Hi,
I’m a php virgin so maybe my problem here is pretty obvious!
I made a site for a friends pet shop, just somewhere he can put pictures, list stock etc.
I now need to make him an admin part so he can upload his own photos, update his stock list etc.
I have been doing this tutorilhttp://onlamp.com/pub/a/onlamp/2002/05/09/webdb2.html?page=1
Here is the code
index.php
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Browse Upload Files</title>
</head>
<body bgcolor="white">
<?php
include 'db.inc';
$query = "SELECT id, shortName, mimeName FROM files";
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
showerror();
if (!mysql_select_db("files", $connection))
showerror();
if (!($result = @ mysql_query ($query, $connection)))
showerror();
?>
<h1>Image database</h1>
<h3>Click <a href="insert.php">here</a> to
upload an image.</h3>
<?php
if ($row = @ mysql_fetch_array($result))
{
?>
<table>
<col span="1" align="right">
<tr>
<th>Short description</th>
<th>File type</th>
<th>Image</th>
</tr>
<?php
do
{
?>
<tr>
<td><?php echo "{$row["shortName"]}";?></td>
<td><?php echo "{$row["mimeName"]}";?></td>
<td><?php echo "<img src=\\"view.php?file={$row["id"]}\\">";?></td>
</tr>
<?php
} while ($row = @ mysql_fetch_array($result));
?>
</table>
<?php
} // if mysql_fetch_array()
else
echo "<h3>There are no images to display</h3>\
";
?>
</body>
</html>
db.inc
<?php
// These are the DBMS credentials
$hostName = "localhost";
$username = "name";
$password = "password";
// Show an error and stop the script
function showerror()
{
if (mysql_error())
die("Error " . mysql_errno() . " : " . mysql_error());
else
die("Could not connect to the DBMS");
}
// Secure the user data by escaping characters
// and shortening the input string
function clean($input, $maxlength)
{
$input = substr($input, 0, $maxlength);
$input = EscapeShellCmd($input);
return ($input);
}
?>
insert.php
<?php
include 'db.inc';
if (empty($short) || empty($userfile))
{
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Upload an Image File</title>
</head>
<body bgcolor="white">
<form method="post" action="insert.php" enctype="multipart/form-data">
<h1>Upload an Image File</h1>
<h3>Please fill in the details below to upload your file.
Fields shown in <font color="red">red</font> are mandatory.</h3>
<table>
<col span="1" align="right">
<tr>
<td><font color="red">Short description:</font></td>
<td><input type="text" name="short" size=50></td>
</tr>
<tr>
<td><font color="red">File:</font></td>
<td><input name="userfile" type="file"></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
<input type="hidden" name="MAX_FILE_SIZE" value="3000000">
</form>
<h3>Click <a href="index.php">here</a> to browse the images instead.</h3>
</body>
</html>
<?php
}
else
{
$short = clean($short, 50);
$userfile = clean($userfile, 50);
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
showerror();
if (!mysql_select_db("files", $connection))
showerror();
// Was a file uploaded?
if (is_uploaded_file($userfile))
{
switch ($userfile_type)
{
case "image/gif";
$mimeName = "GIF Image";
break;
case "image/jpeg";
$mimeName = "JPEG Image";
break;
case "image/png";
$mimeName = "PNG Image";
break;
case "image/x-MS-bmp";
$mimeName = "Windows Bitmap";
break;
default:
$mimeName = "Unknown image type";
}
// Open the uploaded file
$file = fopen($userfile, "r");
// Read in the uploaded file
$fileContents = fread($file, filesize($userfile));
// Escape special characters in the file
$fileContents = AddSlashes($fileContents);
}
else
$fileContents = NULL;
$insertQuery = "INSERT INTO files VALUES (NULL, \\"{$short}\\",
\\"{$userfile_type}\\", \\"{$mimeName}\\", \\"{$fileContents}\\")";
if ((@ mysql_query ($insertQuery, $connection))
&& @ mysql_affected_rows() == 1)
header("Location: receipt.php?status=T&file="
. mysql_insert_id($connection));
else
header("Location: receipt.php?status=F&file="
. mysql_insert_id($connection));
} // if else empty()
?>
view.php
<?php
include 'db.inc';
$file = clean($file, 4);
if (empty($file))
exit;
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
showerror();
if (!mysql_select_db("files", $connection))
showerror();
$query = "SELECT mimeType, fileContents FROM files
WHERE id = $file";
if (!($result = @ mysql_query ($query,$connection)))
showerror();
$data = @ mysql_fetch_array($result);
if (!empty($data["fileContents"]))
{
// Output the MIME header
header("Content-Type: {$data["mimeType"]}");
// Output the image
echo $data["fileContents"];
}
?>
receipt.php
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>File Insert Receipt</title>
</head>
<body bgcolor="white">
<body bgcolor="white">
<?php
include 'db.inc';
$status = clean($status, 1);
$file = clean($file, 5);
// did the insert operation succeed?
switch ($status)
{
case "T":
// Yes, insert operation succeeded.
// Show details of the new file.
$query = "SELECT shortName, mimeName FROM files WHERE id = $file";
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
showerror();
if (!mysql_select_db("files", $connection))
showerror();
// Run the query on the DBMS
if (!($result = @ mysql_query ($query, $connection)))
showerror();
if ($row = @ mysql_fetch_array($result))
{
?>
<h1>File Insert Receipt</h1>
<h3>The following file was successfully uploaded:
<table>
<col span="1" align="right">
<tr>
<td><font color="red">Short description:</font></td>
<td><?php echo "{$row["shortName"]}";?></td>
</tr>
<tr>
<td><font color="red">File type:</font></td>
<td><?php echo "{$row["mimeName"]}";?></td>
</tr>
<tr>
<td><font color="red">File:</font></td>
<td><?php echo "<img src=\\"view.php?file={$file}\\">";?></td>
</tr>
</table>
<?php
} // if mysql_fetch_array()
break;
case "F":
// No, insert operation failed
// Show an error message
echo "The file insert operation failed.";
echo "<br>Contact the system administrator.";
break;
default:
// User did not provide a status parameter
echo "You arrived unexpectedly at this page.";
} // end of switch
?>
<h3>Click <a href="insert.php">here</a> to upload another image.</h3>
<h3>Click <a href="index.php">here</a> to browse the uploaded images.</h3>
</body>
</html>
The image never gets uploaded to the database for some reason!
Can anyone give me advice on this?
Thanks
Glen…