':joke_cat', $_GET['joke_cat'], PDO::PARAM_STR);
$qry->execute();
$result = $qry->fetchAll();
I have a simple upload script that has some validation on the form. The idea behind the upload form is to upload 2 images, one a thumbnail and one a larger image. Both need to be the correct dimensions and require an image to be selected in order for the form to validate and successfully upload the images.
However, I have been tasked to remove the first upload part, the thumbnail. We now only need the larger image. Though I'm unsure how to remove the validation part of the process. I have tried to remove the input field from the HTML, but obviously the upload script sees this as not upload the first image and throws an error.
Anyway the files:
Upload.php
<?php
// Edit upload location here
$thumb_destination_path = "../storyslide_thumbs/";
$large_destination_path = "../storyslide_large/";
$type = $_POST['type'];
if (isset($_POST['ID'])) {
$ID = $_POST['ID'];
}
$caption = mysql_real_escape_string($_POST['caption']);
$caption2 = mysql_real_escape_string($_POST['caption2']);
if ($type == "article" || $type == "editarticle") {
$sql="select a.title, a.category, c.title as cattitle, s.section as stitle, c.type from article a, category c, section s WHERE c.catID=a.category AND c.sectionid=s.sectionid AND a.articleID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$stitle = html_entity_decode($stitle);
$stitle = punct_remove($stitle);
$linktitle = html_entity_decode($title);
$linktitle = punct_remove($linktitle);
$cattitle = html_entity_decode($cattitle);
$cattitle = punct_remove($cattitle);
if ($category=='43') {
$link = "/fans/obituaries/$ID-$linktitle..html";
} else {
if ($type=="Blog") {
$ID = "b$ID";
$cattitle = $cattitle . "-" . $category;
} else {
$cattitle = $category . "-" . $cattitle;
}
$link = "/$stitle/$cattitle/$ID-$linktitle.html";
}
} elseif ($type == "player") {
$sql = "SELECT name FROM player WHERE playerID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$name = html_entity_decode($name);
$name = punct_remove($name);
$link = "/players/squad/$ID-$name.html";
} elseif ($type == "match") {
$sql="select r.versus, r.venue, s.year FROM regmatch r, season s WHERE r.matchID='$ID' AND r.season=s.seasonID";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($venue=='Home') {
$teams = "Stanlow V $versus";
$teams2 = "Stanlow_vs_" . str_replace(" ", "_", strtolower($versus));
}
else {
$teams = "$versus V Stanlow";
$teams2 = str_replace(" ", "_", strtolower($versus)) . "_vs_Stanlow";
}
$year = str_replace("/", "-", $year);
$sql="select count(*) as num3 FROM loungeimages WHERE matchID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($_POST['p']=="ao") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/awayteam.html";
} elseif ($_POST['p']=="bb") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/bookiekiller.html";
} elseif ($_POST['p']=="tn") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/teamnews.html";
} elseif ($_POST['p']=="s") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/scores.html";
} elseif ($_POST['p']=="l") {
if ($num3>0) {
$sql="select MIN(imgID) as minumumimage FROM loungeimages WHERE matchID='$ID' GROUP BY matchID";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/lounge/$minumumimage.html";
}
else {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/lounge.html";
}
} elseif ($_POST['p']=="fv") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/fansviews.html";
} elseif ($_POST['p']=="fr") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/fansmatchreport.html";
} elseif ($_POST['p']=="ob") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/offtheball.html";
} elseif ($_POST['p']=="mq") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/matchquotes.html";
} elseif ($_POST['p']=="mr") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/matchreport.html";
