Film-Tech Forum ARCHIVE: PHP file upload: place file information into database (HELP)

my profile | my password | search | faq & rules | forum home

»	Film-Tech Forum ARCHIVE » Community » Film-Yak » PHP file upload: place file information into database (HELP) (Page 1)

This topic comprises 3 pages: 1 2 3

Author

Topic: PHP file upload: place file information into database (HELP)

Andrew McCrea
Jedi Master Film Handler

Posts: 645
From: Winnipeg, Manitoba, Canada
Registered: Nov 2000

posted 07-10-2008 10:30 PM

Hey everyone!

I'm hoping there's someone out there that's pretty good with PHP that could help me with this script...

This is my script (the action of a form submit) that uploads a file to my server.

quote:

include('config.php');

//Connect to database
$cxn = mysqli_connect($host, $username, $password, ********) or die ("No connection can be made.");

//Get the parent's ID number from URL.
$fID = $_GET['fID'];
//Get the variables from our modFile form.
$title=$_POST['title'];
$desc=$_POST['desc'];
$fGenre=$_POST['fGenre'];
//Get the user's name for proper credit.
$userName=$_SESSION['name'];

// Get the file name and add "m" for MOD file.
$file_name = $_FILES['modFile']['name'];
$uploadLetter=m;

// Random 7 digit number to add to our file name
$random_digit=rand(0000000000,9999999999);

//Here's how we create the new file name.
$new_file_name=$uploadLetter.$random_digit.$file_name;

//set where you want to store files
$path= "files/fileUploads/mods/".$new_file_name;

if($modFile !=none)
{

if(move_uploaded_file($_FILES['modFile']['tmp_name'], $path))
{
echo "Successful<BR/>";

echo "File Name :".$new_file_name."<BR/>";
echo "File Size :".$_FILES['modFile']['size']."<BR/>";
echo "File Type :".$_FILES['modFile']['type']."<BR/>";
}

else
{
echo "Error";
}
}

mysqli_query($cxn, "INSERT INTO fileAlt (parent, fileName, desc, fileGenre, uploader, filePath) VALUES ('$fID', '$title', '$desc', '$fGenre', '$userName', '$path')") or die ('FAILED.');

The files upload properly, but no information is stored in the database, and I get the die error 'FAILED'.

Could anyone help me correct this script? I'm sure the solution is fairly obvious, but I'm still learning and have tried so many INSERT statement configurations that haven't worked.

Thanks!

| IP: Logged

Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002

posted 07-10-2008 10:51 PM

To get a clue about why a MySQL query is failing, try using this:

die(mysql_error());

The only problem is that you don't want to leave that there because hackers can gain info about your database from the errors. But in cases like this, you can use this to see what MySQL is complaining about.

The other thing you can try is instead of doing this:
mysqli_query($cxn, "INSERT INTO fileAlt (parent, fileName, desc, fileGenre, uploader, filePath) VALUES ('$fID', '$title', '$desc', '$fGenre', '$userName', '$path')")

...do this:
$query = "INSERT INTO fileAlt (parent, fileName, desc, fileGenre, uploader, filePath) VALUES ('$fID', '$title', '$desc', '$fGenre', '$userName', '$path')";
echo($query);
mysqli_query($cxn, $query);

Then you can actually see what PHP is doing to create your query. And if you like, you can copy and paste that query into something like phpMyAdmin manually to see what happens. Again, this is only for debugging purposes. Once you work it out, get rid of the echo() statement.

Sometimes a name like "O'Malley" will screw up your query because of the single quote. If you're running a whole bunch of names, you might not think of something like that at first.

If that doesn't help, let me know what happens and we'll see what else I can think of.

| IP: Logged

Andrew McCrea
Jedi Master Film Handler

Posts: 645
From: Winnipeg, Manitoba, Canada
Registered: Nov 2000

posted 07-10-2008 11:05 PM

I tried the error thing, and received no error output. I then tried mysqli_error and got a "parameter expected 1, null given" type of warning.

