Search the Community
Showing results for tags 'chapter 19'.
-
For some reason the images I am uploading to my uploads folder are just showing as blank, the files are there but it is not showing them as images. It is written that the type of file it is is just File. and it shows the path to the image D:\xampp\htdocs\uploads. My add_print.php is just fine as far as I can tell. I tested it with the script written by Larry in the working files for this book, it doesn't work either. I checked my permissions for my uploads folder and they look fine too. I am thinking the problem is maybe because no Mime type is specified for the images being uploaded. If that isn't where the error is, it is maybe in the code below, where my uploads folder is. it is specified as ../../../uploads. any help would be appreciated. if (is_uploaded_file($_FILES['image']['tmp_name'])){ $temp = '../../../uploads/' . md5($_FILES['image']['name']); if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)){ echo '<p>The file has been uploaded!</p>'; $i = $_FILES['image']['name']; or could the problem be below:? if (mysqli_stmt_affected_rows($stmt) == 1){ echo '<p>The print has been added.</p>'; $id = mysqli_stmt_insert_id($stmt); rename ($temp, "../../../uploads/$id"); $_POST = array();
-
After exhausting searching and trying many different things and asking people about the add_print.php script in chapter 19 I am now positive that there are errors in this script. I have tried using the exact script supplied by the author in his working files and the images don't display in my uploads folder, and they also don't show up in my view_print.php page. I put the entire script up on stack overflow and got an answer that partially helped fix this. I however still don't see the images on my view_print pages. The show_image.php isn't doing it's job like it should, and I am using the exact files provided by the author. This is extremely frustrating and time consuming, one would expect the examples to be error free. Here is the fix I got on stack overflow. You need to add a couple lines of code and change one line to actually display the image in your uploads folder. The entire modified script is below. Note that this doesn't entirely fix the problem though, you still don't see the images on the view_print.php page. $path_parts = pathinfo($_FILES["image"]["name"]); $extension = $path_parts['extension']; $id = mysqli_stmt_insert_id($stmt); // Get the print ID. rename ($temp, "../../../uploads/$id.".".$extension"); <?php # Script 19.2 - add_print.php // This page allows the administrator to add a print (product). require ('../../mysqli_connect.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form. // Validate the incoming data... $errors = array(); // Check for a print name: if (!empty($_POST['print_name'])) { $pn = trim($_POST['print_name']); } else { $errors[] = 'Please enter the print\'s name!'; } // Check for an image: if (is_uploaded_file ($_FILES['image']['tmp_name'])) { // Create a temporary file name: $temp = '../../../uploads/' . md5($_FILES['image']['name']); // Move the file over: if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)) { echo '<p>The file has been uploaded!</p>'; // Set the $i variable to the image's name: $i = $_FILES['image']['name']; } else { // Couldn't move the file over. $errors[] = 'The file could not be moved.'; $temp = $_FILES['image']['tmp_name']; } } else { // No uploaded file. $errors[] = 'No file was uploaded.'; $temp = NULL; } // Check for a size (not required): $s = (!empty($_POST['size'])) ? trim($_POST['size']) : NULL; // Check for a price: if (is_numeric($_POST['price']) && ($_POST['price'] > 0)) { $p = (float) $_POST['price']; } else { $errors[] = 'Please enter the print\'s price!'; } // Check for a description (not required): $d = (!empty($_POST['description'])) ? trim($_POST['description']) : NULL; // Validate the artist... if ( isset($_POST['artist']) && filter_var($_POST['artist'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $a = $_POST['artist']; } else { // No artist selected. $errors[] = 'Please select the print\'s artist!'; } if (empty($errors)) { // If everything's OK. // Add the print to the database: $q = 'INSERT INTO prints (artist_id, print_name, price, size, description, image_name) VALUES (?, ?, ?, ?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'isdsss', $a, $pn, $p, $s, $d, $i); mysqli_stmt_execute($stmt); // Check the results... if (mysqli_stmt_affected_rows($stmt) == 1) { // Print a message: echo '<p>The print has been added.</p>'; // Rename the image: $path_parts = pathinfo($_FILES["image"]["name"]); $extension = $path_parts['extension']; $id = mysqli_stmt_insert_id($stmt); // Get the print ID. rename ($temp, "../../../uploads/$id.".".$extension"); // Clear $_POST: $_POST = array(); } else { // Error! echo '<p style="font-weight: bold; color: #C00">Your submission could not be processed due to a system error.</p>'; } mysqli_stmt_close($stmt); } // End of $errors IF. // Delete the uploaded file if it still exists: if ( isset($temp) && file_exists ($temp) && is_file($temp) ) { unlink ($temp); } } // End of the submission IF. // Check for any errors and print them: if ( !empty($errors) && is_array($errors) ) { echo '<h1>Error!</h1> <p style="font-weight: bold; color: #C00">The following error(s) occurred:<br />'; foreach ($errors as $msg) { echo " - $msg<br />\n"; } echo 'Please reselect the print image and try again.</p>'; } // Display the form... ?> <h1>Add a Print</h1> <form enctype="multipart/form-data" action="add_print.php" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="524288" /> <fieldset><legend>Fill out the form to add a print to the catalog:</legend> <p><b>Print Name:</b> <input type="text" name="print_name" size="30" maxlength="60" value="<?php if (isset($_POST['print_name'])) echo htmlspecialchars($_POST['print_name']); ?>" /></p> <p><b>Image:</b> <input type="file" name="image" /></p> <p><b>Artist:</b> <select name="artist"><option>Select One</option> <?php // Retrieve all the artists and add to the pull-down menu. $q = "SELECT artist_id, CONCAT_WS(' ', first_name, middle_name, last_name) FROM artists ORDER BY last_name, first_name ASC"; $r = mysqli_query ($dbc, $q); if (mysqli_num_rows($r) > 0) { while ($row = mysqli_fetch_array ($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Check for stickyness: if (isset($_POST['artist']) && ($_POST['artist'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } } else { echo '<option>Please add a new artist first.</option>'; } mysqli_close($dbc); // Close the database connection. ?> </select></p> <p><b>Price:</b> <input type="text" name="price" size="10" maxlength="10" value="<?php if (isset($_POST['price'])) echo $_POST['price']; ?>" /> <small>Do not include the dollar sign or commas.</small></p> <p><b>Size:</b> <input type="text" name="size" size="30" maxlength="60" value="<?php if (isset($_POST['size'])) echo htmlspecialchars($_POST['size']); ?>" /> (optional)</p> <p><b>Description:</b> <textarea name="description" cols="40" rows="5"><?php if (isset($_POST['description'])) echo $_POST['description']; ?></textarea> (optional)</p> </fieldset> <div align="center"><input type="submit" name="submit" value="Submit" /></div> </form> </body> </html>
- 16 replies
-
I am having trouble creating the code to improve the security of add_print.php in Chapter 19. I am adapting the code from chapter 11 to this problem and not having any luck. I want to validate the file type before adding a print to the database. Does anyone have the solution to this review and pursue question? thanks