}
}
elseif ($type == "match2") {
$sql="select r.versus, r.venue FROM regmatch2 r WHERE r.matchID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($venue=='Home') {
$teams = "Stanlow V $versus";
$teams2 = "Stanlow_vs_" . str_replace(" ", "_", strtolower($versus));
}
else {
$teams = "$versus V Stanlow";
$teams2 = str_replace(" ", "_", strtolower($versus)) . "_vs_Stanlow";
}
if ($_POST['p']=="ao") {
$link = "/match/perfectseason/$ID-$teams2/aboutoppo.html";
}
elseif ($_POST['p']=="bb") {
$link = "/match/perfectseason/$ID-$teams2/de_ja_lards_best_bet.html";
}
elseif ($_POST['p']=="tn") {
$link = "/match/perfectseason/$ID-$teams2/teamnews.html";
}
elseif ($_POST['p']=="mr") {
$link = "/match/perfectseason/$ID-$teams2/matchreport.html";
}
elseif ($_POST['p']=="rank") {
$link = "/match/perfectseason/$ID-$teams2/andys_old_rankin.html";
}
}
elseif ($type == "event") {
$link = "/fans/diary.html";
} elseif ($type == "picsubcat") {
$sql = "SELECT s.title as stitle, c.catID, c.title as ctitle, MIN(p.imgID) as imgID, se.section FROM picturesubcategory s, category c, picturetable p, section se WHERE c.sectionid=se.sectionid AND s.piccatID='$ID' AND s.catID=c.catID AND p.piccatID=s.piccatID";
$result = mysql_query($sql) or die ("<script language='javascript'>alert('" . $sql . "');</script>");
$row = mysql_fetch_array($result);
extract($row);
$ctitle = html_entity_decode($ctitle);
$ctitle = punct_remove($ctitle);
$stitle = html_entity_decode($stitle);
$stitle = punct_remove($stitle);
$section = strtolower($section);
$link = "/$section/$catID-$ctitle/$stitle/$imgID.html";
} elseif ($type == "paypal") {
$sql = "SELECT name FROM paypalitems WHERE itemID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$name = str_replace(" ", "_", $name);
$name = urlencode($name);
$link = "/products/" . $ID . "-" . $name . ".html";
} elseif ($type == "lookalike") {
$link = "/funnies/lookalikes/1.html";
} elseif ($type == "wallpaper") {
$link = "/gear/wallpapers/1.html";
}
$result = 0;
$time = time();
while(file_exists($time.'-'.$_FILES['myfile']['name']))
{
$time++;
}
while (file_exists($time.'-'.$_FILES['myfile2']['name']))
{
$time++;
}
$thumb_target_path = $thumb_destination_path . $time.'-'.$_FILES['myfile']['name'];
$large_target_path = $large_destination_path . $time.'-'.$_FILES['myfile2']['name'];
$filename = $time.'-'.$_FILES['myfile']['name'];
$filename2 = $time.'-'.$_FILES['myfile2']['name'];
if ((!isset($_FILES['myfile']['tmp_name']) || $_FILES['myfile']['tmp_name'] == "") || (!isset($_FILES['myfile2']['tmp_name']) || $_FILES['myfile2']['tmp_name'] == "")) {
$result = 3;
} else {
if (is_uploaded_file($_FILES['myfile']['tmp_name']) && is_uploaded_file($_FILES['myfile2']['tmp_name'])) {
if (getimagesize($_FILES['myfile']['tmp_name']) && getimagesize($_FILES['myfile2']['tmp_name'])) {
if ((move_uploaded_file($_FILES['myfile']['tmp_name'], $thumb_target_path)) && (move_uploaded_file($_FILES['myfile2']['tmp_name'], $large_target_path))) {
$result = 1;
$image_dim = getimagesize($thumb_target_path);
$image_dim2 = getimagesize($large_target_path);
if (($image_dim[0] != 75 || $image_dim[1] != 100) || ($image_dim2[0] != 230 || $image_dim2[1] != 199)) {
$result = 4;
unlink($thumb_target_path);
unlink($large_target_path);
} else {
if (isset($_POST['f'])) {
$publishingdate = $_POST['date'];
$sql2 = "INSERT INTO storyslide_future (thumb, large, thumbcaption, largecaption, link, publishingdate) VALUES ('$filename', '$filename2', '$caption', '$caption2', '$link', '$publishingdate')";
$res2 = mysql_query($sql2) or die ('<script language="javascript" type="text/javascript">alert("Error! bad insert statement");</script>');
} else {
$sql = "DELETE FROM storyslide WHERE thumbID='16'";
$res = mysql_query($sql) or die ("Error! bad delete statement");
$sql1 = "UPDATE storyslide SET thumbID=thumbID+1";