Interesting... Here's all the echo output:

quote:
Successful
File Name :m669703611Triple-star_sunset.jpg
File Size :46390
File Type :image/jpeg
INSERT INTO fileAlt (parent, fileName, desc, fileGenre, uploader, filePath) VALUES ('1', 'test', 'test', 'test', '', 'files/fileUploads/mods/m669703611Triple-star_sunset.jpg')

Also, I tried running the insert query in phpMyAdmin and I got this:

quote:
Error

SQL query:

INSERT INTO fileAlt( parent, fileName, DESC , fileGenre, uploader, filePath )
VALUES (
'1', 'test', 'test', 'test', '', 'files/fileUploads/mods/m669703611Triple-star_sunset.jpg'
)

MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, fileGenre, uploader, filePath) VALUES ('1', 'test', 'test', 'test', '', 'f' at line 1

EDIT: The problem turned out to be that 'DESC' is an obscure keyword in PHP or MySQL, so its all fixed now!

Thanks a billion for the tip because it got me thinking creatively again!

| IP: Logged

Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002

posted 07-11-2008 10:22 AM

Oh yeah, how bout that. DESC is a keyword for ordering things in descending order instead of ascending order. Sorry I missed that!

But those are the things that you sometimes don't think about because you're focused on the one little thing you have in front of you. So, keep that pasting into phpMyAdmin trick handy. It's helpful, especially when verifying queries created dynamically.

Something else you should think about is validating $_POST and $_GET variables before using them directly in a MySQL query. For example, if $_GET['fID'] is supposed to be a number, make sure that it is before using it.

And all variables should be passed through the mysql_escape_string() function. This will automatically escape any single or double quotes or anything else that appears in your string that may otherwise cause MySQL to misbehave. It basically makes any string "MySQL Safe". My suggestion is instead of doing this:

$title=$_POST['title'];
$desc=$_POST['desc'];
$fGenre=$_POST['fGenre'];

Do this:

$mysql['title'] = mysql_escape_string($_POST['title']);
$mysql['desc'] = mysql_escape_string($_POST['desc']);
$mysql['fGenre'] = mysql_escape_string($_POST['fGenre']);

That will make it obvious when you get to your query because you're only using variables from the $mysql[] array.

Those are just my suggestions. Hopefully they're helpful!

| IP: Logged

Andrew McCrea
Jedi Master Film Handler

Posts: 645
From: Winnipeg, Manitoba, Canada
Registered: Nov 2000

posted 07-11-2008 04:55 PM

Is that simple cut and past?

Like I said, I'm still very new to PHP, but learning quite quickly, and one problem I've been having is that when someone submits a shout out it dies when a ' is used, but I haven't tried ".

| IP: Logged

Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002

posted 07-11-2008 07:43 PM

I'm not sure what you mean by simple cut and paste, but yes, the mysql_escape_string() function should fix single quotes and double quotes in your strings.

Feel free to shoot me some questions anytime and I'll be happy to try to help.

| IP: Logged

Justin Hamaker
Film God

Posts: 2253
From: Lakeport, CA USA
Registered: Jan 2004

posted 07-14-2008 05:07 PM

I would also recommend using stripslashes when retrieving information so that O'Mally doesn't display as O\'Mally. I always include this when retrieving any text field from my database - or before displaying any text field that has been processed by PHP.

The format would usually be:
$text = stripslashes($row['text']); or
$text = stripslashes($text);

| IP: Logged

Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002

posted 07-14-2008 05:44 PM

O'Mally shouldn't display as O\'Mally when retrieved from the database unless it's stored that way in the database.

You may run into the same problem though if you're trying to pull the name O'Mally out and then use it in something like a php generated javascript routine. For example:

$row['Name'] = "O'Mally"
echo("alert('Hello, ". $row['Name'] .".');");

...would generate a javascript error because it would create:
alert('Hello, O'Mally.');

| IP: Logged

Andrew McCrea
Jedi Master Film Handler

Posts: 645
From: Winnipeg, Manitoba, Canada
Registered: Nov 2000

posted 07-24-2008 02:42 AM

OK, so here's something I really need help on, and I don't think its anything major, I just can't sort through everything on Google to really understand what it is I have to do...

I'm building the profile for the users on my site, and I want to show the user's friends a la facebook, with a table like this:

Now, I know how to display images dynamically (like the person's avatar when profile.php is set to show theirs, etc.

What I don't know is how to fetch 6 random rows from the friends table where they're a fan of the user, and display them in the table where I specify...
i.e.
$row[1]['avatar'] $row[1]['name']
$row[2]['avatar'] $row[2]['name']
etc.

I'm sure there's a simple way to do this, I just haven't been able to understand it enough yet to really get it with all my trying...

I appreciate any help I can get!

| IP: Logged

Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002

posted 07-24-2008 06:32 AM

I'd need a little more info to give an exact answer to the image display question. Specifically, how the names of the avatar files are stored in the database.

In our database, we store the files on the server simply as the number (key id) of the row of the person in the database. For example, if my record in the person table is:
id = 1
name = Mark

Then my picture is stored on the server in an image directory as a file named "1". You could add the extension on that so the file is called "1.jpg" or "1.png" or whatever. But let's assume you have something like this:

id = 1
name = Mark
avatar = avatar1.jpg

And you have 500 people in the table. You want to grab six random people and display their avatars. The query would be something like this:

SELECT * FROM person WHERE <whatever you need here> ORDER BY RAND() LIMIT 6

From there, you make your table. When it comes time to display the avatar, you need something like this:

<img src="/path/to/avatar/directory/<? php echo $row['avatar']; ? >">

(Remove the spaces on the php tags) Does that help?

I notice you're also trying to do three columns and two rows. It occurs to me that maybe that is another part you're having trouble with. When setting that up, you should try to make your code flexible enough so that in the future when you want to change the number of columns from 3 to 4, all you have to do is change one line of code:

$numColumns = 3;

would change to

$numColumns = 4;

I can help you with that too if you need it.

| IP: Logged

Andrew McCrea
Jedi Master Film Handler

Posts: 645
From: Winnipeg, Manitoba, Canada
Registered: Nov 2000

posted 07-24-2008 10:35 AM

Yes, I know how to do the grab 6 random and place the echo tag in the image... I've got all of that working on the site so far...

My table looks like this:
profileFriends (table name)
id, person, friend, fAvatar

When someone adds someone as a friend, the user of the site is placed in "person", the friend's name is placed in "friend", and the friend's avatar path is placed in fAvatar (this is updated by the avatar upload script when the avatar is changed).

So, what I'm really looking to do is build an html table, and then pop the image tags and the link tags for the name in each column and each row, so that it displays 6 random friends in this format.

| IP: Logged

Andrew McCrea
Jedi Master Film Handler

Posts: 645
From: Winnipeg, Manitoba, Canada
Registered: Nov 2000

posted 07-25-2008 12:12 AM

bump

| IP: Logged

Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002

posted 07-25-2008 11:15 AM

Looking back at the image you displayed, it looks like you want two rows. One for the avatar, and a second with the name under it. That makes sense if the avatars could be all different sizes. So something like this? (Refresh the page and the names will change. Ignore the broken avatar images - didn't have time to find images of everybody.)

Click Here

| IP: Logged

Andrew McCrea
Jedi Master Film Handler

Posts: 645
From: Winnipeg, Manitoba, Canada
Registered: Nov 2000

posted 07-25-2008 12:01 PM

Yes, that looks exactly it.

| IP: Logged

Mark J. Marshall
Film God

Posts: 3188
From: New Castle, DE, USA
Registered: Aug 2002

posted 07-25-2008 12:36 PM

Ok, I just sent over the code for that via email. Actually it's two emails. The first one had a couple of typos in the code, but I fixed them in the second one. Let me know if you have any questions about anything in there.

| IP: Logged

All times are Central (GMT -6:00)

This topic comprises 3 pages: 1 2 3

Printer-friendly view of this topic

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.