As you can see in the below PHP code, I am going to get the value for a combobox from a database table. It shows all the columns of the table without any problem, but when I want to pass the value of combobox back to a table, it always passes the value 1. Why?
<?php
$leccom = mysql_query("select Lec_ID, Lec_Name from lecturer") or die(mysql_error());
while ($result = mysql_fetch_array($leccom)) {
$name = $result[Lec_Name];
$id_leccom = $result[Lec_ID];
echo "<option value='$id_leccom'> $name</option>";
}
?>
Next file:
<?php
mysql_select_db('lms', mysql_connect('localhost', 'root', '')) or die(mysql_error());
// Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = #trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
// Sanitize the POST values
$filedesc = clean($_POST['pdesc']);
$fname = clean($_POST['Pre_Name']);
$com = clean($_post[$id_Leccom]);
echo $_post['comselection'];
// $subject= clean($_POST['upname']);
// upload random name/number
$rd2 = mt_rand(1000, 9999) . "_File";
// Check that we have a file
if ((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0))
{
// Check if the file is JPEG image and it's size is less than 350Kb
$filename = basename($_FILES['uploaded_file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
if (($ext != "exe") && ($_FILES["uploaded_file"]["type"] != "application/x-msdownload"))
{
// Determine the path to which we want to save this file
// $newname = dirname(__FILE__).'/upload/'.$filename;
$newname = "uploads/" . $rd2 . "-" . $filename;
// Check if the file with the same name is already exists on the server
// Attempt to move the uploaded file to it's new place
if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $newname)))
{
// successful upload
// echo "It's done! The file has been saved as: ".$newname;
// echo "$filedesc,$newname,$fname,$comlec";
mysql_query("INSERT INTO `lms`.`presentation` (`Pre_Name` ,`Path` ,`PLec_ID` ,`pdatein` ,`pdesc`) values ('$fname','$newname','1',NOW(),'$filedesc')") or die("failed");
// mysql_query("INSERT INTO presentation (pdesc,path,pdatein,Pre_Name,plec_id) VALUES ('$filedesc','$newname',NOW(),'$fname','$comlec')") or die("query failed");
// mysql_query("INSERT INTO presentation ('pdesc','path','Pre_Name','PLec_ID') values ('$filedesc','$newname','$fname','$comlec')") ;
header("location: fileupload.php");
}
}
}
?>
$name = $result['Lec_Name'];
$id_leccom = $result['Lec_ID'];
and
echo "<option value='".$id_leccom."'>$name</option>";
Related
I'm getting the error message when uploading a form in php.
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near"
I've followed instructions from other posts as follows, to no avail:
1-Wrapped the column heading names in backticks.
2-Made sure all strings were passed as strings, and ints as ints.
3-Cleaned up any strings before sending out.
4-Made sure the connection to the database works and we can query from it.
5-Checked and re-checked my html code.
Here's my php code:
<?php
include('../config/config.php');
// Redirect browser if the upload form WAS NOT submited.
if (!isset($_POST['submit_upload']))
{
header("location: upload.html");
}
// Continue if the upload form WAS SUBMITED
else
{
// Set the upload directory path
$target_path = realpath( dirname( __FILE__ ) ) . "/uploads/audio/";
// Array to store validation errors
$error_msg = array();
// Validation error flag, if this becomes true we won't upload
$error_flag = false;
// We get the data from the upload form
$filename = $_FILES['file']['name'];
$temp_filename = $_FILES['file']['tmp_name'];
$filesize = $_FILES['file']['size'];
$mimetype = $_FILES['file']['type'];
// Convert all applicable characters to HTML entities
$filename = htmlentities($filename);
$mimetype = htmlentities($mimetype);
// Check for empty file
if ($filename == "")
{
$error_msg[] = 'No file selected!';
$error_flag = true;
}
// Check the mimetype of the file
if ($mimetype != "audio/x-mp3" && $mimetype != "audio/mp3")
{
$error_msg[] = 'The file you are trying to upload does not contain expected data.
Are you sure that the file is an MP3 one?';
$error_flag = true;
}
// Get the file extension, an honest file should have one
$ext = substr(strrchr($filename, '.') , 1);
if ($ext != 'mp3')
{
$error_msg[] = 'The file type or extention you are trying to upload is not allowed!
You can only upload MP3 files to the server!';
$error_flag = true;
}
// Check that the file really is an MP3 file by reading the first few characters of the file
$open = #fopen($_FILES['file']['tmp_name'], 'r');
$read = #fread($open, 3);
#fclose($open);
if ($read != "ID3")
{
$error_msg[] = "The file you are trying to upload does not seem to be an MP3 file.";
$error_flag = true;
}
// Now we check the filesize.
// The file size shouldn't include any other type of character than numbers
if (!is_numeric($filesize))
{
$error_msg[] = 'Bad filesize!';
$error_flag = true;
}
// If it is too big or too small then we reject it
// MP3 files should be at least 1MB and no more than 10 MB
// Check if the file is too large
if ($filesize > 10485760)
{
$error_msg[] = 'The file you are trying to upload is too large!
Please upload a smaller MP3 file';
$error_flag = true;
}
// Check if the file is too small
if ($filesize < 1048600)
{
$error_msg[] = 'The file you are trying to upload is too small!
It is too small to be a valid MP3 file.';
$error_flag = true;
}
// Function to sanitize values received from the form. Prevents SQL injection
function clean($conn, $str)
{
$str = #trim($str);
if (get_magic_quotes_gpc())
{
$str = stripslashes($str);
}
return mysqli_real_escape_string($conn, $str);
}
// Sanitize the POST values
$title = clean($conn, $_POST['title']);
$context = clean($conn, $_POST['context']);
$source = clean($conn, $_POST['source']);
$interviewer = clean($conn, $_POST['interviewer']);
$interviewee = clean($conn, $_POST['interviewee']);
$intervieweeAge = (int)$_POST['intervieweeAge'];
$geoRegion = clean($conn, $_POST['geoRegion']);
$language = clean($conn, $_POST['language']);
$recDate = clean($conn,$_POST['recDate']);
$keywords = $_POST['keywords'];
if ($title == '')
{
$error_msg[] = 'Title is missing';
$error_flag = true;
}
if ($interviewee == '')
{
$error_msg[] = 'Interviewee name/anonymous is missing';
$error_flag = true;
}
// If there are input validations, show errors
if ($error_flag == true)
{
foreach($error_msg as $c => $p) echo "Error " . $c . ": " . $p . "<br />";
}
// Else, all checks are done, move the file.
else
{
if (is_uploaded_file($temp_filename))
{
// Generate an uniqid
$uniqfilename = $interviewee . '_' . str_replace("_", "", $recDate) . '.mp3';
$filePath = '/uploads/audio/' . $uniqfilename;
// If the file was moved, change the filename
if (move_uploaded_file($temp_filename, $target_path . $uniqfilename))
{
// Again check that the file exists in the target path
if (#file_exists($target_path . $uniqfilename))
{
// Assign upload date to a variable
$upload_date = date("Y-m-d");
// Create INSERT query
$qry = "INSERT INTO FDM177_AUDIO_CLIPS (title,context,source,interviewer,interviewee,intervieweeAge,geoRegion,language,recDate,fileName,filePath)
VALUES('$title','$context','$source','$interviewer',$interviewee',$intervieweeAge,'$geoRegion','$language','$recDate','$uniqfilename','$filePath')";
$result = mysqli_query($conn, $qry) or die(mysqli_error($conn));
if ($result)
{
$id = mysqli_insert_id($conn);
echo "File uploaded. Now it is called :" . $uniqfilename . "<br />" . $date . "<br />";
}
else
{
echo "There was an error uploading the file, please try again!";
}
if(1) {
//if (is_array($keywords) || is_object($keywords)) {
foreach($keywords as $k) {
// $idQuery = "SELECT keyword_ID from KEYWORDS WHERE keywordName=" . $k";
$idQuery = mysqli_query($conn, "SELECT * FROM FDM177_KEYWORDS WHERE (`keywordName` LIKE '%".$k."%')") or die(mysql_error());
$matchingKArray = mysqli_fetch_array($idQuery);
$keyword_FK = $matchingKArray[keyword_ID];
// echo $kQuery;
echo $keyword_FK;
$qry = "INSERT INTO FDM177_JNCT_KWDS_CLIPS (keyword_FK, clip_FK)
VALUES ('$keyword_FK', '$id')";
$result = mysqli_query($conn, $qry);
if ($result)
{
echo 'inserted with keyword.' . $k . ' <br />';
}
}
}
else {
echo "keywords are missing";
}
}
}
else {
echo "There was an error uploading the file, please try again!";
}
}
else
{
echo "There was an error uploading the file, please try again!";
}
}
}
?>
The problem occurs at the first MYSQL query that starts as MYSQL query INSERT INTO FDM177_AUDIO_CLIPS...