$res1 = mysql_query($sql1) or die ('<script language="javascript" type="text/javascript">alert("Error! bad update statement");</script>');
$sql2 = "INSERT INTO storyslide (thumbID, thumb, large, thumbcaption, largecaption, link) VALUES ('1', '$filename', '$filename2', '$caption', '$caption2', '$link')";
$res2 = mysql_query($sql2) or die ('<script language="javascript" type="text/javascript">alert("Error! bad insert statement");</script>');
}
}
}
} else {
$result = 2;
}
} else {
$result = 5;
}
}
sleep(1);
?>
<script language="javascript" type="text/javascript">window.top.window.stopUpload(<?php echo $result; ?>);</script>
<?php } ?>
And now the form:
<script src='upload_handler.js' language="javascript" type="text/javascript"></script>
</head>
<body>
<div id='wrapper'> <!-- start wrapper -->
<?php include("top.php"); ?>
<div id='pagetitle'> <!-- start pagetitle -->
<div id='pageimage'><img src='adminimages/note.jpg'/></div>
<div id='title'>Add to Thumbnails</div>
</div> <!-- end pagetitle -->
<div id='admincontrols'> <!-- start admincontrols -->
<center>
<div id='container' style='margin:0 0 0 240px;'>
<div id="content">
<form action='upload.php' method='post' enctype='multipart/form-data' target='upload_target' onSubmit='startUpload();'>
<input type='hidden' name='type' value='<?php echo $type; ?>' />
<?php
if (isset($_GET['ID'])) {
?>
<input type='hidden' name='ID' value='<?php echo $ID; ?>' />
<?php
}
?>
<?php
if (isset($_GET['p'])) {
?>
<input type='hidden' name='p' value='<?php echo $_GET['p']; ?>' />
<?php
}
?>
<?php
if (isset($_GET['f'])) {
?>
<input type='hidden' name='f' value='<?php echo $_GET['f']; ?>' />
<input type='hidden' name='date' value='<?php echo $_GET['date']; ?>' />
<?php
}
?>
<p id="f1_upload_process">Loading...<br/><img src="images/loader.gif" width="200" height="20" /><br/></p>
<div id='f1_upload_form'>
<div id='thumbnail_title' style='font-family:georgia;'>Thumbnail (This Image must be 75px in width and 100px in height):</div>
<div class='input_container'>
<div class='label_image'>File:</div>
<div class='input_image'><input name='myfile' type='file' size='70' class='inputbox'/></div>
</div>
<div class='input_container'>
<div class='label_image'>Caption:</div>
<div class='input_image'><input name='caption' type='text' maxlength='30' class='inputbox'/></div>
</div>
<div id='largerimage_title' style='font-family:georgia;'>Main Image (Only one image required. Minimum dimensions: 230px in width and 199px):</div>
<div class='input_container'>
<div class='label_image'>File:</div>
<div class='input_image'><input name='myfile2' type='file' size='70' class='inputbox'/></div>
</div>
<div class='input_container'>
<div class='label_image'>Caption:</div>
<div class='input_image'><input name='caption2' type='text' maxlength='200' class='inputbox'/></div>
</div>
<label><input type='submit' name='submitBtn' class='sbtn' value='Upload' /></label>
</div>
<iframe id='upload_target' name='upload_target' src='#' style='width:0;height:0;border:0px solid #fff;'></iframe>
</form>
</div>
</div>
</center>
</div>
<div id='controlbuttons'>
<a href='storyslide_write.php?type=<?php echo $type; if (isset($_GET['ID'])) { echo "&ID=" . $ID; } if (isset($_GET['n'])) { echo '&n=c'; } if (isset($_GET['revised'])) { echo '&revised=' . $_GET['revised']; } if (isset($_GET['c'])) { echo '&c=' . $_GET['c']; } ?>' id='savebutton' style='visibility:hidden;'><img src='adminimages/save.jpg' alt='Done' border='0' /></a>
<a href='admin.php'><img src='adminimages/home.jpg' border='0' alt='Main Menu'/></a></div>
</div> <!-- end wrapper -->
</body>
</html>
<?php } ?>
The input that I want to remove so we only have 1 image upload input is:
<input name='myfile' type='file' size='70' class='inputbox'/>
The validation needs to be removed from the first file in order to do this successfully.
