$_POST and backslash problem..I think

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
php_beginner_83
Forum Newbie
Posts: 6
Joined: Wed Apr 29, 2009 11:05 am

$_POST and backslash problem..I think

Post by php_beginner_83 »

Hi all

I'm trying to create my own online photo album. Right now I'm working on the upload page that allows me to add records to my database. I have a form where I selected the photo and I use the value from this text box in the form to add to the database. It is stored as the 'Path', the location of the photo so I can later retrieve this and display the photo online. When I select a photo the text box will be populated with a value like..
C:\htdocs\images\photo1.jpg

However, when I click the submit button to add my values to the database only 'photo1.jpg' is added to the database. I'm guessing this has something to do with the backslashes. Is that right? Can anyone offer any ideas or solution about how to solve this?

Thank you.

Code for my form is ...

Code: Select all

<div id="image">
   <h3>Add New Image</h3></br>
   <form action="uploadPictures.php" method="post">
   Image Description:<br/>
   <textarea cols="50" rows="4" name="imageDescription">
   </textarea><br/>
   Path:<br/>
   <input type="file" name="path"/><br/>
   Select Album:<br/>
   <?php
      $sql = "SELECT ID, Title FROM albums";
      $result = mysql_query($sql) or die(mysql_error());
      echo '<select name="albumMenu">';
      while($row = mysql_fetch_assoc($result))
      {
         printf('<option value="%s">%s</option>', htmlspecialchars($row['ID']), htmlspecialchars($row['Title']));
      }
      echo '</select>';
   ?>
   <br/><br/>
   <input type="submit" value="Add New Image"/>
   </form>
</div>

Code: Select all

 
// ************** CODE FOR IMAGES TABLE ******************//
 
// get last ID in 'pictures' table
$result = mysql_query("SELECT * FROM pictures ORDER BY ID desc limit 1") or die('order images error');
$row = mysql_fetch_array($result);
$newID = $row['ID'] + 1;
 
 
// insert new image into 'pictues' table
$insert = "INSERT INTO pictures (ID, Description, Path) VALUES ($newID, '{$_POST['imageDescription']}', '{$_POST['path']}')";
 
mysql_query($insert) or die(mysql_error());
 
// insert record into 'pics_in_albums' table
$insert2 = "INSERT INTO pics_in_albums (PicID, AlbumID) " .
      "VALUES ($newID, '{$_POST['albumMenu']}')";
      
mysql_query($insert2) or die('insert into pics_in_album errors');
 
//***************** END CODE FOR IMAGES TABLE ****************//
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: $_POST and backslash problem..I think

Post by Mirge »

1.) For MySQL, you should take advantage of "AUTO_INCREMENT" for your id so you don't have to query the DB to get a new id.
2.) Always escape user input. Never use it directly in any SQL statements. See: http://us3.php.net/manual/en/security.d ... ection.php
3.) Learn how to handle file uploads here: http://www.php.net/manual/en/features.file-upload.php
Post Reply