uploading file and then adding filename to mysql
Gary
to create a national Craigslist type ad program which users will be
able to upload .jpeg flyers. The problem that am having is that I can
upload the picture, but can't get the renamed file to update to Mysql
correctly.
1) Since in a classified type database pictures can easily have
duplicate file names, I have created a random string which renames the
file to a random number.
2) When the form updates, it posts the file with the new name,
however, the mysql name has a different random number.
How do I get the random number to remain the same in both the file and
the mysql database?
<?php require_once('../Connections/fourwayflyer.php'); ?>
<?php require_once('./php_includes/random.php'); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable
MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session
variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only
certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on
their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "signup_form_failed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",
$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION
['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" .
urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) :
$theValue;
$theValue = function_exists("mysql_real_escape_string") ?
mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) .
"'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form2"))
{
$insertSQL = sprintf("INSERT INTO list_buy_sell (listing_name,
listing_info, price, member, location_id, location_txt, category,
sub_category, `date`, pic_2) VALUES (%s, %s, %s, %s, %s, %s, %s, %s,
%s, %s)",
GetSQLValueString($_POST['listing_name'],
"text"),
GetSQLValueString($_POST['listing_info'],
"text"),
GetSQLValueString($_POST['price'], "int"),
GetSQLValueString($_POST['memberid'], "int"),
GetSQLValueString($_POST['location_id'],
"int"),
GetSQLValueString($_POST['location_txt'],
"text"),
GetSQLValueString($_POST['category'], "int"),
GetSQLValueString($_POST['sub_category'],
"int"),
GetSQLValueString($_POST['date'], "text"),
GetSQLValueString($_POST['photo_name'],
"text"));
mysql_select_db($database_fourwayflyer, $fourwayflyer);
$Result1 = mysql_query($insertSQL, $fourwayflyer) or die(mysql_error
());
$insertGoTo = "buy_sell/listing_show_all.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
mysql_select_db($database_fourwayflyer, $fourwayflyer);
$query_rs_member = "SELECT email, id FROM member";
$rs_member = mysql_query($query_rs_member, $fourwayflyer) or die
(mysql_error());
$row_rs_member = mysql_fetch_assoc($rs_member);
$totalRows_rs_member = mysql_num_rows($rs_member);
mysql_select_db($database_fourwayflyer, $fourwayflyer);
$query_rs_listing = "SELECT * FROM list_buy_sell";
$rs_listing = mysql_query($query_rs_listing, $fourwayflyer) or die
(mysql_error());
$row_rs_listing = mysql_fetch_assoc($rs_listing);
$totalRows_rs_listing = mysql_num_rows($rs_listing);
$colname_rs_schools = "-1";
if (isset($_GET['schoolID'])) {
$colname_rs_schools = $_GET['schoolID'];
}
mysql_select_db($database_fourwayflyer, $fourwayflyer);
$query_rs_schools = sprintf("SELECT id, school_name FROM schools WHERE
school_name = %s", GetSQLValueString($colname_rs_schools, "text"));
$rs_schools = mysql_query($query_rs_schools, $fourwayflyer) or die
(mysql_error());
$row_rs_schools = mysql_fetch_assoc($rs_schools);
$totalRows_rs_schools = mysql_num_rows($rs_schools);
$colname_rs_category = "-1";
if (isset($_GET['catID'])) {
$colname_rs_category = $_GET['catID'];
}
mysql_select_db($database_fourwayflyer, $fourwayflyer);
$query_rs_category = sprintf("SELECT id, category FROM category WHERE
id = %s", GetSQLValueString($colname_rs_category, "int"));
$rs_category = mysql_query($query_rs_category, $fourwayflyer) or die
(mysql_error());
$row_rs_category = mysql_fetch_assoc($rs_category);
$totalRows_rs_category = mysql_num_rows($rs_category);
mysql_select_db($database_fourwayflyer, $fourwayflyer);
$query_rs_sub_category = "SELECT * FROM sub_category";
$rs_sub_category = mysql_query($query_rs_sub_category, $fourwayflyer)
or die(mysql_error());
$row_rs_sub_category = mysql_fetch_assoc($rs_sub_category);
$totalRows_rs_sub_category = mysql_num_rows($rs_sub_category);
$colname_rs_states = "-1";
if (isset($_GET['stateID'])) {
$colname_rs_states = $_GET['stateID'];
}
mysql_select_db($database_fourwayflyer, $fourwayflyer);
$query_rs_states = sprintf("SELECT * FROM `state` WHERE id = %s",
GetSQLValueString($colname_rs_states, "int"));
