[gregwhitworth]

Sorry for the huge code listing but I am not sure where, and more importantly what the problem is. I am trying to allow the client to upload a thumbnail and a large image, and now that I have it is causing SQL errors on line 1 The SQL error is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Also if anyone has any best practices for image uploading - please let me know. Thanks.

<?php session_start(); 
include "sessionCheck.php";
sessionCheck();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/temp.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<!-- InstanceBeginEditable name="Title" -->
<title>Whitworth Gallery></title>
<!-- InstanceEndEditable --><!-- InstanceBeginEditable name="HEAD" -->
<!-- InstanceEndEditable -->
<link type="text/css" rel="stylesheet" media="screen" href="../Templates/styles/main.css"  />
<link type="text/css" rel="stylesheet" media="screen" href="../Templates/styles/fonts.css"  />
<script type="text/javascript" src="../Templates/deploy/swfobject.js"></script>
</head>

<body>	
<div id="logo">Whitworth Gallery</div>
	<div id="nav">
		<ul>
			<li><a href="../index.html">Home</a></li>
			<li><a href="../about.html">About</a></li>
			<li><a href="../store/fineArt.php">Fine Art</a></li>
		</ul>
	</div>
	
	<!-- InstanceBeginEditable name="body" -->
	<div id="bodyArea">
	
	<div id="sort">
			<p>Admin >></p>
			<ul>
				<li><a href="index.php">Admin Index</a></li>
				<li><a href="add.html">Create New Peice</a></li>
				<li><a href="addNews.html">New News Post</a></li>
			</ul>
			<br class="clear" />
		</div>
	
		<?php
		
	/**************************************************************************/
	// WhitworthGallery.org
	// --------------------
	// display.php
	// January 15th, 2009
	// Greg Whitworth
	
	
	/**************************************************************************/
	// DOCUMENT NOTES
	//--------------------------------------------------------------------------
	
   
	// DESCRIPTION
	// -----------
	//   This script shows the more info section of each item.
	
	// DEFINING DIAGRAM
	// ----------------
	// • Variable Definitions
	// • PROCESS
	// • OUTPUT
	
	
	
	/**************************************************************************/
	// INCLUDES
	//--------------------------------------------------------------------------

   		include "sqlConnection.php";
   
	/**************************************************************************/
	// VARIABLE DEFINITIONS
	//--------------------------------------------------------------------------
		
		$pageId = $_GET['pageId'];
		$fields = "id, title, description, medium, price, date, img, imgLg, edition, subject, orientation";
		$result = mysql_query("SELECT $fields FROM Art WHERE id=$pageId") or die(mysql_error());

	/**************************************************************************/
	// PROCESS
	//--------------------------------------------------------------------------
			
			// Checks to see if image has been uploaded
			
			if (isset($_POST['thumbSubmit'])) {
				if (is_uploaded_file($imgfile))	{
					   $uploaddir = "http://www.whitworthgallery.org/images/gallery/";
					   $newfile = $uploaddir . "/" . $imgfile ."_small";
						   if (!copy($imgfile, $newfile))  {
							  // if an error occurs the file could not
							  // be written, read or possibly does not exist
							  print "Error Uploading File.";
							  exit();
						   }
					}
				}
				
			// Checks to see if the large image was sent and uploaded
			
			if (isset($_POST['imgLgSubmit'])) {
				if (is_uploaded_file($imgfile))	{
					   $uploaddir = "http://www.whitworthgallery.org/images/gallery";
					   $newfile = $uploaddir . "/" . $imgfile;
						   if (!copy($imgfile, $newfile))  {
							  // if an error occurs the file could not
							  // be written, read or possibly does not exist
							  print "Error Uploading File.";
							  exit();
						   }
					}
				}		
	
			while($row = mysql_fetch_array($result)){		
			
		
	/**************************************************************************/
	// OUTPUT
	//--------------------------------------------------------------------------

		
		print "<div id=\"displayContainer\">";

		
		print "<form id=\"edit\" action=\"edit_insert.php\" method=\"post\">";
			print "<img src=\"../images/gallery/".$row{'imgLg'}."\"><br/>";
			print "<input type=\"text\" name=\"title\" id=\"title\" value=\"".$row{'title'}."\"><br/>";
			print "<textarea name=\"description\" id=\"description\" cols=\"50\" rows=\"5\">".$row{'description'}."</textarea><br/>";
			
		print "<table cellspacing=\"0\" cellpadding=\"0\" id=\"admin\">";
			print "<tr>";
				print "<td>ID: </td>";
				print "<td><input type=\"text\" name=\"id\" readonly value=\"".$row{'id'}."\"></td>";
			print "</tr>";
			
