473,324 Members | 2,268 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

mysql and php with form

Hello PHP,

I am having a problem. I know the area of the problem, but not how to
solve it.
It has to do with a php page with a form on it, and I am trying to
perform an insert query into
my mysql database.

I know that when I "submit" (post) the form, everything goes blank,
and the insert query is not run.
Basically here is my story. Initially I had a page with all in-line
code, that uses includes for connection to the db, and a error
processing page. I also have another include page that has some
functions in it, one of which is for resizing images. That function,
cleverly named resizeImage returns a down-sized height and width,
which get loaded into the database table, along with info on the image
itself (name, location,etc).

this page has php code which reads a directory, finds jpeg images,
does a resizeImage for each image (in a for loop), and then performs
the insert query for each image. I would run the whole thing just by
loading the page (no form tags on this page). Everything works fine,
I call the resizeImage function from the fileloader.php page, the
function is in a page called size_image.php (I use a require for
this).

I decided that I would like to add some flexibility to this page and
create a form where I could enter a parameter (an integer), and click
a button, which would then run this same insert query, and the
resizeImage function, and then tell me if I inserted the records.

I am using a if(isset($_REQUEST['update'])) type construct to respond
to the button click (named 'update').
and use the POST action and $_SERVER[PHP_SELF] as the form.

When I click the button, most of the page runs, and then all goes
blank in the browser, and the records are not inserted into the
database. I am guessing that something in the post blitzes my
variables, etc, so the query never runs, etc.

Below is some of the code in the page - I have an input box for the
parameter, and a button to run the function. I would appreciate any
suggestions.

Thanks,

eholz1

Code below:
<?php

@require_once '/usr/local/php/include/size_image.php';

include '/usr/local/php/include/db.inc';
include '/usr/local/php/include/error.inc';
global $dbconnect, $query;

$p = $_REQUEST["p"];

if(isset($_POST['update']))
{
performLoad($p);
//echo "value for post is: $p";
} else {
echo 'Post not set';
}

$serverName = $_SERVER["SERVER_NAME"];

if ($serverName != 'beaulinux')
{
//connection files for mysql
@include 'c:/php/includes/db.inc';
@include 'c:/php/includes/error.inc';
@require_once 'c:/php/includes/size_image.php';
}else{
@include '/usr/local/php/include/db.inc';
@include '/usr/local/php/include/error.inc';
}

$dbconnect = db_connect('portfolios') or trigger_error("Error
Connecting to Database: " . mysql_error(), E_USER_ERROR);

function performLoad($p)
{

$filecount = 0;
$filelist[0] = '';
$idx = 0;
$query = 0;

$path = 'testimage';

$dir_handle = @opendir($path) or die("Unable to open directory
$path");
/*** Load an array with the list of files in the dir ***/
while ($file = readdir($dir_handle))
{
//$filetyp =getFileType($file); no good for all images???OR $filetyp
== 'gif'
$filetyp = strtolower(substr($file, -3));
if ($filetyp == 'jpg' )
{
$filecount++;
//***$handle = fopen($path . "/" . $file,'r');
$filelist[$idx] = $path . "/" . $file; //add file to array
//echo $filelist[$idx];
$idx++;
//***$file_content = fread($handle,filesize($path . "/" . $file));
//***fclose($handle);

}
}
closedir($dir_handle);

// now read the array, and load the files into the database....

for ($i=0; $i < $filecount; ++$i)
{
list($width, $height, $type, $attr) = getimagesize($filelist[$i]);
if ($type == 2) $filetype = 'image/jpeg';
$n_width = resizeImage($width,$height);
$name = explode('/',$filelist[$i]);
$filesize = filesize($filelist[$i]);
//echo $name[1] . ' '. $n_width[0] . ' height: ' .
$n_width[1].'<br>';
$insertSQL = "INSERT INTO images3
(name,folder,type,filesize,orig_width,orig_height, resize_width,resize_height,p)
VALUES(\"" .
$name[1]."\", \"" .$path. "\", \"" .$filetype . "\", \"" .
$filesize . "\", \"" .
$width. "\", \"" .$height. "\", \"" .$n_width[0]. "\", \"" .
$n_width[1]. "\", \"" . "$p" . "\")";

/*** remember to comment or un-coment this line!! ***/
//$query = @mysql_query($insertSQL) or trigger_error("Error
performing query: " . mysql_error(),E_USER_ERROR);
//table is loaded with the files using a resized width by bad
height
}

} //end func place holder
?>

Mar 8 '07 #1
5 1830
Rik
/*** remember to comment or un-coment this line!! ***/

If uncommenting you insert query doesn't work, and the page goes blank,
please remove all @'s. Errors are usefull when something doesn't work.

Furthermore you only echo something on errors, so having a blank page is
just what this code does after a succesfull run.
--
Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel
Mar 8 '07 #2
On 8 Mar, 17:31, "eholz1" <ewh...@gmail.comwrote:
Hello PHP,

I am having a problem. I know the area of the problem, but not how to
solve it.
It has to do with a php page with a form on it, and I am trying to
perform an insert query into
my mysql database.