What am I missing?
Thank you!
quotes breaking in one query '$interviewer',$interviewee',
$qry = "INSERT INTO FDM177_AUDIO_CLIPS
(title, context, source,interviewer, interviewee,
intervieweeAge,geoRegion,language,recDate,fileName,filePath)
VALUES
('$title', '$context', '$source', '$interviewer', '$interviewee',
$intervieweeAge,'$geoRegion','$language','$recDate','$uniqfilename','$filePath')";
I am trying to set up an import/export to MySQL for a CSV file. I have most of it, however I am trying to validate the information. When I validate I want none of the records to be imported to MySQL. The code I currently have will only not import any records after an empty field. I wouldn't normally ask but I am stumped.
<?php
include 'connection.php';
$empty_value_found = false;
$file = $_FILES['file']['tmp_name'];
$handle = fopen ($file,"r");
while(($fileop = fgetcsv($handle,1000,",")) !==false){
$first = trim($fileop[0]);
$last = trim($fileop[1]);
$birthday = trim($fileop[2]);
$age = trim($fileop[3]);
$address = trim($fileop[4]);
if (
empty($first)
|| empty($last)
|| empty($birthday)
|| empty($age)
|| empty($address)
) {
$empty_value_found = true;
echo "empty field please check";
break; // stop our while-loop
}
}
// now we check - if there no empty values
if (!$empty_value_found) {
// we can go through our file again and insert values,
// code is similar to what you have
$sql = mysqli_query($conn,"INSERT INTO `mytable` (first, last, birthday, age, address) VALUES ('$first','$last','$birthday','$age','$address')");
$getdata = "SELECT * FROM mytable";
$results = mysqli_query($conn,$getdata);
if(mysqli_num_rows($results) >=1){
echo "<table><tr><th>First</th><th>Last</th><th>Birthday</th><th>Age</th> <th>Address</th></tr>";
}
while($row = mysqli_fetch_assoc($results)){
echo "<tr><td>" . $row["first"]. "</td><td>" . $row["last"]. "</td><td>" . $row["birthday"]. "</td><td>" . $row["age"]. "</td><td>" . $row["address"]. "</td></tr>";
}
}
echo "</table>";
mysqli_close($conn);
?>
Okay, let's see:
// here you get an array from csv-string
while(($fileop = fgetcsv($handle,1000,",")) !==false){
// first: use trim function to remove spaces from left and right of a value
$first = trim($fileop[0]);
$last = trim($fileop[1]);
$birthday = trim($fileop[2]);
$age = trim($fileop[3]);
$address = trim($fileop[4]);
// now you have five values.
// u want to insert them to database only if they are ALL not empty
// use function empty to check if value is empty
if (!empty($first)
&& !empty($last)
&& !empty($birthday)
&& !empty($age)
&& !empty($address)
) {
$sql = mysqli_query($conn,"INSERT INTO `mytable` (first, last, birthday, age, address) VALUES ('$first','$last','$birthday','$age','$address')");
// other code here
}
}
This script will insert values which are not empty. But still it will ignore rows with empty values.
If you want to check if all fields in all rows of your csv are not empty, then you should do this:
// set a special flag
$empty_value_found = false;
while(($fileop = fgetcsv($handle,1000,",")) !==false){
// first: use trim function to remove spaces from left and right of a value
$first = trim($fileop[0]);
$last = trim($fileop[1]);
$birthday = trim($fileop[2]);
$age = trim($fileop[3]);
$address = trim($fileop[4]);
// now you have five values.