			print "<tr>";
				print "<td>Medium: </td>";
				print "<td><input type=\"text\" name=\"medium\" value=\"".$row{'medium'}."\"></td>";
			print "</tr>";
			
			print "<tr>";
				print "<td>Price: </td>";
				print "<td><input type=\"text\" name=\"price\" value=\"".$row{'price'}."\"></td>";
			print "</tr>";
			
			print "<tr>";
				print "<td>Edition Size: </td>";
				print "<td><input type=\"text\" name=\"edition\" value=\"".$row{'edition'}."\"> Leave blank if not applicable</td>";
			print "</tr>";
			
			print "<tr>";
				print "<td>Orientation: </td>";
				print "<td><input type=\"radio\" value=\"horizontal\" name=\"orientation\" /> Horizontal <input type=\"radio\" value=\"vertical\" name=\"orientation\" /> Vertical</td>";
			print "</tr>";
			
			print "<tr>";
				print "<td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"Submit\" /></td>";
			print "</tr>";
			
			print "</table>";
					print "<br/>";
					print "<br/>";
					print "<br style=\"clear: both\" />";
				print "</form>";
				
				
			// Upload thumbnail to temporary folder
			print "<form id=\"thumbUpload\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" enctype=\"multipart/form-data\">";
				print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"25000\">Upload Thumbnail: <input type=\"file\" name=\"thumbnail\"><br/>";
				print "<input type=\"submit\" value=\"Upload Thumb\" name=\"thumbSubmit\">";
			print "</form>";
			
			// Upload thumbnail to temporary folder
			print "<form id=\"imgLgUpload\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" enctype=\"multipart/form-data\">";
				print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"25000\">Upload Image: <input type=\"file\" name=\"imgLg\"><br/>";
				print "<input type=\"submit\" value=\"Upload Image\" name=\"imgLgSubmit\">";
			print "</form>"; 	 	
			print "</div>";
				}
	/**************************************************************************/
	// CHANGE LOG
	//--------------------------------------------------------------------------
	// GCW - Created php script show file based on pageId
?>


	</div>
	</div>
	<!-- InstanceEndEditable -->
	<div id="bottom">
		Copyright GKW (2008). All Rights Reserved. Web Design &amp; Development by GKW.
	</div>
</body>
<!-- InstanceEnd --></html>

[Martyr2]

First, before you get to your mysql_query call, make sure that $pageId is actually a value. Check it using an echo or something before the query is executed so you can see if it has value before being used in the query.

Next, try using an asterisk * instead of $fields in the query. If this makes your code work, then you know it is because one of your column names is a problem. My guess is that the column named "date" isn't going to work very well. In database tables you should always avoid column names that are also the names for field types. Since you can have a field type of "date" it may also be a problem for a column name.

Also make sure that your column names are exactly as they appear in the database and that they all exist.

But the problem is probably going to be related to your lines where you create the query using $pageId and $fields. So check the values and make sure that they also form a proper query. If need be echo out the query first before executing it so you can see the final query string. Then cut and paste it from the browser into something where you can query the database directly (bypassing PHP).

Follow these steps in order and you will probably find the error.

[gregwhitworth]

Ok. I don't need to do that because I had it working fine without the image upload sections. If I remove the image upload sections it works fine. But I do think that you are right in the fact the $_GET pageid is non-existent when the form of the images calls the $_SERVER['page_self']. Does anyone have a way to upload the image on this page while retaining the pageid variable?

--

Greg

This post has been edited by gregwhitworth: 19 February 2009 - 10:46 PM

[Martyr2]

Well first of all, your query is failing. That is the issue at hand here. So the problem is in your query. I do think it is the pageid as well by echoing the query that is failing, but my tests I outlined above were to find out if that was the case or not. So don't discount it before you actually try it and verify that is what is happening.

Second, if you create a hidden input field for your forms which has a value of $pageid then you can pass the pageid along with the form submission. This means at the top instead of $_GET["pageid"] you might want to go with $_REQUEST["pageid"] so that way it will accept both URL and form posts for the value "pageid".

This post has been edited by Martyr2: 19 February 2009 - 10:52 PM

[CTphpnwb]

I'm too tired to go over your code, but I will say that it is a good example of why OOP is so important. If you had it set up as objects and their functions it would be easier for you or others to find the source of the problem.

[gregwhitworth]

@CTphpnwb

Can you please explain what OOP is? Is like DOM in Javascript and Action Script.

@Martyr2

Sorry if you took what I said as discrediting. I actually copied and pasted your tips in my help.txt file for future reference, but, I knew that it wasn't the rest of the code, and that it had to be something that I just added that was causing the issue. I will change the $_GET to $_REQUEST today.

--

Greg

[CTphpnwb]

Object Oriented Programming:
http://en.wikipedia....ted_programming

[gregwhitworth]

@Object Oriented Programming:

So basically it is make 'object' or functions that can live on their own, but can send their data to other objects. Am I correct on this statement. If so, where have I gone wrong, and what should I do to make my code cleaner and more concise?

About the actual problem of this post - I changed the $_GET to $_REQUEST and it doesn't echo the $pageId so it isn't receiving it. Here is the code that deals with the sql and the images that are uploaded (which - they aren't being uploaded by the way).

// Checks to see if image has been uploaded
			
			if (isset($_POST['thumbSubmit'])) {
				if (is_uploaded_file($imgfile))	{
					   $uploaddir = "http://www.whitworthgallery.org/images/gallery";
					   $pageId = $_POST['pageId'];
					   $newfile = $uploaddir . "/" . $imgfile ."_small";
						   if (!copy($imgfile, $newfile))  {
							  // if an error occurs the file could not
							  // be written, read or possibly does not exist
							  print "Error Uploading File.";
							  exit();
						   }
					}
				}
				
			// Checks to see if the large image was sent and uploaded
			
			if (isset($_POST['imgLgSubmit'])) {
				if (is_uploaded_file($imgfile))	{
					   $uploaddir = "http://www.whitworthgallery.org/images/gallery";
					   $pageId = $_POST['pageId'];
					   $newfile = $uploaddir . "/" . $imgfile;
						   if (!copy($imgfile, $newfile))  {
							  // if an error occurs the file could not
							  // be written, read or possibly does not exist
							  print "Error Uploading File.";
							  exit();
						   }
					}
				}	
			echo $_POST['thumbSubmit'];
			echo $pageId;
			exit();
		
		$pageId = $_REQUEST['pageId'];
		$fields = "id, title, description, medium, price, date, img, imgLg, edition, subject, orientation";
		$result = mysql_query("SELECT $fields FROM Art WHERE id=$pageId") or die(mysql_error());

Here is the form:

// Upload thumbnail to temporary folder
			print "<form id=\"thumbUpload\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" enctype=\"multipart/form-data\">";
				print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"25000\">Upload Thumbnail: <input type=\"file\" name=\"thumbnail\"><br/>";
				print "<input type=\"hidden\" name=\"pageId\" value=\"".$pageId."\">";
				print "<input type=\"submit\" value=\"Upload Thumb\" name=\"thumbSubmit\">";
			print "</form>";
			
			// Upload thumbnail to temporary folder
			print "<form id=\"imgLgUpload\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" enctype=\"multipart/form-data\">";
				print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"25000\">Upload Image: <input type=\"file\" name=\"imgLg\"><br/>";
				print "<input type=\"hidden\" name=\"pageId\" value=\"".$pageId."\">";
				print "<input type=\"submit\" value=\"Upload Image\" name=\"imgLgSubmit\">";
			print "</form>"; 	 	
			print "</div>";
				}

Once again - THANK YOU TO EVERYONE HERE AT DIC. YOUR HELP IS VERY APPRECIATED.

[CTphpnwb]

gregwhitworth, on 20 Feb, 2009 - 09:17 AM, said:

@Object Oriented Programming:

So basically it is make 'object' or functions that can live on their own, but can send their data to other objects. Am I correct on this statement. If so, where have I gone wrong, and what should I do to make my code cleaner and more concise?

It's not that you've gone wrong. It's just that when you write procedural code things tend to get mixed together in ways that make it difficult to find bugs and make changes.

If you start by taking the sections you already have and putting them into functions, you'll naturally find that you end up with functions that you can group together and controlling code that can also be grouped together. It's then a simple matter to find where something has gone wrong because you can easily trace the controlling code down to the function that doesn't work properly.

OOP takes this a step further by creating objects that contain their own variables and their own functions (called methods when part of an object) so that your controlling code can tell an object to change a parameter or execute a method.

This post has been edited by CTphpnwb: 20 February 2009 - 10:34 AM

[gregwhitworth]

I appreciate the clarity and the direction. Thank you.

[gregwhitworth]

I appreciate all of the help that you guys have given me to this point - but the images aren't being uploaded to the file designated - am I doing something wrong? The permissions are fine on the folder.

