UPDATE Query and File Blobs

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Philth
    New Member
    • Oct 2007
    • 38
    #1

    UPDATE Query and File Blobs

    HI there,

    I had a similar problem yesterday with my delete function. All looks ok, yet doesn't delete. I've tried adding the '$_GET' to the sql query, without any success. Is this perhaps a problem with the file uploads? The row ID is definately being posted correctly.

    Code:
    <?
include("connect.php"); 

if(isset($_POST['Submit']) && $_POST['Submit'] == "Submit")
{
	$fileName = $_FILES['userfile']['name'];
	$tmpName  = $_FILES['userfile']['tmp_name'];
	$fileSize = $_FILES['userfile']['size'];
	$fileType = $_FILES['userfile']['type'];
	
	$fp      = fopen($tmpName, 'r');
	$content = fread($fp, filesize($tmpName));
	$content = addslashes($content);
	fclose($fp);

	if(!get_magic_quotes_gpc())
{
    $fileName = addslashes($fileName);
}


	$resourceName = $_FILES['resource']['name'];
	$tmpName  = $_FILES['resource']['tmp_name'];
	$resourceSize = $_FILES['resource']['size'];
	$resourceType = $_FILES['resource']['type'];
	
	$fp      = fopen($tmpName, 'r');
	$resourceContent = fread($fp, filesize($tmpName));
	$resourceContent = addslashes($resourceContent);
	fclose($fp);

	if(!get_magic_quotes_gpc())
{
    $resourceName = addslashes($resourceName);
}

   $tutorialNumber = $_POST['tutorialNumber'];
   $tutorialTitle = $_POST['tutorialTitle'];
$tutorialDescription = $_POST['tutorialDescription'];
$tutorialContent = $_POST['tutorialContent'];


mysql_query("UPDATE tutorials SET tutorialTitle='$tutorialTitle', tutorialDescription='$tutorialDescription', tutorialContent='$tutorialContent', name='$fileName', size=$filesize, type='$filetype, content='$content', resourceName='$resourceName', resourceSize=$resourceSize, resourceType='$resourceType, resourceContent='$resourceContent' WHERE  tutorialNumber = '$tutorialNumber'");


 echo "<span class='titles'>Edit Complete!</span><br><br>";
}
// ************* End update part *************


$tutorialNumber=$_GET['tutorialNumber'];

$result=mysql_query("select * from tutorials where tutorialNumber='$tutorialNumber'");
or die ('Error querying database.');
$row=mysql_fetch_assoc($result);

mysql_close();
?>
    Many thanks
    Tags: None
    • Philth
      New Member
      • Oct 2007
      • 38
      #2
      Just out of interest, if the file upload field is left blank in this UPDATE form, will it over write the file that was originally posted in the database?

      If so, is there a reasonably simple way around this?

        Comment

        • Philth
          New Member
          • Oct 2007
          • 38
          #3
          Anybody got any ideas?

            Comment

            • code green
              Recognized Expert Top Contributor
              • Mar 2007
              • 1726
              #4
              Anybody got any ideas?
              I have really no idea what your problem is.
              All looks ok, yet doesn't delete
              I cannot see a DELETE query
              I've tried adding the '$_GET' to the sql query
              Please explain how you use $_GET in SQL
              Is this perhaps a problem with the file uploads?
              Could be. But without any error trapping or debugging in your code it is impossible to know what is happening.
              You need about half a dozen more 'if' statements in your code

                Comment

                • Philth
                  New Member
                  • Oct 2007
                  • 38
                  #5
                  Thanks for the reply,

                  Sorry I meant UPDATE, not DELETE.

                  You'll have to forgive me, I'm a complete novice. I've used $_GET in the following way before...

                  Code:
                  $query = ("DELETE FROM tutorials WHERE tutorialNumber = '".$_GET["id"]."' LIMIT 1");
                  I just thought I might be able to use a similar query with the problem above. Evidently not.