// if any of them is empty - we should NOT go further and stop our cycle
if (empty($first)
|| empty($last)
|| empty($birthday)
|| empty($age)
|| empty($address)
) {
$empty_value_found = true;
break; // stop our while-loop
}
}
// now we check - if there no empty values
if (!$empty_value_found) {
// we can go through our file again and insert values,
// code is similar to what you have
}
So if you want to check
I have the bellow code which I was hoping to change/rename image name on upload to user id so I can avoid file overwrite and insert the name into database sadly after I added rename code the code is not able to upload image or update the database we out showing any error but if I remove the rename code everything was working.
Can one help me how to solve it or is there any better way I can do it?
<?php
$user_id = htmlentities($_SESSION['user']['id'], ENT_QUOTES, 'UTF-8');
$username = htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8');
require("connection.php");
if(#$_POST ['submit']) {
$file = $_FILES ['file'];
$name1 = $file ['name'];
$type = $file ['type'];
$size = $file ['size'];
$tmppath = $file ['tmp_name'];
if($type == 'jpeg' || $type == 'png' || $type == 'jpg') {
$name1 = $user_id.$type; // rename image
if($name1!="") {
if(move_uploaded_file ($tmppath, 'users/'.$name1)) {
$sql=("INSERT INTO USERS set photo='$name1' WHERE username='$username'");
mysql_query ($sql) or die ('could not updated:'.mysql_error());
echo ("Profile picture updated");
}
}
}
}
?>
You can try this, may be help you ...
<?php
$user_id = htmlentities($_SESSION['user']['id'], ENT_QUOTES, 'UTF-8');
$username = htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8');
require("connection.php");
if(#$_POST ['submit']) {
$file = $_FILES ['file'];
$name1 = time().$file ['name']; // rename image
$type = $file ['type'];
$size = $file ['size'];
$tmppath = $file ['tmp_name'];
if($type == 'image/jpeg' || $type == 'image/png' || $type == 'image/jpg') {
if($name1!="") {
if(move_uploaded_file ($tmppath, 'users/'.$name1)) {
$sql=("INSERT INTO USERS set photo='$name1' WHERE username='$username'");
mysql_query ($sql) or die ('could not updated:'.mysql_error());
echo ("Profile picture updated");
}
}
}
}}
?>
First of all change
$name1 = $user_id.$type;
to
$name1 = $user_id.".".$type;
And second of all clean up you sql.
Also. file_type is image/jpeg so that's why it doesn't work. It never goes past your if.
Create a switch to check the filetype or just take the last 3 characters of the file.
Try this to reorganise your $_FILES into an array you can understand and easily work with.
Shameless plug
https://gist.github.com/lukeoliff/5531772#file-quickrearrangefiles-php
<?php
function rearrangeFiles($arr) {
foreach($arr as $key => $all){
foreach($all as $i => $val){
$new[$i][$key] = $val;
}
}
return $new;
}
Used as such:
<?php
$user_id = htmlentities($_SESSION['user']['id'], ENT_QUOTES, 'UTF-8');
$username = htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8');
require("connection.php");
if(!empty($_POST) && !empty($_FILES)) {
$files = rearrangeFiles($_FILES)
foreach ($files as $key => $file) {
$name = $file['name'];
$type = $file['type'];
$size = $file['size'];
$tmppath = $file['tmp_name'];
if($type == 'jpeg' || $type == 'png' || $type == 'jpg') {
$name = time() . '_' . $user_id.'_'.$name.'.'.$type; // TIMESTAMP, USERID and FILENAME RENAME
if(!empty($name)) {
if(move_uploaded_file($tmppath, 'users/'.$name)) {
$sql = "INSERT INTO users (photo,username) values ('$name','$username')";
mysql_query($sql) or die('could not updated:'.mysql_error());
$successes[] = $file['name'] . " picture saved as " . $name;
}
}
}
}
if (!empty($successes)) {
echo implode('. ',$successes);
}
}
Further improved by inserting into database in a single query :) Also you really need to move from mysql_ functions to mysqli_ or PDO:: functions as per php.net http://www.php.net/manual/en/function.mysql-connect.php depreciating mysql_ functions soon.
you can use that one concept, but edit this as your requirement.
<?php
if ($_FILES['imagepath']['name'] != "")
{
$uploaddir = 'images/';
$uploadfile = $uploaddir . basename($_FILES['imagepath']['name']);
if (move_uploaded_file($_FILES['imagepath']['tmp_name'], $uploadfile))
{
$rename = $_FILES['imagepath']['name'];
$rename = rand(0,1500000000).$rename;
$filename = strtolower(($rename));
if (file_exists(($uploaddir.$_FILES['imagepath']['name'])))
rename(($uploaddir.$_FILES['imagepath']['name']), ($uploaddir.$filename));
echo $_FILES['imagepath']['name']." with name ".$filename." file uploaded successfully";
}
}
?>
I am trying to store image file names to a SQL database. The file name looks something like "_p4_analyzed__07001447_20121003-4000096925_Class2_reg_EPI.png" and I was hoping that it would be just "Class2_reg_EPI.png".
I was hoping that this line will do the trick: $fileName = str_ireplace($casePath."/","", $file) but unfortunately when I run it it is still giving me the long name with the path (the '_' underscore acts as the '/'?)
See code below for more information:
$casePath=$path."/".$caseID."/Summary/slicesdir";
global $status;
// print("processImages case path:".$casePath."</br>");
$files = glob($casePath."/*.png");
$connection = getMySqlConnection();
$imageCount= 0;
for($i = 0; $i < count($files); $i++) {
$file = $files[$i];
$fileName = str_ireplace($casePath."/","", $file);
if(strripos($fileName, "grot") === false)
{
$imageCount ++;
//if exists
if(!doesImageExist($fileName, $patientID, $caseID)) {
$id = uniqid("", true);
$sql = "Insert Into images(id,patientid,caseid, image_name,comments,status) VALUES('".mysql_real_escape_string($id)
."','".mysql_real_escape_string($patientID)."','".mysql_real_escape_string($caseID)."', '".mysql_real_escape_string($fileName)."',NULL,".$status[0][0].")";
// print($sql."</br>");
mysql_query("START TRANSACTION", $connection);
$result = mysql_query($sql, $connection);
if($result) {
mysql_query("COMMIT", $connection);
// print("Image data inserted </br>");
} else {
mysql_query("ROLLBACK", $connection);
print("Image Data failed </br>");
}
}
}
}
Any help is appreciated! Thanks in advance!
If the original filename contains path information (e.g. /path/to/the/file.png), and you only want the filename (file.png), you can remove the path using basename()
$filename = basename('/path/to/file.png');
echo $filename; // outputs 'file.png'
I am bulding a small ajax chat site and am adding an image upload with msg functionality built in PHP, MySQL and jquery with ajax. My code currently will let you upload a message, I can get the image ready for upload and store URL for the database.
But I need to pass the variable to another if statement checking when the user submits a message.
I cannot seem to get it across and into my database.
Tryed global var, other stuff - think must be missing something. It is probably something obvious, excuse the code I am a graphic designer learning code!
$imageurl = "";
if (isset($_FILES["file"])) {
//properties of uploaded file
$name = $_FILES["file"] ["name"];
$type = $_FILES["file"] ["type"];
$size = $_FILES["file"] ["size"];
$temp = $_FILES["file"] ["tmp_name"];
$error = $_FILES["file"] ["error"];
if ($error > 0) {
die("Error uploaded file!");
}
else
{
if ($type == "video/avi" || $size > 2000000) {
?>
<br>
<p><?die("format is not allowed or size too big!");?></p>
<?
}
else
{
move_uploaded_file($temp, "msg_image/" . $name);
}
}
//store url for insertation
$imageurl = "msg_image/" . $name;
echo '<p>You added a ' . $name . ' to your message</p>';
return $imageurl;
}
/////need the var in here to store and update mysql database
if (isset($_POST['message'])) {
$tostore = $imageurl;
$username = protect($_POST['username']);
$message = protect($_POST['message']);
$time = time();
$sql = "INSERT INTO messages
(username, msgcontent, imageurl, msgtime)
VALUES ('$username', '$message', '$tostore', $time)";
$result = mysql_query($sql);
}
Your "return $imageurl" statement is stopping your script prematurely.
http://php.net/manual/en/function.return.php
i.e.
echo "hello";
return "world";
echo "!";
will only return
hello