Code problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ludmil
Forum Newbie
Posts: 5
Joined: Tue Sep 01, 2009 10:08 pm

Code problem

Post by ludmil »

HI I have problem with my PHP code,I am trying to upload image ,but doesn't work ,I echo the query and its printing 1
Thank you

Code: Select all

<?php
session_start();
include '../functions.php';
    my_adminheader('Enter Logo');
    $store_name=$_GET['store_name'];
    if($_SESSION['user_info']['type']==3)
    {
    if ($_POST['submit'])
    {
    $name=$_FILES['myfile']['name'];
    $tmp_name=$_FILES['myfile']['tmp_name'];
    if ($name)
    { 
        $location="../uploaded/$name";
        move_uploaded_file($tmp_name,$location);
        db_init();
        $query=mysql_query("update `flyers` set logo='$location' where `store_name`='$store_name'");
        echo $query;
        }
    else
    {
        die ('Select file');
    }
    }
    }
    else
    {
    header('Location:index.php');
    exit();
    }
?>
<form action="enter_store_logo.php" method="post" enctype="multipart/form-data">
File:<input name="myfile" type="file">
<input type="submit" name="submit" value="Upload">
</form>
 
 
Last edited by Benjamin on Sat Sep 05, 2009 3:51 am, edited 1 time in total.
Reason: Changed code type from text to php.
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Code problem

Post by cpetercarter »

You are going to have to give us some more help here. Which bit "doesn't work"? What exactly happens when you use your script to upload a file? Have you got error-messaging switched on?If so, are you getting any error messages?
ludmil
Forum Newbie
Posts: 5
Joined: Tue Sep 01, 2009 10:08 pm

Re: Code problem

Post by ludmil »

I remove mysql_query ($query="update `flyers` set logo='$location' where `store_name`='$store_name'";

echo $query;)


and its echoing me
update `flyers` set logo='../uploaded/PriceChopper_logo.gif' where `store_name`=''
sims its not recognizing $store_name
ludmil
Forum Newbie
Posts: 5
Joined: Tue Sep 01, 2009 10:08 pm

Re: Code problem

Post by ludmil »

Anybody Help?
peterjwest
Forum Commoner
Posts: 63
Joined: Tue Aug 04, 2009 1:06 pm

Re: Code problem

Post by peterjwest »

You aren't printing the query in your code example. You're printing the result of the query. You would commonly write:
$query = 'SELECT 'something' FROM 'something else';
$result = mysql_query($query);
echo $result;

If result is 1 that means your query was successful.

You should note that $store_name will not be set unless the URL of the script ends with ?store_name=something (this is where GET variables are set).
ludmil
Forum Newbie
Posts: 5
Joined: Tue Sep 01, 2009 10:08 pm

Re: Code problem

Post by ludmil »

Thanks for the answer,I am passing variables thruogh this code

Code: Select all

<a href="enter_store_logo.php?store_name='.$store_name.'"><b>Add Store Logo</b></a></td>
Yes when I print real query is printing me 1 but no image is insert in the database,becouse of that I put this example in the code
peterjwest
Forum Commoner
Posts: 63
Joined: Tue Aug 04, 2009 1:06 pm

Re: Code problem

Post by peterjwest »

Firstly, check the store name is getting input into the query by visting the page at: enter_store_logo.php?store_name=example_store
The query should be: update `flyers` set logo='../uploaded/image_name.gif' where `store_name` = 'example_store';
You can also try inputting that query directly to check your database names/permissions are good.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Code problem

Post by jackpf »

Umm...mysql_error()??
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Code problem

Post by Mirge »

jackpf wrote:Umm...mysql_error()??
+1... should always use it to check for errors.
stratbeans
Forum Newbie
Posts: 12
Joined: Sat Aug 29, 2009 2:23 am

Re: Code problem

Post by stratbeans »

Hi ludmil,
As your script sounds you are trying to place image location in Database with passing $location (value : "../uploaded/$name") in logo field.
Firstly you should pass full path to $location then put it in database.
Hope it will work for you.
As per your first problem concern, you can also use input type as hidden instead of using anchor like :
<input type=hidden name=”store_name” value=”<?php echo $store_name?>”>
And same you can access by $_POST[‘store_name’]
This one is good as per security concern.
One more thing you should handle for good code is to handle the return value of function bool move_uploaded_file ( string $filename , string $destination )
Can use this link : http://es.php.net/manual/en/function.mo ... d-file.php
peterjwest
Forum Commoner
Posts: 63
Joined: Tue Aug 04, 2009 1:06 pm

Re: Code problem

Post by peterjwest »

Depending on the context, store name may not need to be secure.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Code problem

Post by jackpf »

It's user supplied, of course it will.

magic_quotes may be turned on, but that doesn't actually escape all data that could be used for SQL injection.
peterjwest
Forum Commoner
Posts: 63
Joined: Tue Aug 04, 2009 1:06 pm

Re: Code problem

Post by peterjwest »

Firstly, I am not saying that the data should not be escaped. All data coming from $_POST or $_GET must be escaped, either for MySQL input or for HTML output, or occasionally both. Secondly $_POST and $_GET are not secure in any way; both can be faked and tampered with easily.

The question of which to use comes down to whether you want specific input values to be visible in the URL or accessible by hyperlink. This depends on the context of the website. For example there may be a list of hyperlinks to store pages, where each page displays a number of forms with various options.
Post Reply