problem with upload image path to mysql

desup 0 Newbie Poster · 2012-01-08T00:58:53+00:00

Don't understand that bracket around variables:

$title = $_POST['title'];
$author = $_POST['author'];
$isbn = $_POST['isbn'];
$description = $_POST['description'];
$publisher = $_POST['publisher'];
$year = $_POST['year'];
$stock = $_POST['stock'];
$price = $_POST['price'];
$sold = $_POST['sold'];

But don't know if this is a Solution try to add or die after the query.
Like:

mysql_query("INSERT INTO Product1 SET title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'") or die(mysql_error());

mikulucky 25 Junior Poster in Training · 2012-01-08T01:10:18+00:00

Don't understand that bracket around variables:

The brackets around the variables is to do with the $_POST variable. When items are posted to a script they are all placed into an array. So these brackets state this part of the array.

diafol · 2012-01-08T01:54:43+00:00

I don't get the brackets thing either.

Anyway - you MUST clean your input ($_POST variables) before inserting them into an SQL query.

mikulucky 25 Junior Poster in Training · 2012-01-08T02:13:27+00:00

Oh I'm sorry, I miss read, didn't see the curved brackets. Yeah they don't make sense.

issaru07 0 Light Poster · 2012-01-08T08:46:05+00:00

sorryfor the confusion.
was doing $title = trim(sql_safe($_POST)); earlier..

there is no message or any error when i clickthe upload button.

<?php
// Require the database connection:
require ('./includes/config.inc.php');
require (MYSQL);

if ($_SERVER['REQUEST_METHOD'] == 'POST'){    
	// cleaning title field    
	$title = $_POST['title'];  
	$author = $_POST['author'];
	$isbn = $_POST['isbn'];
	$description = $_POST['description'];
	$publisher = $_POST['publisher'];
	$year = $_POST['year'];
	$stock = $_POST['stock'];
	$price = $_POST['price'];
	$sold = $_POST['sold'];
	
	$imagelocation = './images/'
	or die(mysql_error());
	
if ($title == '') // if title is not set        
		$title = '(empty title)';// use (empty title) string    

	if (isset($_FILES['imagelocation']))        
	{                       
		if (!isset($msg)) // If there was no error            
		{                
			// Preparing data to be used in MySQL query                
			mysql_query("INSERT INTO Product1 SET 

title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'");                
			$msg = 'Success: image uploaded';            
		}        
	}        
	elseif (isset($_GET['title']))      // isset(..title) needed            
		$msg = 'Error: file not loaded';
			// to make sure we've using                                            
			// upload form, not form                                            
			// for deletion           
	if (isset($_POST['del'])) // If used selected some photo to delete        
	{                         // in 'uploaded images form';            
		$id = intval($_POST['del']);            
		mysql_query("DELETE FROM {$table} WHERE id=$id");            
		$msg = 'Photo deleted';        
	}    
	
}
?>

<html><head>
<title>Administration Page</title>
</head>
<body>
<?php
if (isset($msg)) // this is special section for                 
		// outputing message
{
?>
<p style="font-weight: bold;"><?=$msg?>
<br>
<a href="admin-upload.php">reload page</a>
<!-- I've added reloading link, because     
	refreshing POST queries is not good idea -->
</p>
<?php
}
?>
<h1>Administration Page
</h1>
<h2>Uploaded images:</h2>


</form>
<h2>Upload new image:</h2>
<form action="admin-upload.php" method="POST" enctype="multipart/form-data">
<label for="title">Title:</label><br>
<input type="text" name="title" id="title" size="64"><br><br>
<label for="model">Author:</label><br>
<input type="text" name="author" id="author" size="64"><br><br>
<label for="year">ISBN:</label><br>
<input type="text" name="isbn" id="isbn" size="64"><br><br>
<label for="price">Description:</label><br>
<input type="text" name="description" id="description" size="64"><br><br>
<label for="location">Publisher:</label><br>
<input type="text" name="publisher" id="publisher" size="64"><br><br>
<label for="year">Year:</label><br>
<input type="text" name="year" id="year" size="64"><br><br>
<label for="photo">Stock:</label><br>
<input type="text" name="stock" id="stock"><br><br>
<label for="price">Price:</label><br>
<input type="text" name="price" id="price" size="64"><br><br>
<label for="photo">Sold:</label><br>
<input type="text" name="sold" id="sold"><br><br>


<label for="imagelocation">Photo:</label><br>
<input type="file" name="imagelocaton" id="imagelocation"><br><br>

<input type="submit" value="upload">
</form>
           
</body>
</html>

diafol · 2012-01-08T20:41:18+00:00

was doing $title = trim(sql_safe($_POST)); earlier..

But it doesn't seem like you're doing it now. Not cleaning your vars can stop your script from working without telling you why. So clean them and them move on to the next logical problem.

In addition, I would strongly recommend that you DON'T send form data to the same page as this plays havoc with refreshing and the back button. I'd send all forms to a general or dedicated formhandler script (file).