// Checks to see if image has been uploaded
		   
			if (isset($_POST['thumbSubmit'])) {
				if (is_uploaded_file($imgfile))	{
					   $uploaddir = "http://www.whitworthgallery.org/images/gallery";
					   $pageId = $_POST['pageId'];
					   $newfile = $uploaddir . "/" . $imgfile ."_small";
						   if (!copy($imgfile, $newfile))  {
							  // if an error occurs the file could not
							  // be written, read or possibly does not exist
							  print "Error Uploading File.";
							  exit();
						   }
					}
				}
			   
			// Checks to see if the large image was sent and uploaded
		   
			if (isset($_POST['imgLgSubmit'])) {
				if (is_uploaded_file($imgfile))	{
					   $uploaddir = "http://www.whitworthgallery.org/images/gallery";
					   $pageId = $_POST['pageId'];
					   $newfile = $uploaddir . "/" . $imgfile;
						   if (!copy($imgfile, $newfile))  {
							  // if an error occurs the file could not
							  // be written, read or possibly does not exist
							  print "Error Uploading File.";
							  exit();
						   }
					}
				}	
			echo $_POST['thumbSubmit'];
			echo $pageId;
			exit();
	   
		$pageId = $_REQUEST['pageId'];
		$fields = "id, title, description, medium, price, date, img, imgLg, edition, subject, orientation";
		$result = mysql_query("SELECT $fields FROM Art WHERE id=$pageId") or die(mysql_error());

// Upload thumbnail to temporary folder
			print "<form id=\"thumbUpload\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" enctype=\"multipart/form-data\">";
				print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"25000\">Upload Thumbnail: <input type=\"file\" name=\"thumbnail\"><br/>";
				print "<input type=\"hidden\" name=\"pageId\" value=\"".$pageId."\">";
				print "<input type=\"submit\" value=\"Upload Thumb\" name=\"thumbSubmit\">";
			print "</form>";
		   
			// Upload thumbnail to temporary folder
			print "<form id=\"imgLgUpload\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" enctype=\"multipart/form-data\">";
				print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"25000\">Upload Image: <input type=\"file\" name=\"imgLg\"><br/>";
				print "<input type=\"hidden\" name=\"pageId\" value=\"".$pageId."\">";
				print "<input type=\"submit\" value=\"Upload Image\" name=\"imgLgSubmit\">";
			print "</form>";		  
			print "</div>";
				}

[ericr2427]

Try using the move_uploaded_file function.

[CTphpnwb]

See this link for more info: http://www.tizag.com.../fileupload.php

<?php

print '<form enctype="multipart/form-data" action="'.$_SERVER['PHP_SELF'].'" method="POST">';
print '<input type="hidden" name="MAX_FILE_SIZE" value="25000" />';
print 'Choose a file to upload: <input name="thumbnail" type="file" /><br />';
print '<input type="submit" value="UploadFile" /></form>';

$target_path =basename( $_FILES['thumbnail']['name']);;
if(move_uploaded_file($_FILES['thumbnail']['tmp_name'], $target_path)) {
	echo 'yes!';
}
?>

[gregwhitworth]

Ok - I grabbed their code on that function you suggested and it is still not working. I haven't worked with the $_FILES array before - is the "pictures" setting of that array a standard or does it work like $_POST?

Let me know - thanks.

	if (isset($_POST['thumbSubmit'])) {
					$uploads_dir = 'http://www.whitworthgallery.org/images/gallery';
					foreach ($_FILES["pictures"]["error"] as $key => $error) {
						if ($error == UPLOAD_ERR_OK) {
							$tmp_name = $_FILES["pictures"]["tmp_name"][$key];
							$name = $_FILES["pictures"]["name"][$key];
							move_uploaded_file($tmp_name, "$uploads_dir/$name");
						}
					}	
				}

[gregwhitworth]

Thanks for that CTphpnewb,

I ran into some errors and would love some help - I am going to google them just in case no one writes me, but if you can lend some help - I appreciate it - thanks.

ERROR:
Warning: move_uploaded_file(http://www.whitworthgallery.org/images/gallery/testIcon.jpg) [function.move-uploaded-file]: failed to open stream: HTTP wrapper does not support writeable connections in 'address'/uploader.php on line 44

		// Where the file is going to be placed 
		$target_path = "http://www.whitworthgallery.org/images/gallery/";
		
		/* Add the original filename to our target path.  
		Result is "uploads/filename.extension" */
		$target_path = $target_path . basename( $_FILES['imgLg']['name']); 
		
		if(move_uploaded_file($_FILES['imgLg']['tmp_name'], $target_path)) {
			echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
			" has been uploaded";
		} else {
			echo "There was an error uploading the file, please try again!";
		}

EDIT ************
Never mind - google saved the day. Thanks guys

This post has been edited by gregwhitworth: 21 February 2009 - 09:22 PM