I had a few stabs at this myself and noticed that the input field was being referenced in upload.php by the name of the input "myfile", so I searched the upload.php for anhything relating to this input name I found the following and tried to remove:
while(file_exists($time.'-'.$_FILES['myfile']['name']))
{
$time++;
}
$thumb_target_path = $thumb_destination_path . $time.'-'.$_FILES['myfile']['name'];
$filename = $time.'-'.$_FILES['myfile']['name'];
To no avail however...
Any pointers would be greatly appreciated :)
Try with the following code, it removes $_FILES['myfile'] from everywhere, including if statements, SQL queries, etc.:
Upload.php
// Edit upload location here
$thumb_destination_path = "../storyslide_thumbs/";
$large_destination_path = "../storyslide_large/";
$type = $_POST['type'];
if (isset($_POST['ID'])) {
$ID = (int) $_POST['ID'];
}
$caption = mysql_real_escape_string($_POST['caption']);
$caption2 = mysql_real_escape_string($_POST['caption2']);
if ($type == "article" || $type == "editarticle") {
$sql="select a.title, a.category, c.title as cattitle, s.section as stitle, c.type from article a, category c, section s WHERE c.catID=a.category AND c.sectionid=s.sectionid AND a.articleID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$stitle = html_entity_decode($stitle);
$stitle = punct_remove($stitle);
$linktitle = html_entity_decode($title);
$linktitle = punct_remove($linktitle);
$cattitle = html_entity_decode($cattitle);
$cattitle = punct_remove($cattitle);
if ($category=='43') {
$link = "/fans/obituaries/$ID-$linktitle..html";
} else {
if ($type=="Blog") {
$ID = "b$ID";
$cattitle = $cattitle . "-" . $category;
} else {
$cattitle = $category . "-" . $cattitle;
}
$link = "/$stitle/$cattitle/$ID-$linktitle.html";
}
} elseif ($type == "player") {
$sql = "SELECT name FROM player WHERE playerID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$name = html_entity_decode($name);
$name = punct_remove($name);
$link = "/players/squad/$ID-$name.html";
} elseif ($type == "match") {
$sql="select r.versus, r.venue, s.year FROM regmatch r, season s WHERE r.matchID='$ID' AND r.season=s.seasonID";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($venue=='Home') {
$teams = "Stanlow V $versus";
$teams2 = "Stanlow_vs_" . str_replace(" ", "_", strtolower($versus));
}
else {
$teams = "$versus V Stanlow";
$teams2 = str_replace(" ", "_", strtolower($versus)) . "_vs_Stanlow";
}
$year = str_replace("/", "-", $year);
$sql="select count(*) as num3 FROM loungeimages WHERE matchID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($_POST['p']=="ao") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/awayteam.html";
} elseif ($_POST['p']=="bb") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/bookiekiller.html";
} elseif ($_POST['p']=="tn") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/teamnews.html";
} elseif ($_POST['p']=="s") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/scores.html";
} elseif ($_POST['p']=="l") {
if ($num3>0) {
$sql="select MIN(imgID) as minumumimage FROM loungeimages WHERE matchID='$ID' GROUP BY matchID";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/lounge/$minumumimage.html";
}
else {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/lounge.html";
}
} elseif ($_POST['p']=="fv") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/fansviews.html";
} elseif ($_POST['p']=="fr") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/fansmatchreport.html";
} elseif ($_POST['p']=="ob") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/offtheball.html";
} elseif ($_POST['p']=="mq") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/matchquotes.html";
} elseif ($_POST['p']=="mr") {
$link = "/match/$year/$ID-$teams2/" . strtolower($venue) . "/matchreport.html";
}
}
elseif ($type == "match2") {
$sql="select r.versus, r.venue FROM regmatch2 r WHERE r.matchID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
if ($venue=='Home') {
$teams = "Stanlow V $versus";
$teams2 = "Stanlow_vs_" . str_replace(" ", "_", strtolower($versus));
}
else {
$teams = "$versus V Stanlow";
$teams2 = str_replace(" ", "_", strtolower($versus)) . "_vs_Stanlow";
}
if ($_POST['p']=="ao") {
$link = "/match/perfectseason/$ID-$teams2/aboutoppo.html";
}
elseif ($_POST['p']=="bb") {
$link = "/match/perfectseason/$ID-$teams2/de_ja_lards_best_bet.html";
}
elseif ($_POST['p']=="tn") {
$link = "/match/perfectseason/$ID-$teams2/teamnews.html";
}
elseif ($_POST['p']=="mr") {
$link = "/match/perfectseason/$ID-$teams2/matchreport.html";
}
elseif ($_POST['p']=="rank") {
$link = "/match/perfectseason/$ID-$teams2/andys_old_rankin.html";
}
}
elseif ($type == "event") {
$link = "/fans/diary.html";
} elseif ($type == "picsubcat") {
$sql = "SELECT s.title as stitle, c.catID, c.title as ctitle, MIN(p.imgID) as imgID, se.section FROM picturesubcategory s, category c, picturetable p, section se WHERE c.sectionid=se.sectionid AND s.piccatID='$ID' AND s.catID=c.catID AND p.piccatID=s.piccatID";
$result = mysql_query($sql) or die ("<script language='javascript'>alert('" . $sql . "');</script>");
$row = mysql_fetch_array($result);
extract($row);
$ctitle = html_entity_decode($ctitle);
$ctitle = punct_remove($ctitle);
$stitle = html_entity_decode($stitle);
$stitle = punct_remove($stitle);
$section = strtolower($section);
$link = "/$section/$catID-$ctitle/$stitle/$imgID.html";
} elseif ($type == "paypal") {
$sql = "SELECT name FROM paypalitems WHERE itemID='$ID'";
$result = mysql_query($sql) or die ("Error! bad select statement");
$row = mysql_fetch_array($result);
extract($row);
$name = str_replace(" ", "_", $name);
$name = urlencode($name);
$link = "/products/" . $ID . "-" . $name . ".html";
} elseif ($type == "lookalike") {
$link = "/funnies/lookalikes/1.html";
} elseif ($type == "wallpaper") {
$link = "/gear/wallpapers/1.html";
}
$result = 0;
$time = time();
while (file_exists($time.'-'.$_FILES['myfile2']['name']))
{
$time++;
}
$large_target_path = $large_destination_path . $time.'-'.$_FILES['myfile2']['name'];
$filename = '';
$filename2 = $time.'-'.$_FILES['myfile2']['name'];
if ((!isset($_FILES['myfile2']['tmp_name']) || $_FILES['myfile2']['tmp_name'] == "")) {
$result = 3;
} else {
if (is_uploaded_file($_FILES['myfile2']['tmp_name'])) {
if (getimagesize($_FILES['myfile2']['tmp_name'])) {
if (((move_uploaded_file($_FILES['myfile2']['tmp_name'], $large_target_path))) {
$result = 1;
$image_dim2 = getimagesize($large_target_path);
if (($image_dim2[0] != 230 || $image_dim2[1] != 199)) {
$result = 4;
unlink($large_target_path);
} else {
if (isset($_POST['f'])) {
$publishingdate = $_POST['date'];
$sql2 = "INSERT INTO storyslide_future (thumb, large, thumbcaption, largecaption, link, publishingdate) VALUES ('$filename', '$filename2', '$caption', '$caption2', '$link', '$publishingdate')";
$res2 = mysql_query($sql2) or die ('<script language="javascript" type="text/javascript">alert("Error! bad insert statement");</script>');
} else {
$sql = "DELETE FROM storyslide WHERE thumbID='16'";
$res = mysql_query($sql) or die ("Error! bad delete statement");
$sql1 = "UPDATE storyslide SET thumbID=thumbID+1";
$res1 = mysql_query($sql1) or die ('<script language="javascript" type="text/javascript">alert("Error! bad update statement");</script>');
$sql2 = "INSERT INTO storyslide (thumbID, thumb, large, thumbcaption, largecaption, link) VALUES ('1', '$filename', '$filename2', '$caption', '$caption2', '$link')";
$res2 = mysql_query($sql2) or die ('<script language="javascript" type="text/javascript">alert("Error! bad insert statement");</script>');
}
}
}
} else {
$result = 2;
}
} else {
$result = 5;
}
}
sleep(1);
?>
<script language="javascript" type="text/javascript">window.top.window.stopUpload(<?php echo $result; ?>);</script>
<?php } ?>