Hello PHP,
I am having a problem. I know the area of the problem, but not how to
solve it.
It has to do with a php page with a form on it, and I am trying to
perform an insert query into
my mysql database.
I know that when I "submit" (post) the form, everything goes blank,
and the insert query is not run.
Basically here is my story. Initially I had a page with all in-line
code, that uses includes for connection to the db, and a error
processing page. I also have another include page that has some
functions in it, one of which is for resizing images. That function,
cleverly named resizeImage returns a down-sized height and width,
which get loaded into the database table, along with info on the image
itself (name, location,etc).
this page has php code which reads a directory, finds jpeg images,
does a resizeImage for each image (in a for loop), and then performs
the insert query for each image. I would run the whole thing just by
loading the page (no form tags on this page). Everything works fine,
I call the resizeImage function from the fileloader.php page, the
function is in a page called size_image.php (I use a require for
this).
I decided that I would like to add some flexibility to this page and
create a form where I could enter a parameter (an integer), and click
a button, which would then run this same insert query, and the
resizeImage function, and then tell me if I inserted the records.
I am using a if(isset($_REQUEST['update'])) type construct to respond
to the button click (named 'update').
and use the POST action and $_SERVER[PHP_SELF] as the form.
When I click the button, most of the page runs, and then all goes
blank in the browser, and the records are not inserted into the
database. I am guessing that something in the post blitzes my
variables, etc, so the query never runs, etc.
Below is some of the code in the page - I have an input box for the
parameter, and a button to run the function. I would appreciate any
suggestions.
Thanks,
eholz1
Code below:
<?php
@require_once '/usr/local/php/include/size_image.php';
include '/usr/local/php/include/db.inc';
include '/usr/local/php/include/error.inc';
global $dbconnect, $query;
$p = $_REQUEST["p"];
if(isset($_POST['update']))
{
performLoad($p);
//echo "value for post is: $p";
} else {
echo 'Post not set';
}
$serverName = $_SERVER["SERVER_NAME"];
if ($serverName != 'beaulinux')
{
//connection files for mysql
@include 'c:/php/includes/db.inc';
@include 'c:/php/includes/error.inc';
@require_once 'c:/php/includes/size_image.php';
}else{
@include '/usr/local/php/include/db.inc';
@include '/usr/local/php/include/error.inc';
}
$dbconnect = db_connect('portfolios') or trigger_error("Error
Connecting to Database: " . mysql_error(), E_USER_ERROR);
function performLoad($p)
{
$filecount = 0;
$filelist[0] = '';
$idx = 0;
$query = 0;
$path = 'testimage';
$dir_handle = @opendir($path) or die("Unable to open directory
$path");
/*** Load an array with the list of files in the dir ***/
while ($file = readdir($dir_handle))
{
//$filetyp =getFileType($file); no good for all images???OR $filetyp
== 'gif'
$filetyp = strtolower(substr($file, -3));
if ($filetyp == 'jpg' )
{
$filecount++;
//***$handle = fopen($path . "/" . $file,'r');
$filelist[$idx] = $path . "/" . $file; //add file to array
//echo $filelist[$idx];
$idx++;
//***$file_content = fread($handle,filesize($path . "/" . $file));
//***fclose($handle);
}
}
closedir($dir_handle);
// now read the array, and load the files into the database....
for ($i=0; $i < $filecount; ++$i)
{
list($width, $height, $type, $attr) = getimagesize($filelist[$i]);
if ($type == 2) $filetype = 'image/jpeg';
$n_width = resizeImage($width,$height);
$name = explode('/',$filelist[$i]);
$filesize = filesize($filelist[$i]);
//echo $name[1] . ' '. $n_width[0] . ' height: ' .
$n_width[1].'<br>';
$insertSQL = "INSERT INTO images3
(name,folder,type,filesize,orig_width,orig_height, resize_width,resize_height,p)
VALUES(\"" .
$name[1]."\", \"" .$path. "\", \"" .$filetype . "\", \"" .
$filesize . "\", \"" .
$width. "\", \"" .$height. "\", \"" .$n_width[0]. "\", \"" .
$n_width[1]. "\", \"" . "$p" . "\")";
/*** remember to comment or un-coment this line!! ***/
//$query = @mysql_query($insertSQL) or trigger_error("Error
performing query: " . mysql_error(),E_USER_ERROR);
//table is loaded with the files using a resized width by bad
height
}
} //end func place holder
?> 5 1830
/*** remember to comment or un-coment this line!! ***/
If uncommenting you insert query doesn't work, and the page goes blank,
please remove all @'s. Errors are usefull when something doesn't work.
Furthermore you only echo something on errors, so having a blank page is
just what this code does after a succesfull run.
--
Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel
On 8 Mar, 17:31, "eholz1" <ewh...@gmail.comwrote:
Hello PHP,
I am having a problem. I know the area of the problem, but not how to
solve it.
It has to do with a php page with a form on it, and I am trying to
perform an insert query into
my mysql database.
I know that when I "submit" (post) the form, everything goes blank,
and the insert query is not run.