$rs_states = mysql_query($query_rs_states, $fourwayflyer) or die
(mysql_error());
$row_rs_states = mysql_fetch_assoc($rs_states);
$totalRows_rs_states = mysql_num_rows($rs_states);
$colname_rs_city = "-1";
if (isset($_GET['cityID'])) {
$colname_rs_city = $_GET['cityID'];
}
mysql_select_db($database_fourwayflyer, $fourwayflyer);
$query_rs_city = sprintf("SELECT id, city FROM city WHERE id = %s",
GetSQLValueString($colname_rs_city, "int"));
$rs_city = mysql_query($query_rs_city, $fourwayflyer) or die
(mysql_error());
$row_rs_city = mysql_fetch_assoc($rs_city);
$totalRows_rs_city = mysql_num_rows($rs_city);
?>
<?php
if (phpversion() > "4.0.6") {
$HTTP_POST_FILES = &$_FILES;
}
define("MAX_SIZE",300000);
define("DESTINATION_FOLDER", "./uploads");
define("no_error", "buy_sell/listing_show_all.php");
define("yes_error", "upload_error.php");
$_accepted_extensions_ = "jpg, jpeg, bmp, gif";
if(strlen($_accepted_extensions_) > 0){
$_accepted_extensions_ = @explode(",",$_accepted_extensions_);
} else {
$_accepted_extensions_ = array();
}
$random_digit = rand_string( 5 );
$new_file_name = $row_rs_member['id'].$random_digit;
$_file_ = $HTTP_POST_FILES['pic_1'];
if(is_uploaded_file($_file_['tmp_name']) && $HTTP_POST_FILES['pic_1']
['error'] == 0)
{
$errStr = "";
$_name_ = $_file_['name'];
$new_file_name = $row_rs_member['id'].$random_digit;
$_type_ = $_file_['type'];
$_tmp_name_ = $_file_['tmp_name'];
$_size_ = $_file_['size'];
$_ext_ = explode(".", $_name_);
$_ext_ = strtolower($_ext_[count($_ext_)-1]);
if(!in_array($_ext_, $_accepted_extensions_) && count
($_accepted_extensions_) > 0){
$errStr = "Extension Not Valid";
}
if(!is_dir(DESTINATION_FOLDER) && is_writeable(DESTINATION_FOLDER)){
$errStr = "The destination is not valid";
}
if(empty($errStr)){
if(@copy($_tmp_name_,DESTINATION_FOLDER . "/" . $new_file_name. ".".
$_ext_)){
header("Location: " . no_error);
} else {
header("Location: " . yes_error);
}
} else {
header("Location: " . yes_error);
}
return $new_file_name;
}
$new_file_name = $new_file_name
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://
www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Four Way Flyer</title>
</style>
<link href="../css/four_way_flyer.css" rel="stylesheet" type="text/
css" />
<script type="text/javascript">
<!--
function MM_validateForm() { //v4.0
if (document.getElementById){
var
i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
for (i=0; i<(args.length-2); i+=3) { test=args[i+2];
val=document.getElementById(args[i]);
if (val) { nm=val.name; if ((val=val.value)!="") {
if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain
an e-mail address.\n';
} else if (test!='R') { num = parseFloat(val);
if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
min=test.substring(8,p); max=test.substring(p+1);
if (num<min || max<num) errors+='- '+nm+' must contain a
number between '+min+' and '+max+'.\n';
} } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is
required.\n'; }
} if (errors) alert('The following error(s) occurred:\n'+errors);
document.MM_returnValue = (errors == '');
} }
//-->
</script>
</head>
<body>
<div id="top_header">
<div class="font_header" id="top_header_content">
<table width="799" border="0">
<tr>
<td width="523" valign="middle"><?php echo $row_rs_states
['state']; ?> ><?php echo $row_rs_schools['school_name']; ?><?php
echo $row_rs_city['city']; ?> ><?php echo $row_rs_category
['category']; ?>> <strong>SELL > <?php echo $row_rs_sub_category
['sub_category']; ?></strong></td>
</tr>
</table>
</div>
</div>
<div id="body">
<div id="header">
<table width="799" height="70" cellpadding="0" cellspacing="0">
<tr>
<td width="121"><img src="images/logo.png" width="205"
height="136" /></td>
<td width="668"><img src="images/logo_banner.png" width="594"
height="136" /></td>
</tr>
</table>
</div>
<div id="search">
<table width="437" border="0" align="center" cellpadding="0"
cellspacing="0" bordercolor="#000000" bgcolor="#000000">
<tr>
<td width="106" valign="middle" bordercolor="#000000"
bgcolor="#000000" class="search"><div align="center">SEARCH</div></td>
<td width="327" height="27" align="center"
bordercolor="#000000" bgcolor="#000000"><form id="form1" name="form1"
method="post" action="">
<input name="search" type="text" id="search2" size="50"
width="327" hieght="19"/>
</form> </td>
</tr>
</table>
</div>
<div id="main_body_full_frame">
<table width="758" border="0" align="left">
<tr>
<td><form action="<?php echo $editFormAction; ?>"
method="post" enctype="multipart/form-data" name="form2" id="form2">
<table width="758" align="center">
<tr valign="baseline">
<td align="right" nowrap="nowrap"> </
td>
<td class="nav_text">Posting Name</td>
<td class="listing_name">Price</td>
<td class="nav_text">Location:</td>
</tr>
<tr valign="baseline">
<td width="69" align="right"
nowrap="nowrap"></td>
<td width="332"><input name="listing_name"
type="text" id="listing_name" size="50" /></td>
<td width="120"><input name="price"
type="text" id="price" value="90" size="20" /></td>
<td width="217"><input name="location_txt"
type="text" id="location_txt" value="Los Angelas" size="32" />
<input name="location_id" type="hidden"
id="location_id" value="<?php echo $row_rs_schools['id']; ?><?php echo
$row_rs_city['id']; ?>" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"></td>
<td class="nav_text">Reply to:</td>
<td></td>
<td></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </
td>
<td class="nav_text"><?php echo $_SESSION
['MM_Username'] ?> <input name="memberid" type="hidden" id="memberid"
value="<?php echo $row_rs_member['id']; ?>" /></td>
<td><input name="category" type="hidden"
id="category" value="<?php echo $row_rs_category['id']; ?>" />
<input name="sub_category" type="hidden"
id="sub_category" value="<?php echo $row_rs_sub_category['id']; ?>" />
<input name="date" type="hidden" id="date"
value="<?php echo date("Y/m/d") ?>" /></td>
<td> </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"></td>
<td class="nav_text">Posting Information</
td>
<td> </td>
<td> </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </
td>
<td colspan="3"><textarea
name="listing_info" cols="50" rows="8" id="listing_info"><? echo
$new_file_name; ?></textarea></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"></td>
<td> </td>
<td></td>
<td></td>
</tr>
<tr valign="baseline">
<td align="right" nowrap="nowrap"
class="nav_text"> </td>
<td colspan="2" align="right"
nowrap="nowrap" class="nav_text"><div align="left">Upload your flyer
or pic:
<input name="pic_1" type="file"
id="pic_1" size="30" />
</div></td>
<td><input name="photo_name" type="hidden"
id="photo_name" value="<? echo $new_file_name; ?>" />
<?php echo $new_file_name ;
echo $row_rs_listing['id'];
?></td>
</tr>
<tr valign="baseline">
<td align="right" nowrap="nowrap"
class="nav_text"> </td>
<td colspan="2" align="right"
nowrap="nowrap" class="nav_text"> </td>
<td> </td>
</tr>
<tr valign="baseline">
<td colspan="4" align="right"
nowrap="nowrap"><div align="center">
<input type="submit" value="Submit
Listing" />
</div></td>
</tr>
</table>
<input type="hidden" name="MM_insert"
value="form2" />
</form>
<p> </p></td>
</tr>
</table></td>
</tr>
</table>
</div>
</div>
<div id="footer">
<!-- #BeginLibraryItem "/Library/page_footer_2.lbi" -->
<link href="../css/four_way_flyer.css" rel="stylesheet" type="text/
css">
<table width="798" border="0">
<tr>
<td> </td>
<td> </td>
<td class="none"><div align="center"><a
href="javascript:javascript:history.go(-1)" class="nav_text">Prev</a>
<span class="nav_text">|</span> <a href="index.php"
class="nav_text">Back to USA </a></div></td>
</td>
</tr>
<tr>
<td width="44"> </td>
<td width="154"><a href="signup_form.php" class="nav_text">Sign
up</a></td>
<td width="359"><div align="center"><a href="login.php"
class="nav_text">Log In</a></div></td>
<td width="223" class="nav_text"><?php echo $_SESSION
['MM_Username'] ?> </td>
</tr>
</table>
<!-- #EndLibraryItem -->
</div>
</body>
</html>
<?php
mysql_free_result($rs_member);
mysql_free_result($rs_listing);
mysql_free_result($rs_schools);
mysql_free_result($rs_category);
mysql_free_result($rs_sub_category);
mysql_free_result($rs_states);
mysql_free_result($rs_city);
?>
jeff
> I have been racking my head over this for three days. I am attempting
> to create a national Craigslist type ad program which users will be
> able to upload .jpeg flyers. The problem that am having is that I can
> upload the picture, but can't get the renamed file to update to Mysql
> correctly.
>
> 1) Since in a classified type database pictures can easily have
> duplicate file names, I have created a random string which renames the
> file to a random number.
> 2) When the form updates, it posts the file with the new name,
> however, the mysql name has a different random number.
>
> How do I get the random number to remain the same in both the file and
> the mysql database?
1) INSERT your mysql data, and get the last_insertid. You do have an
auto_increment unique id?
2) Rename your file name, incorporate that unique ID.
3) Save the file.
It's actually very easy.
There will come a time when your random number is not unique.
Jeff