I know that when I "submit" (post) the form, everything goes blank,
and the insert query is not run.
Basically here is my story. Initially I had a page with all in-line
code, that uses includes for connection to the db, and a error
processing page. I also have another include page that has some
functions in it, one of which is for resizing images. That function,
cleverly named resizeImage returns a down-sized height and width,
which get loaded into the database table, along with info on the image
itself (name, location,etc).

this page has php code which reads a directory, finds jpeg images,
does a resizeImage for each image (in a for loop), and then performs
the insert query for each image. I would run the whole thing just by
loading the page (no form tags on this page). Everything works fine,
I call the resizeImage function from the fileloader.php page, the
function is in a page called size_image.php (I use a require for
this).

I decided that I would like to add some flexibility to this page and
create a form where I could enter a parameter (an integer), and click
a button, which would then run this same insert query, and the
resizeImage function, and then tell me if I inserted the records.

I am using a if(isset($_REQUEST['update'])) type construct to respond
to the button click (named 'update').
and use the POST action and $_SERVER[PHP_SELF] as the form.

When I click the button, most of the page runs, and then all goes
blank in the browser, and the records are not inserted into the
database. I am guessing that something in the post blitzes my
variables, etc, so the query never runs, etc.

Below is some of the code in the page - I have an input box for the
parameter, and a button to run the function. I would appreciate any
suggestions.

Thanks,

also try not to get hacked:
make life easy on yourself, escape all values that go into the
database, to avoid SQL injection.

EVERY VALUE SHOULD HAVE CORRECT TYPE
$name[1] -string
$filesize -int?
$height -int?
$p -string

EVERY STRING (or even int) NEEDS TO BE ESCAPED USING
mysql_real_escape() or better mysql_real_escape_string(
$insertSQL = sprintf(
"INSERT INTO `images3` " .
"(`name`, `folder`, `type`, `filesize`, `orig_width`, " .
"`orig_height`, `resize_width`, `resize_height`, `p`)" .
"VALUES( '%s', '%s', '%s', '%d', '%d', '%d' , '%d', '%d', '%s')",
mysql_real_escape_string($name[1]),
mysql_real_escape_string($path),
mysql_real_escape_string($filetype),
mysql_real_escape_string($filesize),
mysql_real_escape_string($width),
mysql_real_escape_string($height),
mysql_real_escape_string($n_width[0]),
mysql_real_escape_string($n_width[1]),
mysql_real_escape_string($p)
);

this gets boring, so why not have your vars in an array and use
array_walk to escape the values

Also you should enforce bounds checking on all your vars, before entry
into the database, is your database only allowing 32 chars for a
$name[1], then use
$name[1] = substr($name[1],0,32);
etc...
stay neat and tidy and you will be able to see clearly.

Mar 9 '07 #3
Rik
shimmyshack <ma********@gmail.comwrote:
also try not to get hacked:
make life easy on yourself, escape all values that go into the
database, to avoid SQL injection.

EVERY VALUE SHOULD HAVE CORRECT TYPE
$name[1] -string
$filesize -int?
$height -int?
$p -string

EVERY STRING (or even int) NEEDS TO BE ESCAPED USING
mysql_real_escape() or better mysql_real_escape_string(
$insertSQL = sprintf(
"INSERT INTO `images3` " .
"(`name`, `folder`, `type`, `filesize`, `orig_width`, " .
"`orig_height`, `resize_width`, `resize_height`, `p`)" .
"VALUES( '%s', '%s', '%s', '%d', '%d', '%d' , '%d', '%d', '%s')",
mysql_real_escape_string($name[1]),
mysql_real_escape_string($path),
mysql_real_escape_string($filetype),
mysql_real_escape_string($filesize),
mysql_real_escape_string($width),
mysql_real_escape_string($height),
mysql_real_escape_string($n_width[0]),
mysql_real_escape_string($n_width[1]),
mysql_real_escape_string($p)
);

this gets boring, so why not have your vars in an array and use
array_walk to escape the values
Indeed, something I like to do when the variables are set up, really keeps
it managable.

Also an option with MDB2 prepared statment.

$db = new MDB2();
$db->connect('mysqli://user:pass@host/database');
$db->loadModule('Exended', null, false);
$inserts = array();
$stmt = $db->prepare(
'INSERT INTO `table` (`field`,`foo`,`bar`) VALUES (:field,:foo,:bar)',
array('text','text','integer'),
MDB2_PREPARE_MANIP);
foreach($something as $item){
//some code
$inserts[] = compact($bar,$foo,$field);
}
$db->extended->executeMultiple($stmt,$inserts);

