PHP Data insert and image upload

**code green** · Mar 27 '07, 08:27 AM

i'm guessing i need a variable that will take the name of the file and add it to a pre defined url for example http://www.mysite.com/images/$file_name

Your guess is correct but I cannot see the code that attempts your guess Please define your exact problem.

**ronverdonk** · Mar 27 '07, 02:08 PM

How do you know you have uploaded the image file? I'll bet you it is not uploaded.

Ronald :cool:

**andrewtayloruk** · Mar 28 '07, 01:53 PM

Originally posted by ronverdonk

How do you know you have uploaded the image file? I'll bet you it is not uploaded.

Ronald :cool:

The file is uploading actually and i've got it to generate a random name during upload using uniqid(). I then put both variables $mysite = www.mysite.com and $file_name into the insert query. It's working but it seems a pretty dirty way of doing it.

I'm now stuck on displaying an error message and stopping the whole script whenever an invalid bit of data is put into one of the input boxes.

I've written a REGEX that will tell you to enter a valid email but it's just getting that to display next to the input box.

I'm guessing i need to look into boolean variables to get that working how i like??

**code green** · Mar 28 '07, 03:54 PM

I'm now stuck on displaying an error message and stopping the whole script whenever an invalid bit of data is put into one of the input boxes.

This is very easy to solve. What is not easy is following your train of thought. Please define a problem and publish the relevant code for that problem.

**andrewtayloruk** · Mar 30 '07, 09:14 AM

Hi, sorry i should have made myself clearer.

I've posted my code below, so far it's working, well it's uploading the file, renaming it and inserting the data from the form into the database. The problem i'm having is getting the script to stop if correct data is not entered into the form. Also, i'd like to get an error message to appear next to the relevant text boxes when incorrect information isn't entered. I'm aware this code isn't complete by the way so am not expecting it to work but i don't know where to go from here. Thanks

Code:

<?php 

if (isset($_POST['submitted'])) {

  $name = mysql_escape_string(trim($_POST['name']));
  $address = mysql_escape_string(trim($_POST['address']));
  $postcode = mysql_escape_string(trim($_POST['postcode']));
  $telephone = mysql_escape_string(trim($_POST['telephone']));
  $fixedemail = mysql_escape_string(trim($_POST['email']));
  $imglocation = mysql_escape_string('http://www.mysitecom/uploader1/images/');
  
  
  // This bit of code checks the form for correctly entered information
  if (eregi('^([-a-z0-9._]+)@([-a-z0.9_]+\.+[a-z]{2,6})$',$fixedemail,$email))
			{ print "" ;}
	else 	{ print "You entered an invalid email address. Please enter username@domain <br />" ; }		
			


      // This bit puts the file in the $file variable into the folder on the server and changes its name so it isn't overwritten
		 $file_name = uniqid("img").".jpg";

          if ($file_name !="") {
	        copy ("$file", "/var/www/vhosts/mysite.com/httpdocs/uploader1/images/$file_name")
		      or die ("Sorry there was a problem");}
  
     
	  // This is the SQL part of the code
	  $dbid = mysql_connect ('localhost', 'address', 'password');
	          mysql_select_db('addresses',$dbid) 
	          or die ("Cannot find database");
	
	  $query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES ('', '$name', '$address', '$postcode', '$telephone', '$email', '$imglocation$file_name')";
	  $result = mysql_query($query,$dbid) 
	   or die("INSERT error:".mysql_error());
	 
	  echo 'Row inserted and image uploaded';
	  exit;
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 

<html>
<head>
<title>Data submission - db version</title>
</head>
<body>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="300">
<tr><td width="50" align="left">Name:</td><td width="150" align="center"><input type="text" name="name"></td></tr>
<tr><td width="50" align="left">Address:</td><td width="150" align="center"><input type="text" name="address"></td></tr>
<tr><td width="50" align="left">Postcode:</td><td width="150" align="center"><input type="text" name="postcode"></td></tr>
<tr><td width="50" align="left">Telephone:</td><td width="150" align="center"><input type="text" name="telephone"></td></tr>
<tr><td width="50" align="left">Email:</td><td width="150" align="center"><input type="text" name="email"></td></tr>
<tr><td width="80" align="left">Image:<br></td><td width="220" align="center" valign="middle"><input type="file" name="file"><br></td></tr>
<tr><td align="left"><input type="submit" name="submitted" value="Submit" ></td></tr>

</table>
</form>
</body>
</html>

**code green** · Mar 30 '07, 11:29 AM

Check your data input after this point

Code:

if (isset($_POST['submitted'])) {

The following lines of code prepare the data for database input but no checking has been done prior. So forget about these for now

Code:

 $name = mysql_escape_string(trim($_POST['name']));

There are various ways of handling this - simple to sophisticated. A simple method is to create a valid form flag and a message string.[PHP]$valid = TRUE;
$msg = 'There were the following errors';[/PHP]
Then change your mysql_real_esca pe_string lines to
[PHP]$name = striptags(trim( $_POST['name']));
if(empty($name) ){
$valid = FALSE;
$msg = 'Please enter a name';
}[/PHP]And similar for the other fields.
A useful test for example could be
[PHP]if(!is_numeric( $telephone)){
$valid = FALSE;
$msg = 'Please enter a valid telephone number';
}[/PHP]When all input data has been tested simply test $valid
[PHP]if($valid){
$name = mysql_real_esca pe_string($name );
//etc
//Then load the data into database
}
else
{
echo $msg;
//Reload the page
}[/PHP]

**andrewtayloruk** · Apr 2 '07, 10:31 AM

Hi, could you explain the more complicated ways of doing it? I've got it working how you suggested but it's not really what i'm after. It's printing the error messages but isn't showing them next to the input fields. Is it possible to get it to do this using the method you described?

Thanks for your help by the way.

**code green** · Apr 2 '07, 12:21 PM

I made a slight error in my syntax. The $msg string should have been concatenated so as to print a list of errors ie.[PHP]$msg .= '<br>Please enter a name';[/PHP]

Hi, could you explain the more complicated ways

I was only referring to a form handling class or javascript here.

It's printing the error messages but isn't showing them next to the input fields.

If you want to do this the messages need seperating. I would collect them into an array instead of concatenating a string and name the element key the same as the relevant textbox name [PHP]$msg['name'] = 'Please enter your name';
$msg['postcode'] = 'Please enter a valid postcode';
//etc [/PHP] Then mix a bit of php into the html when creating your textboxes.
[PHP] <tr><td width="50" align="left">Na me:</td>
<td width="150" align="center"> <input type="text" name="name">
<?php if(isset($msg['name'])) echo $msg['name'];?> </td></tr>
<tr><td width="50" align="left">Ad dress:</td>
<td width="150" align="center"> <input type="text" name="address">
<?php if(isset($msg['address'])) echo $msg['address'];?> </td></tr>[/PHP] Good Luck

PHP Data insert and image upload

PHP Data insert and image upload

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment