Page 1 of 1

Browser does matter?

Posted: Sun Aug 13, 2006 12:49 am
by tetsuO2
I am just making a web site for a store that sells shoes and clothes.
I need to make the account pages by PHP+MYSQL.
The account page is very simple. I just need to make Insert, Update, Delete pages for the staff members.
And actually I already made them .

But I got some problems.
i test it by using some browsers such as Internet Explore,FireFox and Safari.

The Problems are;
When i use InternetExplore, I can insert every item except Images(update,delete are ok).
When i use FireFox,I can insert every item. FireFox works very well.(update,delete are ok).
When i use Safari, I cannot even insert.

Actually code for insert,update and delete is super simple. It is kinda difficult to make mistakes.
I am just wondering if i should ask the staff member to use only FireFox when they want to use
the account pages.

Is that still my code prooblems or does it depend on browser?

Posted: Sun Aug 13, 2006 12:53 am
by feyd
Sounds like a code problem to me.

Posted: Sun Aug 13, 2006 12:57 am
by RobertGonzalez
Browsers are on the client. PHP Code is on the server. The two don't mix, so what you are exeriencing is a server-side code problem (as all DB interaction ocurrs on the server).

Posted: Sun Aug 13, 2006 1:46 am
by tetsuO2
Thanks for the quick replies.
so You guys think that my code has problems right?
I will check my code again carefully anyway.

by the way i have a question;
I echo $SQL of Insert.
the result is "insert into products values(null,'nike0101','pink','this good shoes for dancing crazely.','89.23','C:\\php\\livestock\\images\\products\\nike\\nike2.jpg','8.5','9','10','11','12','1')"

first field is 'productid'.
second one is 'productname'
third one is 'color'
forth one is 'description'
fifth one is 'price'
sixth one is 'image(path)'
from seventh one to the last one are for 'size'

See the sixth field-->'C:\\php\\livestock\\images\\products\\nike\\nike2.jpg'
usually this path is ''C:\php\livestock\images\products\nike\nike2.jpg'' but somehow the path has extra ' \ '.
the reason why i cannot insert images is maybe the path has extra ' \ '


sooner or later i will make a destination files for images but anyway i think the sixth field is strange.
i coded such as 'img: '<input type="file" name="img">' .
of course the image is in the same folder of the PHP file.

my computer is broken or my code is, as you said, broken?

Posted: Sun Aug 13, 2006 1:50 am
by feyd
The "extra" slashes are fairly normal, depending on what you're doing. A general problem is IE will set the full, client side, path, while Firefox will correctly only send the filename. Use basename() to pull out the filename.

Posted: Sun Aug 13, 2006 2:40 am
by tetsuO2
I used 'basename' such as;

Code: Select all

$path=$_POST["img"];
$pimg=basename($path);
$pimg=basename($path,"/");
now the problem, which is extra '\'. was solved.

Thank you very much.
I love PHP.

Posted: Sun Aug 13, 2006 12:11 pm
by Tom420
I think you don't understand file upload at all. Thus I recommand that you check that up in the manual:
http://www.php.net/manual/en/features.file-upload.php

Also you should not store the filename received from the client, nor it's pathname. For one, the pathname is no more valid on the server. Secondly, the filename was unique in the client machine, but is no more on the server. What if two different staff members uploaded a file calle Nike2.jpg for two different products?

A solution would be to use the product name (nike0101) if this value is unique (no two products can have the same name). For example, automatically save the picture as <product_name>.jpg. This way, you don't even have to store the filename at all as it is already known from the name of the product. However, if the picture is optional (if not all products have to have a picture available), you could have an additionnal field to remember if a picture was available or not (or just browse the picture directory). On the other hand, if a product could have more than one picture, you'll have to figure out some other mechanism, but from the code provided that doesn't seem to be the case.

Tom :)

Posted: Tue Aug 15, 2006 12:09 am
by tetsuO2
yup, i just coded for file upload. thanks.

by the way , my friends told me there some hosting servers that are not available to use code for file upload
such as below code.

Code: Select all

<form enctype="multipart/form-data" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post"> 
<input type="hidden" name="MAX_FILE_SIZE" value="2048000"> 
brand:<input type="text" name="brand"><br />
File: <input name="userfile" type="file" /><br /> 
<input type="submit" value="Upload" /> 
</form> 
<?php
$tempFile=$HTTP_POST_FILES['userfile']['tmp_name'];
$finalFile=$HTTP_POST_FILES['userfile']['name'];
$destFile="images/".$_POST["brand"]."/".$finalFile;
copy($tempFile,$destFile);
?>

so even though i want to insert some images from the account page,
i canot upload them ?
Do i have to insert images to FTP server directly everytime?(<-- that is too much work)
have you ever heard of that?

Posted: Tue Aug 15, 2006 5:08 am
by Tom420
No, I have never heard of a host preventing one from uploading a file. In fact, I don't see how one could do that.

Please see the function move_uploaded_file(). There is a reason why they mentionned only this function and no other on the page I sent you to. In fact, most hosts will not let you use anything else. move_uploaded_file() knows what an uploaded file is (therefore is safer to use) and knows how to deal with server securities in place.

Posted: Tue Aug 15, 2006 12:00 pm
by RobertGonzalez
Yes, hosts can, and have, disabled certain functions of PHP. GoDaddy, for example, on their Windows accounts that have PHP on them, will disable a lot of functions that you would think should just be there, like mail().

Posted: Tue Aug 15, 2006 1:02 pm
by tetsuO2
i see. im happy to hear that.
so i can keep woking on this.

Thank you, Tom420.

Posted: Tue Aug 15, 2006 3:07 pm
by Tom420
Everah wrote:Yes, hosts can, and have, disabled certain functions of PHP. GoDaddy, for example, on their Windows accounts that have PHP on them, will disable a lot of functions that you would think should just be there, like mail().
I totaly agree with you on that one. The mail() function is a good example, often disabled, in particular on free hosts. However, the question was about disabling file uploads. Could they? How would you do that? Disable move_uploaded_file() perharps? Now, I wonder why some host would want to disable this...

Posted: Tue Aug 15, 2006 3:29 pm
by feyd
There are potential security problems with inexperienced programmers and file uploads.

Posted: Tue Aug 15, 2006 3:53 pm
by RobertGonzalez
Tom420 wrote:However, the question was about disabling file uploads. Could they? How would you do that? Disable move_uploaded_file() perharps? Now, I wonder why some host would want to disable this...
Some developers are not as Security conscious as others, whether is be from inexperience, ignorance or sheer lack of desire to be bothered with security. Many a host has been stung by this lapse in security. Right or wrong, they are not willing to take that risk in many cases, and, as a result, remove the ability for users to destroy their systems through neglect.