[SOLVED] Passing value help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

[SOLVED] Passing value help

Post by Addos »

I have a string $_FILES['userfile']['name'] which I know contains a text value of ‘myfile.doc’

I’m trying to have this value passed to the following:

Code: Select all

//Delete details from database signals.doc
if ((isset($_GET['wordName'])) && ($_GET['wordName'] != "")) {
  $deleteSQL = sprintf("DELETE FROM word WHERE wordName=%s",
                       GetSQLValueString($_GET['wordName'], "text"));

  mysql_select_db($database_johnston, $johnston);
  $Result1 = mysql_query($deleteSQL, $johnston) or die(mysql_error());
}
So, for example what I’m trying to do in effect is….

Code: Select all

sprintf("DELETE FROM word WHERE wordName=$_FILES['userfile']['name'] ",
….but I’m getting various errors this way. I have also tried numerous methods such as:

Code: Select all

GetSQLValueString($_FILES['userfile']['name'], "text"));
GetSQLValueString($_GET ($_FILES['userfile']['name'], "text")));
However if I simply use this:

Code: Select all

$deleteSQL = sprintf("DELETE FROM word WHERE wordName= ‘myfile.doc’",
The file name is successfully deleted from the database so I know that all I need to do is pass the value but I can’t see a way around this.

Is any of the above close or do I need to rethink my entire approach?



Thanks very much
Brian
Last edited by Addos on Wed Apr 20, 2005 3:06 am, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

are you absolutely sure $_FILES['userfile'] is there?

var_dump() $_FILES, $_GET, and $_POST.
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

Post by Addos »

Thanks for you reply.
I ran <? var_dump($_FILES, $_GET, $_POST) ?> and got the following:

array(0) { } array(1) { ["message"]=> string(34) "signals.doc uploaded successfully." } array(0) { }

I hope it is ok but I have pasted all the code so that you can see what I’m up to. Basically I’m trying to use the value of a specific file that is to be deleted from a folder in the root to be passed to DELETE FROM word WHERE wordName=%s so that I can have both the file in the (root) folder and the details in the database deleted simultaneously.

I can successfully delete the file from the root folder ok and as I say if I physically insert a value into =%s everything below works fine but I just can’t get my head around passing the value dynamically to the WHERE clause .
Much appreciate your help again
Regards
Brian

Code: Select all

<?PHP
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["upload"])) && ($_POST["upload"] == "form1")) {
if (!$nomessage && !$nomessage_name) {
  $insertSQL = sprintf("INSERT INTO word (wordName, wordDetails) VALUES (%s, %s)",
                       GetSQLValueString($_FILES['userfile']['name'], "text"),
                       GetSQLValueString($_POST['wordDetails'], "text"));

  mysql_select_db($database_johnston, $johnston);
  $Result1 = mysql_query($insertSQL, $johnston) or die(mysql_error());
}
}
?>
	<?php
$MAX_SIZE = 10000000;
                            
//Allowable file ext. names. you may add more extension names.            
$FILE_EXTS  = array('.doc'); 
//,'.txt','.zip','.sit','.jpg','.jpeg','.png','.gif','.rtf','.rar'

//Allow file delete? no, if only allow upload only
$DELETABLE  = true;                               

//Setup variables
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

//   Create Upload Directory
if (!is_dir("files")) {
  if (!mkdir($upload_dir))
  	die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
  	die ("change permission to 755 failed.");
}

//    Process User's Request
if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
  $signals = $_FILES['userfile']['name'];
  
//Delete details from database signals.doc
if ((isset($_GET['wordName'])) && ($_GET['wordName'] != "")) {
  $deleteSQL = sprintf("DELETE FROM word WHERE wordName=%s",
                       GetSQLValueString($_GET['wordName'], "text"));

  mysql_select_db($database_johnston, $johnston);
  $Result1 = mysql_query($deleteSQL, $johnston) or die(mysql_error());
}


  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)=="files/") {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=File deletion successful.'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

	$file_type = $_FILES['userfile']['type']; 
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //File Size Check
  if ( $_FILES['userfile']['size'] > $MAX_SIZE) 
     $message = "The file size is over 2MB.";
  //File Type/Extension Check
  else if (!in_array($file_type, $FILE_MIMES) 
          && !in_array($file_ext, $FILE_EXTS) )
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
    
  
  else
     $message = do_upload($upload_dir, $upload_url);
  
  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else 
	$message = "Invalid File Specified.";

//   List Files
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'>".$file."</a>";
      if ($DELETABLE)
        $filelist .= " - <a href='?del=$upload_dir$file' title='delete'> Delete this file?</a>";
      $filelist .= "<sub><small><small><font color=grey>  ".date("d-m H:i", filemtime($upload_dir.$file))
                   ."</font></small></small></sub>";
      $filelist .="<br>";
   }
}

function do_upload($upload_dir, $upload_url) {

	$temp_name = $_FILES['userfile']['tmp_name'];
	$file_name = $_FILES['userfile']['name']; 
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
	$file_path = $upload_dir.$file_name;

	//File Name Check
  if ( $file_name =="") { 
  	$message = "Invalid File Name Specified";
  	return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0755))
   	$message = "change permission to 755 failed.";
  else
    $message = ($result)?"$file_name uploaded successfully." :
     	      "Somthing is wrong with uploading a file.";
  return $message;
}

?>
<center>
 <?=$_REQUEST[message]?>
   <br>
  <form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post"action="<?php echo $editFormAction; ?>">
Your Uploaded Files so far are: 
   <?=$filelist?>
Upload Word file: <input type="file" id="userfile" name="userfile">
Programme Note title: <?php if (isset($nomessage_name) && !empty($nomessage_name)) {
		 echo $nomessage_name; } else { 		 
		  } ?> 	 
		
          <td><input type="text" name="wordDetails" id ="wordDetails"value="" size="32">        
              <input type="submit" name="upload" value="Insert record"></td>
      <input type="hidden" name="upload" value="form1">
  </form>

  <? var_dump($_FILES, $_GET, $_POST) ?>
</center>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

.... and what does it say when you submit a file?

You are aware that in order to run the delete, wordName must be set in the url. Which you don't do right now.
Addos
Forum Contributor
Posts: 305
Joined: Mon Jan 17, 2005 4:13 pm

Post by Addos »

Thanks for all your help it is much appreciated and it got me thinking in the right direction.

In the end I found that $filename returned files/signals.doc so by using the
following I was able to pass the correct value to carry out a successful
delete.

Code: Select all

$relURL = $_GET['del'];
$filename = substr($relURL, 6);

if ((isset($_GET['del'])) && ($_GET['del'] != "")) {
  $deleteSQL = sprintf("DELETE FROM word WHERE wordName='$filename'",
                       GetSQLValueString($_GET['del'], "text"));
Thanks again.
Brian :wink:
Post Reply