Member Avatar for blt4424

I'm trying to rename a file uploaded to the username of the logged in user. I can't seem to figure it out. I'm trying to mimic how I got the username and details on my profile pages. The pictures are uploaded to a folder, not a database.

Here's my uploads.php

<?php session_start();
	include 'mysql-connect2.php';

# Setting auser as SESSION['user']
$auser = $_SESSION['user'];

# SQL protecting variables
$username = (isset($_GET['username']))?mysql_real_escape_string($_GET['username']):$username;

if(isset($auser)) {
  $sql = mysql_query("SELECT * FROM `user` WHERE `username` = '$username'");
// directory path.


// get the dir to send file to and the file name.
 
$uploadfile = $username . basename($_FILES['userfile']['name']);

// get the current file information.
$file=$uploadfile;

//get the . and file exstention.
$ext = substr($file, -4);

//convert varable to the uplaoded directory the new id
//and extention.

$uploadfile=$sql.$ext;

//rename the file to the new one.

@rename($file,$uploadfile);

// if all the conditions are correct send the file to the directory.

if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)){

// success echoed

echo " <font color='red'>File is valid, and was successfully uploaded.</font>";
 
}else {

//unsuccesfull echoed

echo "<font color='red'>File was unsuccesful sorry</font>";

}
}
// show the form.
   
echo"
<form enctype='multipart/form-data' action='uploads.php' method='POST'>
   
<input type='hidden' name='MAX_FILE_SIZE' value='30000000000000000000000'>
 
send this file <input name='userfile' type='file' >
    
<input type='submit' name='submit' value='Send File'>

</form>";

?>

And my profile page code for reference.

<?php /*?><?php error_reporting(E_ALL ^ E_NOTICE); ?><?php */?>
<?php
# Starting the session
session_start();

# Requiring SQL connection
require_once 'mysql-connect2.php';

# Setting auser as SESSION['user']
$auser = $_SESSION['user'];

# SQL protecting variables
$username = (isset($_GET['username']))?mysql_real_escape_string($_GET['username']):$username;

# Checking through each query
if(isset($auser)) {
  $sql = mysql_query("SELECT * FROM `user` WHERE `username` = '$username'");
  if(mysql_num_rows($sql)) {
    while($row = mysql_fetch_array($sql)) {
      $page = "<h1>User Info</h1>".
              "<b>Username: {$row['username']}<br /><br />".
			  "<b>First Name: {$row['firstname']}<br /><br />".
			  "<b>Last Name: {$row['lastname']}<br /><br />".
			  "<b>Email: {$row['email']}<br /><br />".
              "<form name=\"backlistfrm\" method=\"post\" action=\"members2.php\">".
              "  <input type=\"submit\" value=\"Back to The List\">".
              "</form><br />";
			      }
  } else {
    $page = "ERROR: No member found for username: <strong>{$_GET['username']}</strong>.";
  }
} else {
  $page = "ERROR: Not logged in.";
}

# Printing the final output
print $page;

?>

Edit: sorry had wrong code.

I'm getting resource id #5 on the file name save instead of the username?? I really need help with this!! I'm a noob to php. Thanks in advance.

Edited by blt4424 because: n/a
  • 2 Contributors
  • 1 Reply
  • 97 Views
  • 15 Hours Discussion Span
  • Latest Post Latest Post by hielo
Member Avatar for hielo

AFTER successful execution of line 11, $sql contains a resource NOT a string - so line 28 doesn't make sense. You need to extract the data from the resource ($sql) returned by your query. It is not clear to me which field in $sql you are interested in , but assuming that in your DB Table you have a field named 'mysteryField', then what you need to do is:

//try not to doe SELECT * if you are NOT going to use all your fields
$sql = mysql_query("SELECT `mysteryField` FROM `user` WHERE `username` = '$username'") or die( mysql_error() );

$row=mysql_fetch_assoc($sql);
...
$uploadfile=$row['mysteryField'].$ext;

/* you don't need this. If I upload 'hi.txt' and you want it renamed to 'bye.rtf' you just need to specify the NEW name as the second argument to move_uploaded file which you are ALREADY DOING.
//rename the file to the new one
@rename($file,$uploadfile); 
*/
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)){
...
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.