--
Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel
Mar 9 '07 #4
In article <11*********************@t69g2000cwt.googlegroups. com>,
ma********@gmail.com says...
$name[1] = substr($name[1],0,32);
etc...
Wouldnt that truncate data without warning?
Surely not a good idea?
Mar 12 '07 #5
On Mar 9, 8:39 am, "shimmyshack" <matt.fa...@gmail.comwrote:
On 8 Mar, 17:31, "eholz1" <ewh...@gmail.comwrote:
Hello PHP,
I am having a problem. I know the area of the problem, but not how to
solve it.
It has to do with a php page with a form on it, and I am trying to
perform an insert query into
my mysql database.
I know that when I "submit" (post) the form, everything goes blank,
and the insert query is not run.
Basically here is my story. Initially I had a page with all in-line
code, that uses includes for connection to the db, and a error
processing page. I also have another include page that has some
functions in it, one of which is for resizing images. That function,
cleverly named resizeImage returns a down-sized height and width,
which get loaded into the database table, along with info on the image
itself (name, location,etc).
this page has php code which reads a directory, finds jpeg images,
does a resizeImage for each image (in a for loop), and then performs
the insert query for each image. I would run the whole thing just by
loading the page (no form tags on this page). Everything works fine,
I call the resizeImage function from the fileloader.php page, the
function is in a page called size_image.php (I use a require for
this).
I decided that I would like to add some flexibility to this page and
create a form where I could enter a parameter (an integer), and click
a button, which would then run this same insert query, and the
resizeImage function, and then tell me if I inserted the records.
I am using a if(isset($_REQUEST['update'])) type construct to respond
to the button click (named 'update').
and use the POST action and $_SERVER[PHP_SELF] as the form.
When I click the button, most of the page runs, and then all goes
blank in the browser, and the records are not inserted into the
database. I am guessing that something in the post blitzes my
variables, etc, so the query never runs, etc.
Below is some of the code in the page - I have an input box for the
parameter, and a button to run the function. I would appreciate any
suggestions.
Thanks,

also try not to get hacked:
make life easy on yourself, escape all values that go into the
database, to avoid SQL injection.

EVERY VALUE SHOULD HAVE CORRECT TYPE
$name[1] -string
$filesize -int?
$height -int?
$p -string

EVERY STRING (or even int) NEEDS TO BE ESCAPED USING
mysql_real_escape() or better mysql_real_escape_string(

$insertSQL = sprintf(
"INSERT INTO `images3` " .
"(`name`, `folder`, `type`, `filesize`, `orig_width`, " .
"`orig_height`, `resize_width`, `resize_height`, `p`)" .
"VALUES( '%s', '%s', '%s', '%d', '%d', '%d' , '%d', '%d', '%s')",
mysql_real_escape_string($name[1]),
mysql_real_escape_string($path),
mysql_real_escape_string($filetype),
mysql_real_escape_string($filesize),
mysql_real_escape_string($width),
mysql_real_escape_string($height),
mysql_real_escape_string($n_width[0]),
mysql_real_escape_string($n_width[1]),
mysql_real_escape_string($p)
);

this gets boring, so why not have your vars in an array and use
array_walk to escape the values

Also you should enforce bounds checking on all your vars, before entry
into the database, is your database only allowing 32 chars for a
$name[1], then use
$name[1] = substr($name[1],0,32);
etc...

stay neat and tidy and you will be able to see clearly.
Thanks for the tip - as always, there is much more for me to learn and
use!

eholz1

Mar 12 '07 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: The Voivod | last post by:
I have the requirements of getting a simple form to output to a db file. Currently I am using a form called ennyform and it outputs to a flat file. The person who want this wants it to be...
3
by: Armin Irger | last post by:
Hi, i'am running a debian sarge with the delivered apache2 mysql and php4. The file "mitarbeiter_eingabe.php" gets the data over a html <FORM> and send it to...
2
by: Prabu Subroto | last post by:
Dear my friends... I am trying to develop a database application with PHP Version 4.3.2, MS Window 2000, MySQL 4.0.13-nt and Apache 2. I tried to insert a record onto my MySQL but I got this...
0
by: David Emme | last post by:
Win XP Pro Access 97 MySQL 4.0.x I'm attempting to convert a number of apps to MySQL backends. Having converted the tables from the MDB backend, I'm running into a number of differences in...
15
by: Cheryl Langdon | last post by:
Hello everyone, This is my first attempt at getting help in this manner. Please forgive me if this is an inappropriate request. I suddenly find myself in urgent need of instruction on how to...
2
by: Dudu | last post by:
Dear Programmers I try to install mysql version 5.0 and I encountered with a problem when I tried to start the service. I got error 1067. I checked the log file and saw the following records...
14
by: Frank Rizzo | last post by:
I've been given a project to work with which involves connecting to MySQL from .NET 2.0 app. I've googled looked and there is a metric ton of different MySQL ADO.NET providers from different...
4
by: dac | last post by:
I am quietly going insane on this project. I've never worked on a project like this one before. All my previous sticky forms were for data entry, not editing. I don't know how to display the form...
221
Atli
by: Atli | last post by:
You may be wondering why you would want to put your files “into” the database, rather than just onto the file-system. Well, most of the time, you wouldn’t. In situations where your PHP application...
3
by: janetopps | last post by:
I have a news website, with asp pages, which was on Access, and i upgraded to MySQL, i used Bullzip to transfer the data. It had about 1000 pages, which im now able to pull up on the public side. Im...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.