                    Comment

                    • code green
                      Recognized Expert Top Contributor
                      • Mar 2007
                      • 1726
                      #6
                      You should avoid the habit of using data straight from a form into a query.
                      Read about "SQL Injection".
                      Although it works so that is not the problem.

                      I suspect a problem with the file hence my suggestion for more testing.
                      By that I mean at least
                      Code:
                      if($fp = fopen($tmpName, 'r')){
    if($content = fread($fp, filesize($tmpName))){
        echo $content;
       $content = addslashes($content); 
        if(!fclose($fp))
         echo 'Could not close file';
    }
    else echo 'Could not read file';
}
else 'Could not open file';
                      This won't 'make it work' but it will help debug

                        Comment

                        • Philth
                          New Member
                          • Oct 2007
                          • 38
                          #7
                          I've basically boiled it down to this. I've stripped out any mention of images uploads etc and still it doesn't work.

                          What am I doing wrong with the "or die" command? Not even that is working.

                          Code:
                          <?

include("connect.php"); 
if(isset($_POST['Submit']) && $_POST['Submit'] == "Submit")
{
$courseID=$_POST['courseID'];
$courseTitle = $_POST['courseTitle'];

$str = "UPDATE course SET courseTitle='{$courseTitle}' WHERE courseID='{$courseID}'";
mysql_query($str) or die("Query failed:<br>".mysql_error());
echo "<span class='titles'>Edit Complete!</span><br><br>";
}
?>

<?
include("connect.php"); 
$courseID=$_GET['courseID'];
$result=mysql_query("select * from course where courseID='$courseID'");
$row=mysql_fetch_assoc($result);
?>


   <form action="process_edit_course.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="courseID" value="<?php echo $row['courseID']; ?>">
    <TABLE width="100%" cellpadding="0" cellspacing="10" bgcolor="#FFFFFF" class="border">
      <br>
      <TR valign="top"> 
        <TD width="388"><span class="bodytext">Course Title: </span></TD>
      </TR>
      <TR valign="top">
        <TD width="388"><input name='courseTitle' type='text' class="border" id="courseTitle" value="<? echo $row['courseTitle']; ?>" size="45" /></TD>
      </TR>
      <TR valign="top">
        <TD><input type="submit" name="submit" value="Add Course to Libary" /></TD>
      </TR>
    </TABLE>
</form>

                            Comment

                            • code green
                              Recognized Expert Top Contributor
                              • Mar 2007
                              • 1726
                              #8
                              Rather than the 'or die' command I prefer to handle the error cleanly and continue.
                              However, you must remember that 'or die' will only action if your function returns false, which is basically an error.
                              So if the query executes without an error but does nothing then you will not know, because your code still lacks if statements.

                              Code:
                              print_r($_POST);
if(isset($_POST['Submit']) && $_POST['Submit'] == "Submit") 
{ 
$courseID=$_POST['courseID'];
if(!isset($_POST['courseID']))
  echo 'No courseID';
echo $courseID;
$courseTitle = $_POST['courseTitle']; 
echo $courseTitle ;
 
$str = "UPDATE course SET courseTitle='{$courseTitle}' WHERE courseID='{$courseID}'"; 
echo $str;
$res = mysql_query($str) or die("Query failed:<br>".mysql_error());
echo $res 
echo "<span class='titles'>Edit Complete!</span><br><br>"; 
} 
else echo 'Form not submitted';
                              Basically you are not helping by working blind;

                                Comment

                                • Philth
                                  New Member
                                  • Oct 2007
                                  • 38
                                  #9
                                  Thankss for your help - I appreciate the tips.

                                    Comment

                                    • code green
                                      Recognized Expert Top Contributor
                                      • Mar 2007
                                      • 1726
                                      #10
                                      No problem. Once you can see what is happening it is much easier to pinpoint the fault.
                                      If you can't then post back.

                                      EDIT: By the way, I forgot to include make use of
                                      Code:
                                      mysql_num_rows()
mysql_rows_affected()
                                      Last edited by code green; Aug 19 '09, 08:39 AM. Reason: Omission

                                        Comment

                                        Previous template Next
                                        Working...