i am wondering if anyone would help me to re-write this code that i have. i am still kind of a newbie and trying to learn about php, and mysql. i am working on a school project.
i am working on an e-commerce website, and an administration. in my script, that i have below, i think i have two upload scripts, but i think i only need one. i have a script that uploads the file to a folder on my server, the file gets uploaded to the correct folder fine. but the only problem that i'm having trouble with is trying to get my image to display on the e-commerce website i'm working on. i'm uploading the image from the admin and i want the image to be displayed on the e-commerce website
the admin sites that i'm working on is:
http://www.wootenmedia.com/admintest/add3_1.php
this is the ecommerce website
http://www.wootenmedia.com/wootenmusic7/guitars.php
i'm asking if anyone would help me to add, change, delete any code that i have for this page/code to work?
what i have on the page so far is a script that adds information from the form into the database. the information from the form such as name, description, and price does go to and enter information into the database. what i want to get working is on the page is when someone browses for an image they will be able to upload that image and that image will be uploaded into a folder, then once it is in that folder, it will give that image name to the database so that the image will be able to display from the database on to the products page of the e-commerce website.
here's the code:
<form action="<? $_SERVER['PHP_SELF']; ?>" method="post" ENCTYPE="multipart/form-data">
Choose a product category <br>
<select name="txtCatID" id="select">
<option alue="0" SELECTED>0</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
</select><br>
Choose product items to add to your product pages <br>
<input type="hidden" name="<?echo '$txtCatID';?>">
<select name="txtprodItems" id="select">
<option alue="Guitars" SELECTED>Guitars</option>
<option value="Drums">Drums</option>
<option value="Amps">Amps</option>
<option value="Books">Books</option>
</select>
item name<br>
<input type="text" name="txtItemName"><br>
item description<br>
<input type="text" name="txtItemDesc"><br>
item price<br>
<input type="text" name="txtItemPrice"><br>
upload image<br>
<INPUT TYPE="HIDDEN" NAME="MAX_FILE_SIZE" VALUE="800000">
<INPUT TYPE="HIDDEN" NAME="action" VALUE="1">
<input type="file" name="txtItemImage"><br>
<input type="submit" name="submit" value="submit"><input type="Reset">
<?php
$submit = $_POST['submit'];
if(isset($submit)){
include("db2.php");
// Get a connection to the database
$cxn = @ConnectToDb($dbServer, $dbUser, $dbPass, $dbName);
$txtCatID = $_POST['txtCatID'];
$txtprodItems = $_POST['txtprodItems'];
$txtItemName = $_POST['txtItemName'];
$txtItemDesc = $_POST['txtItemDesc'];
$txtItemPrice = $_POST['txtItemPrice'];
$txtItemImage = $_POST['txtItemImage'];
$theSQL = "insert into items (prodItems, catid, itemName, itemDesc, itemPrice, ItemImage)";
$theSQL = $theSQL . " values ('$txtprodItems', '$txtCatID', '$txtItemName', '$txtItemDesc', '$txtItemPrice', '{$_FILES['upload']['name']}')";
$result = mysql_query($theSQL);
if ($result)
{
$extension = explode ('.', $_FILES['upload']['name']);
$uid = mysql_insert_id();
$filename = $uid . '.' . $extension[1];
if (move_uploaded_file($_FILES['upload']['tmp_name'], "php_cart/p_imgs/$filename"))
{
$query = "SELECT * FROM items";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
}
}
$query = "SELECT * FROM items";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row)
{
echo '<a href="'.$row[4].'" target="_blank"><img src="php_cart/p_imgs/'.$row[0].'.gif" border=0></a>';
$update ="UPDATE items WHERE itemId = $row[0]";
$result = @mysql_query ($update);
}
mysql_close();
$i=0;
$dir = "/home/username/public_html/php_cart/p_imgs/";
$bigdir = "/php_cart/"; // originalsized, using same names as thumbs
echo '<table>';
if ($handle = opendir($dir)) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
$i++;
// opens row and column is remainder is odd else open column
if ($i%2=='1'){ echo '<tr><td>'; }else{ echo '<td>'; }
echo "<p align='center'><a href=\"$bigdir/$file\"><img src=\"$dir/$file\" border=\"1\"></a></p>";
// closes row and column is remainder is odd else close column
if ($i%2=='1'){ echo '</td>'; }else{ echo '</td></tr>'; }
}
}
echo '</table>';
closedir($handle);
}
$dbname = "database";
$tblname = "items";
$linkid = mysql_connect("localhost", "username", "password")
or die("Couldn't connect.");
$db = mysql_select_db($dbname, $linkid) or die("Couldn't select database.");
mysql_query ("SELECT * FROM $tblname");
echo "$select<br>";
$host ="localhost";
$dbuser="username";
$dbpass="password";
$database="database";
mysql_connect($host,$dbuser,$dbpass);
mysql_select_db($database) or die ("Unable to select database");
$query2="SELECT * FROM $tblname";
$result3=mysql_query($query2);
$num=mysql_numrows($result3);
$result3 = mysql_query($query2, $linkid);
$result3 = mysql_query($query2);
$sql2 = "$query2";
$results2 = mysql_query($sql2) or die(mysql_error());
echo "<table border='1'>";
while($products = mysql_fetch_array($results2)){
echo "<tr>
<td>
<span>".$products[3]."</span><br />
<a href=\"add3_1.php?id=".$products[1]."\">
<img src='php_cart/p_imgs/".$products[4]."'
alt='".$products[3]."' /></a>
</td>
</tr>
</table>";
}
echo "<br><br>";
echo "Thanks, the items have been added to category<br><br>";
echo "
The items that you have add to the category are:
<br>
Product Items: $txtprodItems <br>
Cat Id: $txtCatID <br>
Item Description: $txtItemDesc <br>
Item Price: $ $txtItemPrice <br>
Item Image: $txtItemImage
";
}
else
{
echo "<br><br><br>You Have To Enter In All Information Before Results Can Show";
}
?>
<?php if ($HTTP_POST_VARS['action']) { ?>
<br><FONT FACE="Arial, Helvetica, sans-serif"><FONT SIZE="+1">File Upload
Results</FONT>
<?php
$uploadpath = '/home/username/public_html/php_cart/p_imgs/';
$source = $HTTP_POST_FILES['txtItemImage']['tmp_name'];
$source_name = $HTTP_POST_FILES['txtItemImage']['name'];
$source_size = $HTTP_POST_FILES['txtItemImage']['size'];
$source_type = $HTTP_POST_FILES['txtItemImage']['type'];
$source_error = $HTTP_POST_FILES['txtItemImage']['error'];
$dest = '';
echo "$upload_tmp_dir";
if ( ($source != 'none') && ($source != '' )) {
$imagesize = getimagesize($source);
switch ( $imagesize[2] ) {
case 0:
echo '<BR> Image is unknown <BR>';
break;
case 1:
echo '<BR> Image is a GIF <BR>';
echo 'Image uploaded!!';
$dest = $uploadpath.uniqid('img').'.gif';
break;
case 2:
echo '<BR> Image is a JPG <BR>';
echo 'Image uploaded!!';
$dest = $uploadpath.uniqid('img').'.jpg';
break;
case 3:
echo '<BR> Image is a PNG <BR>';
echo 'Image uploaded!!';
$dest = $uploadpath.uniqid('img').'.png';
break;
}
if ($source_type = 'text/plain')
{
echo '<br>The name of the uploaded files is: ';
echo "$source_name";
}
// put the file where we'd like it
$upfile = $uploadpath . $source_name;
// is_uploaded_file and move_uploaded_file added at version 4.0.3
if (is_uploaded_file($source))
{
if (!move_uploaded_file($source, $upfile))
{
echo 'Problem: Could not move file to destination directory';
exit;
}
}
else
{
echo 'Problem: Possible file upload attack. Filename: '.$source_name;
exit;
}
if ( $dest != '' ) {
if ( move_uploaded_file( $source, $dest ) ) {
echo 'File successfully stored.<BR>';
} else {
echo '.<BR>';
}
}
} else {
echo 'File not supplied, or file too big.<BR>';
}
?>
</BODY>
</HTML>
<?php } else { ?>
<?php
}
?>
</body>
</html>