Basically here is my story. Initially I had a page with all in-line
code, that uses includes for connection to the db, and a error
processing page. I also have another include page that has some
functions in it, one of which is for resizing images. That function,
cleverly named resizeImage returns a down-sized height and width,
which get loaded into the database table, along with info on the image
itself (name, location,etc).
this page has php code which reads a directory, finds jpeg images,
does a resizeImage for each image (in a for loop), and then performs
the insert query for each image. I would run the whole thing just by
loading the page (no form tags on this page). Everything works fine,
I call the resizeImage function from the fileloader.php page, the
function is in a page called size_image.php (I use a require for
this).
I decided that I would like to add some flexibility to this page and
create a form where I could enter a parameter (an integer), and click
a button, which would then run this same insert query, and the
resizeImage function, and then tell me if I inserted the records.
I am using a if(isset($_REQUEST['update'])) type construct to respond
to the button click (named 'update').
and use the POST action and $_SERVER[PHP_SELF] as the form.
When I click the button, most of the page runs, and then all goes
blank in the browser, and the records are not inserted into the
database. I am guessing that something in the post blitzes my
variables, etc, so the query never runs, etc.
Below is some of the code in the page - I have an input box for the
parameter, and a button to run the function. I would appreciate any
suggestions.
Thanks,
also try not to get hacked:
make life easy on yourself, escape all values that go into the
database, to avoid SQL injection.
EVERY VALUE SHOULD HAVE CORRECT TYPE
$name[1] -string
$filesize -int?
$height -int?
$p -string
EVERY STRING (or even int) NEEDS TO BE ESCAPED USING
mysql_real_escape() or better mysql_real_escape_string(
$insertSQL = sprintf(
"INSERT INTO `images3` " .
"(`name`, `folder`, `type`, `filesize`, `orig_width`, " .
"`orig_height`, `resize_width`, `resize_height`, `p`)" .
"VALUES( '%s', '%s', '%s', '%d', '%d', '%d' , '%d', '%d', '%s')",
mysql_real_escape_string($name[1]),
mysql_real_escape_string($path),
mysql_real_escape_string($filetype),
mysql_real_escape_string($filesize),
mysql_real_escape_string($width),
mysql_real_escape_string($height),
mysql_real_escape_string($n_width[0]),
mysql_real_escape_string($n_width[1]),
mysql_real_escape_string($p)
);
this gets boring, so why not have your vars in an array and use
array_walk to escape the values
Also you should enforce bounds checking on all your vars, before entry
into the database, is your database only allowing 32 chars for a
$name[1], then use
$name[1] = substr($name[1],0,32);
etc...
stay neat and tidy and you will be able to see clearly.
shimmyshack <ma********@gmail.comwrote:
also try not to get hacked:
make life easy on yourself, escape all values that go into the
database, to avoid SQL injection.
EVERY VALUE SHOULD HAVE CORRECT TYPE
$name[1] -string
$filesize -int?
$height -int?
$p -string
EVERY STRING (or even int) NEEDS TO BE ESCAPED USING
mysql_real_escape() or better mysql_real_escape_string(
$insertSQL = sprintf(
"INSERT INTO `images3` " .
"(`name`, `folder`, `type`, `filesize`, `orig_width`, " .
"`orig_height`, `resize_width`, `resize_height`, `p`)" .
"VALUES( '%s', '%s', '%s', '%d', '%d', '%d' , '%d', '%d', '%s')",
mysql_real_escape_string($name[1]),
mysql_real_escape_string($path),
mysql_real_escape_string($filetype),
mysql_real_escape_string($filesize),
mysql_real_escape_string($width),
mysql_real_escape_string($height),
mysql_real_escape_string($n_width[0]),
mysql_real_escape_string($n_width[1]),
mysql_real_escape_string($p)
);
this gets boring, so why not have your vars in an array and use
array_walk to escape the values
Indeed, something I like to do when the variables are set up, really keeps
it managable.
Also an option with MDB2 prepared statment.
$db = new MDB2();
$db->connect('mysqli://user:pass@host/database');
$db->loadModule('Exended', null, false);
$inserts = array();
$stmt = $db->prepare(
'INSERT INTO `table` (`field`,`foo`,`bar`) VALUES (:field,:foo,:bar)',
array('text','text','integer'),
MDB2_PREPARE_MANIP);
foreach($something as $item){
//some code
$inserts[] = compact($bar,$foo,$field);
}
$db->extended->executeMultiple($stmt,$inserts);
--
Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel
In article <11*********************@t69g2000cwt.googlegroups. com>, ma********@gmail.com says...
$name[1] = substr($name[1],0,32);
etc...
Wouldnt that truncate data without warning?
Surely not a good idea?
On Mar 9, 8:39 am, "shimmyshack" <matt.fa...@gmail.comwrote:
On 8 Mar, 17:31, "eholz1" <ewh...@gmail.comwrote:
Hello PHP,
I am having a problem. I know the area of the problem, but not how to
solve it.
It has to do with a php page with a form on it, and I am trying to
perform an insert query into
my mysql database.
I know that when I "submit" (post) the form, everything goes blank,
and the insert query is not run.
Basically here is my story. Initially I had a page with all in-line
code, that uses includes for connection to the db, and a error
processing page. I also have another include page that has some
functions in it, one of which is for resizing images. That function,
cleverly named resizeImage returns a down-sized height and width,
which get loaded into the database table, along with info on the image
itself (name, location,etc).
this page has php code which reads a directory, finds jpeg images,
does a resizeImage for each image (in a for loop), and then performs
the insert query for each image. I would run the whole thing just by
loading the page (no form tags on this page). Everything works fine,
I call the resizeImage function from the fileloader.php page, the
function is in a page called size_image.php (I use a require for
this).
I decided that I would like to add some flexibility to this page and
create a form where I could enter a parameter (an integer), and click
a button, which would then run this same insert query, and the
resizeImage function, and then tell me if I inserted the records.
I am using a if(isset($_REQUEST['update'])) type construct to respond
to the button click (named 'update').
and use the POST action and $_SERVER[PHP_SELF] as the form.
When I click the button, most of the page runs, and then all goes
blank in the browser, and the records are not inserted into the
database. I am guessing that something in the post blitzes my
variables, etc, so the query never runs, etc.
Below is some of the code in the page - I have an input box for the
parameter, and a button to run the function. I would appreciate any
suggestions.
Thanks,
also try not to get hacked:
make life easy on yourself, escape all values that go into the
database, to avoid SQL injection.
EVERY VALUE SHOULD HAVE CORRECT TYPE
$name[1] -string
$filesize -int?
$height -int?
$p -string
EVERY STRING (or even int) NEEDS TO BE ESCAPED USING
mysql_real_escape() or better mysql_real_escape_string(
$insertSQL = sprintf(
"INSERT INTO `images3` " .
"(`name`, `folder`, `type`, `filesize`, `orig_width`, " .
"`orig_height`, `resize_width`, `resize_height`, `p`)" .
"VALUES( '%s', '%s', '%s', '%d', '%d', '%d' , '%d', '%d', '%s')",
mysql_real_escape_string($name[1]),
mysql_real_escape_string($path),
mysql_real_escape_string($filetype),
mysql_real_escape_string($filesize),
mysql_real_escape_string($width),
mysql_real_escape_string($height),
mysql_real_escape_string($n_width[0]),
mysql_real_escape_string($n_width[1]),
mysql_real_escape_string($p)
);
this gets boring, so why not have your vars in an array and use
array_walk to escape the values
Also you should enforce bounds checking on all your vars, before entry
into the database, is your database only allowing 32 chars for a
$name[1], then use
$name[1] = substr($name[1],0,32);
etc...
stay neat and tidy and you will be able to see clearly.
Thanks for the tip - as always, there is much more for me to learn and
use!
eholz1 This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: The Voivod |
last post by:
I have the requirements of getting a simple form to output to a db
file. Currently I am using a form called ennyform and it outputs to a
flat file. The person who want this wants it to be...
|
by: Armin Irger |
last post by:
Hi,
i'am running a debian sarge with the delivered apache2 mysql and php4.
The file "mitarbeiter_eingabe.php" gets the data over a html <FORM>
and send it to...
|
by: Prabu Subroto |
last post by:
Dear my friends...
I am trying to develop a database application with PHP
Version 4.3.2, MS Window 2000, MySQL 4.0.13-nt and
Apache 2.
I tried to insert a record onto my MySQL but I got
this...
|
by: David Emme |
last post by:
Win XP Pro
Access 97
MySQL 4.0.x
I'm attempting to convert a number of apps to MySQL backends. Having
converted the tables from the MDB backend, I'm running into a number of
differences in...
|
by: Cheryl Langdon |
last post by:
Hello everyone,
This is my first attempt at getting help in this manner. Please
forgive me if this is an inappropriate request.
I suddenly find myself in urgent need of instruction on how to...
|
by: Dudu |
last post by:
Dear Programmers
I try to install mysql version 5.0 and I encountered with a problem
when I tried to start the service. I got error 1067.
I checked the log file and saw the following records...
|
by: Frank Rizzo |
last post by:
I've been given a project to work with which involves connecting to
MySQL from .NET 2.0 app. I've googled looked and there is a metric ton
of different MySQL ADO.NET providers from different...
|
by: dac |
last post by:
I am quietly going insane on this project. I've never worked on a project like this one before. All my previous sticky forms were for data entry, not editing. I don't know how to display the form...
|
by: Atli |
last post by:
You may be wondering why you would want to put your files “into” the database, rather than just onto the file-system. Well, most of the time, you wouldn’t.
In situations where your PHP application...
|
by: janetopps |
last post by:
I have a news website, with asp pages, which was on Access, and i upgraded to MySQL, i used Bullzip to transfer the data. It had about 1000 pages, which im now able to pull up on the public side. Im...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: jfyes |
last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Defcon1945 |
last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: af34tf |
last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
| |