Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
This week, we're updating our course layouts and descriptions. Presentation and materials always gently change over time, but just occasionally there's a need to make a step change to clear out some of the old and roll in the new. That's now happening - but over a long and complex site it's not instant and you'll see sections of the site changing up to and including 19th September.

See also [here] for status update
 
Image and form upload

Posted by andrewtayloruk (andrewtayloruk), 26 March 2007
Hi i was wondering if anyone could help.... I have made a little script that puts whatever a user enters into a mysql database. As well as the forms my script has an image input that uploads an image to my webserver. The thing i'm stuck on is getting the script to input the name of the file into a field in the database.

So basically the file will be uploaded and when the submit button is clicked a link to that image will be generated and put into the database.

I've put my code below, i'm guessing i need a variable that will take the name of the file and add it to a pre defined url for example http://www.mysite.com/images/$file_name, then insert that along with everything else when i run the insert query?


*** Code ***
<?php

if (isset($_POST['submitted'])) {

 $name = mysql_escape_string(trim($_POST['name']));
 $address = mysql_escape_string(trim($_POST['address']));
 $postcode = mysql_escape_string(trim($_POST['postcode']));
 $telephone = mysql_escape_string(trim($_POST['telephone']));
 $email = mysql_escape_string(trim($_POST['email']));
 $picture = mysql_escape_string(trim($_POST['picture']));

     // This bit puts the file in the $file variable into the folder on the server.
         if ($file_name !="") {
             copy ("$file", "/var/www/vhosts/server.com/httpdocs/uploader1/$file_name")
                 or die ("Sorry there was a problem");}
 
 $dbid = mysql_connect ('localhost', 'address', 'pass');
         mysql_select_db('addresses',$dbid)
         or die ("Cannot find database");

 $query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`) VALUES ('', '$name', '$address', '$postcode', $telephone, '$email')";
 $result = mysql_query($query,$dbid)
  or die("INSERT error:".mysql_error());

 echo 'Row inserted and image uploaded';
 exit;
}
?>

<html>
<head>
<title>Data submission - db version</title>
</head>
<body>
 <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
   Name: <input name="name" /><br />
   Address: <input name="address" /><br />
   Postcode: <input name="postcode" /><br />
   Telephone: <input name="telephone" /><br />
   Email: <input name="email" /><br />
   Select Picture: <input type="file" name="file" size"80"><br />
   <br /><input type="submit" name="submitted" value="Submit" >
 </form><br />
</body>
</html>





Posted by andrewtayloruk (andrewtayloruk), 27 March 2007
I've made a pretty dirty workaround to solve my problem. I simply made a variable with the image location and inserted that along with the file name when running the insert query. It seems a bit simple but it works.

All i need to do now is use some regular expression checking to make sure the correct info is being put into the forms and set up the script so it changes the filename before it's uploaded.

*** Code ***
<?php

if (isset($_POST['submitted'])) {

 $name = mysql_escape_string(trim($_POST['name']));
 $address = mysql_escape_string(trim($_POST['address']));
 $postcode = mysql_escape_string(trim($_POST['postcode']));
 $telephone = mysql_escape_string(trim($_POST['telephone']));
 $email = mysql_escape_string(trim($_POST['email']));
 $imglocation = mysql_escape_string('http://www.mysite.com/uploader1/images/');


     // This bit puts the file in the $file variable into the folder on the server.
         if ($file_name !="") {
             copy ("$file", "/var/www/vhosts/mysite.com/httpdocs/uploader1/images/$file_name")
                 or die ("Sorry there was a problem");}
 
 $dbid = mysql_connect ('localhost', 'address', 'pass');
         mysql_select_db('addresses',$dbid)
         or die ("Cannot find database");

 $query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES ('', '$name', '$address', '$postcode', '$telephone', '$email', '$imglocation$file_name')";
 $result = mysql_query($query,$dbid)
  or die("INSERT error:".mysql_error());

 echo 'Row inserted and image uploaded';
 exit;
}
?>

Posted by andrewtayloruk (andrewtayloruk), 27 March 2007
I feel like i'm answering my own questions here.

Anyway, adding to what i've already done, to change the name of the uploaded file so that it isn't easily overwritten i've used uniqid().

You can see it below.
*** Code ***
<?php  

if (isset($_POST['submitted'])) {

 $name = mysql_escape_string(trim($_POST['name']));
 $address = mysql_escape_string(trim($_POST['address']));
 $postcode = mysql_escape_string(trim($_POST['postcode']));
 $telephone = mysql_escape_string(trim($_POST['telephone']));
 $email = mysql_escape_string(trim($_POST['email']));
 $imglocation = mysql_escape_string('http://www.mysite.com/uploader1/images/');


     // This bit puts the file in the $file variable into the folder on the server.
   
