which is supposedly be adding username into a database along with their user profile picture. I have two tables User(useid,username) profilepic(picID,userid,caption)…I have set the profile picture to be added in the folder out of my site folder(www)…Can someone help me how to be able to associate the picture in the folder with the caption in the database.
@Guido…what I meant is to be able to know this picture belong to this user. As the picture is in the folder and user is stored in the database.
@ LinuxFreelancer thank you, that is a good idea I think I will use that. The problem now is to know this image belong to this user as there are going to be many pictures in the folder. I have tried the code, Now all users are displayed with the same image.
A userID needs to be added to the form (first post) or do a DB lookup on submit (post 5 - change $userid to username = $_POST[‘username’] in the query).
Oh!..I real don’t understand DB lookup thing, I have check on the net but I have not understood a thing!.
I am a beginner in PHP can you help me how its done1:scratch:
If you don’t have it straight by tomorrow, email the script that has the issue and I will fix that part for you. (make sure to put in a zip file) My email is:
{jeff at crackfeed dot com}
If I dont get out of here and hang with my wife tonight I will be singing in a very high pitch, if you know what I mean.
How so? I just suggested he change your userid = $userid to lookup the user name since his form didn’t provide a userid. This could have been done with a join with doesn’t hinder performance at all.
Just a guess:
SELECT p.file, p.caption
FROM profilepic as p
OUTER JOIN User as u
ON p.userid = u.userid
WHERE u.username = $_POST['username']
LIMIT 1
A JOIN always hinders performance. Joins sucks balls, even with an INDEX setup.
So you see no chance of a slow down if one page makes this call 20 times? that is 20 queries in one pageload for the same thing but different users.
Security… for starters …
SELECT p.file, p.caption
FROM profilepic as p
OUTER JOIN User as u
ON p.userid = u.userid
WHERE u.username = $_POST['username']
LIMIT 1
[/QUOTE]
You just send user posted data directly to a query and got your a** hacked and you have to give refunds to all of your site members and you just go sued because little 13 year old Amy Joe’s private into just got abused by hackers after they got it from your database. Any more silly questions?
<form action="" enctype="multpart/form-data" method="post">
<!-- removed user name - user is already logged in right? -->
<label for="image">image</label>
<input type="file" name="image" id="image" /><br/>
<!-- send the userid value to the post array (you probably already have this info) -->
<input type="hidden" name="userid" value="1" />
<input type="submit" name="sendinfo" id="sendinfo" value="sendinfo"/>
</form>
Then using LinuxFreelancer’s code:
echo my_getPic( $_POST['userid'] );
The lookup was as I noted in the above post with the SQL join, again, this is easier and can use LinuxFreelancer’s code
Do not use a JOIN for this. This person is dead wrong. New coders need to learn that JOINs should be rarely used unless you are very experienced with MySQL.
I hate to be rude, but that is really not a good idea at all. Combine the 2 databases, it won’t make that big a difference. However, joining two tables to do the same job, you will feel the difference one you have some users online.
I take it this would be a single call for a user and I gave a suggestion that wouldn’t require this.
Also you noted the security issue before I posted any code, so what is the security reason? This? I surely hope the OP is sanitizing any data from the user before using it. Also, the code I posted was off the top of my head to show an example to you and the OP without changing his form (if he could). As stated, If he could, then I already posted what he should do.
Ok now you are just wasting space, we are way past the initial issue and are on another issue now…
@ LinuxFreelancer thank you, that is a good idea I think I will use that. The problem now is to know this image belong to this user as there are going to be many pictures in the folder. I have tried the code, Now all users are displayed with the same image.
I need to se the code, can’t spend time guessing because this could be due to multiple causes in the area you are extracting the data at.
Do not use this, this is an example to show how one of my scripts does this for a singlular user. Notice that the I have a separate folder for each users’ pics? Not needed but keeps things clean.
A unique name needs assigned to every image. on upload, rename the image as you upload it and then store the name of the iamge in teh file column. Really no way to mess that up.
Joins should be used when needed.
And running the same query 20 times sounds like a query in a loop, which is always a bad idea (and has nothing to do with joins).
In this case, if all users have at the most one pic, LF’s tip to use one table instead of two is correct. If you want to store more pics for each user, a second table is needed and a join is inevitable.