// This is the uniqid function, there are more options  but in our useage they aren't needed.
$file_name = uniqid("img").".jpg";

if ($file_name !="") {
             copy ("$file", "/var/www/vhosts/mysite.com/httpdocs/uploader1/images/$file_name")
                 or die ("Sorry there was a problem");}
 
 $dbid = mysql_connect ('localhost', 'address', 'pass');
         mysql_select_db('addresses',$dbid)  
         or die ("Cannot find database");

 $query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES ('', '$name', '$address', '$postcode', '$telephone', '$email', '$imglocation$file_name')";
 $result = mysql_query($query,$dbid)  
  or die("INSERT error:".mysql_error());
 
 echo 'Row inserted and image uploaded';
 exit;
}
?>

Posted by admin (Graham Ellis), 28 March 2007
on 03/27/07 at 16:14:15, andrewtayloruk wrote:
I feel like i'm answering my own questions here.


Andrew, yes you have been ...   ... I've been away in Aberdeen and - well - there's someting of a decent hotel shortage there in my budget and I was reduced to checking in for emergency emails via my mobile phone link.

Back home / Melksham now.   Now - were there any questions you didn't answer for yourself?

Posted by andrewtayloruk (andrewtayloruk), 28 March 2007
hehe, i was only joking Graham, i saw you were away because you mentioned it in your blog. Everything is going well, i'm looking into using boolean values so that the script will stop if valid data isn't put into the input fields.

Then i have a lovely podcast system to build, that's all going well but i'm stuck getting track length from the .mp3 files.

Would it be possible to get those forward and back scripts that we worked on during our last days training emailed over?

Thanks.

Oh, i hope you enjoyed your trip by the way.

Posted by admin (Graham Ellis), 30 March 2007
Andrew, I'll be emailing scripts over thge weekend .... the kit is all boxed up today, and we've no space to get it out.  I HAVE managed to find desk space for my own machine

Posted by andrewtayloruk (andrewtayloruk), 30 March 2007
Hi Graham, i was wondering if you could help me out with this....

I think i've done ok so far, i'm just having real problems getting my script to stop if the correct data isn't put into the forms. I'm not expecting you to take the script and make it work but if you could give me some pointers i'd really apreciate it.

The script should stop if a valid email address hasn't been entered and put the error message next to the email input box. Once a correct email is entered the script should then submit the data to the database.

*** Code ***
<?php

if (isset($_POST['submitted'])) {

 $name = mysql_escape_string(trim($_POST['name']));
 $address = mysql_escape_string(trim($_POST['address']));
 $postcode = mysql_escape_string(trim($_POST['postcode']));
 $telephone = mysql_escape_string(trim($_POST['telephone']));
 $fixedemail = mysql_escape_string(trim($_POST['email']));
 $imglocation = mysql_escape_string('http://www.mysite.com/uploader1/images/');
 $validemail = false;
   
 
 // This bit of code checks the form for correctly entered information
 if (eregi('^([-a-z0-9._]+)@([-a-z0.9_]+\.+[a-z]{2,6})$',$fixedemail,$email))
                 { $valid_email = true; }
                 
                 


     // This bit puts the file in the $file variable into the folder on the server and changes its name so it isn't overwritten
            $file_name = uniqid("img").".jpg";

           if ($validemail = true) {

         if ($file_name !="") {
             copy ("$file", "/var/www/vhosts/mysite.com/httpdocs/uploader1/images/$file_name")
                 or die ("Sorry there was a problem");}
 
   
       // This is the SQL part of the code
       $dbid = mysql_connect ('localhost', 'address', 'password');
               mysql_select_db('addresses',$dbid)
               or die ("Cannot find database");
     
       $query = "INSERT INTO `book` (`aid`, `name`, `address`, `postcode`, `telephone`, `email`, `picture`) VALUES ('', '$name', '$address', '$postcode', '$telephone', '$email', '$imglocation$file_name')";
       $result = mysql_query($query,$dbid)
        or die("INSERT error:".mysql_error());
     
       echo 'Row inserted and image uploaded';
       exit;
}

}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Data submission - db version</title>
</head>
<body>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="300">
<tr><td width="50" align="left">Name:</td><td width="150" align="center"><input type="text" name="name"></td></tr>
<tr><td width="50" align="left">Address:</td><td width="150" align="center"><input type="text" name="address"></td></tr>
<tr><td width="50" align="left">Postcode:</td><td width="150" align="center"><input type="text" name="postcode"></td></tr>
<tr><td width="50" align="left">Telephone:</td><td width="150" align="center"><input type="text" name="telephone"></td></tr>
<tr><td width="50" align="left">Email:</td><td width="150" align="center"><input type="text" name="email"><?php if (!$validEmail) { echo "No valid email provided."; } ?></td></tr>
<tr><td width="80" align="left">Image:<br></td><td width="220" align="center" valign="middle"><input type="file" name="file"><br></td></tr>
<tr><td align="left"><input type="submit" name="submitted" value="Submit" ></td></tr>

</table>
</form>
</body>
</html>

Posted by admin (Graham Ellis), 1 April 2007
I would ...

1. Replace the call to mysql_escape_string with a call to a function (which you'll write) that takes input parameters:
a) The input field
b) a validation regular expression
and sets
c) An error code to "1" if the thing isn't right and
d) An error string to echo back in the form

2. Add extra code within the HTML that includes a "value=" in the input elements (filled from the previous $_POST inputs) and echos back the error message set by (d) above.

If yo look at the complete example of a sticky form here it should provide you with an example that shows in more detail what I mean



This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2014: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho