Hi Azala,
I tried to send you mail but couldn't succed and therefore posting these info here
I have four files, my passwd and user names are hard coded.
I paste these files to here.
create database dymmy;
CREATE TABLE pix(
pid int primary key not null auto_increment,
productName text,
producPrice text,
title text,
imgdata blob)
- admin.php
<html>
<head>
<title>Administer Product Database</title>
</head>
<body>
<table>
<form name="f1" action="intermediate.php" method="post">
<tr>
<td>Login Name: </td>
<td><input type="text" name="login"></td>
</tr>
<tr>
<td>Password: </td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><input name="Submit" type="submit" value="submit"></td>
</tr>
</form>
</table>
</body>
</html>
- intermidiate.php
<html>
<head>
<title>Administer Product Database</title>
</head>
<body>
<?php
//Check Password and username here and create session for all pages.
$loginName='admin';
$password='dummy';
$fLoginName=$POST[login];
$fPassword=$POST[password];
if($loginName==$fLoginName && $password==$fPassword)
{
?>
Make your choice:
<br>
<a href="insert.php">-Add new product to Database</a>
<br>
<a href="edit.php">-Edit product in Database</a>
<br>
<a href="delete.php">-Delete product from Database</a>
<?php
}
else
{
echo "You are not authorized to view this page. Please click here to try again.";
echo "<br>";
echo "<a href=admin.php>Log in as administrator here</a>";
}
?>
</body>
</html>
- insert.php
<html>
<head>
<title>Insert Product</title>
</head>
<body>
<table>
<form name="f1" action="insert_complete.php" enctype="multipart/form-data" method="post">
<input type=hidden name=MAX_FILE_SIZE value=150000>
<input type=hidden name=completed value=1>
<tr>
<td>Product Name: </td>
<td><input type="text" name="productName"></td>
</tr>
<tr>
<td>Product Price: </td>
<td><input type="text" name="productPrice"></td>
</tr>
<tr>
<td>Product Image: </td>
<td><input name="imagefile" type="file" id="imagefile"></td>
</tr>
<tr>
<td>Image Name: </td>
<td><input name=whatsit></td>
</tr>
<tr>
<td></td>
<td><input name="Submit" type="submit" value="submit"></td>
</tr>
</form>
</table>
</body>
</html>
- insert_complete.php
<?php
$productName=$POST[productName];
$productPrice=$POST[productPrice];
//$imagefile=$POST[imagefile];
$imagefile=$POST[imagefile];
$whatsit=$_POST[whatsit];
// Connect to database
$errmsg = "";
if (! @mysql_connect("localhost","root","")) {
$errmsg = "Cannot connect to database";
}
@mysql_select_db("dummy");
// First run ONLY - need to create table by uncommenting this
// Or with silent @ we can let it fail every sunsequent time ;-)
//$q = <<<CREATE
//create table pix (
// pid int primary key not null auto_increment,
// title text,
// imgdata blob)
//CREATE;
//@($q);
// Insert any new image into database
if ($REQUEST[completed] == 1) {
// Need to add - check for large upload. Otherwise the code
// will just duplicate old file ;-)
// ALSO - note that latest.img must be public write and in a
// live appliaction should be in another (safe!) directory.
// move_uploaded_file($FILES['imagefile']['tmp_name'],"latest.img");
move_uploaded_file($_FILES['imagefile']['tmp_name'],"images/".$_FILES['imagefile']['name']);
$instr = fopen("images/".$_FILES['imagefile']['name'],"rb");
$image = addslashes(fread($instr,filesize("images/".$_FILES['imagefile']['name'])));
/
if (strlen($instr) < 149000) {
mysql_query ("insert into pix (productName, producPrice, title, imgdata) values (\"".
$productName.
"\", \"".
$productPrice.
"\", \"".
$_REQUEST[whatsit].
"\", \"".
$image.
"\")");/
if (strlen($instr) < 149000) {
$sql = "INSERT INTO pix ";
$sql .= "(productName, producPrice, title, imgdata) ";
$sql .= "VALUES ('$productName', '$productPrice', '$whatsit','$image')";
// $sql .= "'$productName', '$productPrice', '$whatsit','$image')";
mysql_query($sql);
} else {
$errmsg = "Too large!";
}
}
// Find out about latest image
$gotten = @("select * from pix order by pid desc limit 1");
//if ($row = @mysql_fetch_assoc($gotten)) {
while ($row = @mysql_fetch_assoc($gotten)) {
$pName = htmlspecialchars($row[productName]);
$pPrice = htmlspecialchars($row[producPrice]);
$title = htmlspecialchars($row[title]);
$bytes[] = $row[imgdata];
}
if ($_REQUEST[gim] == 1) {
header("Content-type: image/jpeg");
for ($x=0; $x < count($bytes); $x++){
//echo $bytes[$x]."<br><br>";
echo '<img src="'.$bytes[$x].'"><br><br>';
}
exit ();
}
//else{
//echo "Error";
//}
/*
while ($row = @mysql_fetch_assoc($gotten)) {
$pName = htmlspecialchars($row[productName]);
$pPrice = htmlspecialchars($row[producPrice]);
$title = htmlspecialchars($row[title]);
$bytes = $row[imgdata];
if ($_REQUEST[gim] == 1) {
header("Content-type: image/jpeg");
print $bytes;
exit ();
}
} *//*else {
$errmsg = "There is no image in the database yet";
$title = "no database image available";
// Put up a picture of our training centre
$instr = fopen("images/1.gif","rb");
$bytes = fread($instr,filesize("images/1.gif"));
}*/
// If this is the image request, send out the image
/
if ($_REQUEST[gim] == 1) {
header("Content-type: image/jpeg");
print $bytes;
exit ();
}/
?>
<html><head>
<title>Insert Complete</title>
<body bgcolor=white><h2>Here's the latest picture</h2>
<font color=red><?= $errmsg ?></font>
<center><?php require 'insert_complete.php?gim=1'; ?><br>
<center><img src=?gim=1 width=144><br>
<b><?= $title ?></center>
<hr>
<h2>Upload a new product to Database.</h2>
<form enctype=multipart/form-data method=post>
<input type=hidden name=MAX_FILE_SIZE value=150000>
<input type=hidden name=completed value=1>
Product Name: <input type="text" name="productName"><br>
Product Price: <input type="text" name="productPrice"><br>
Please choose an image to upload: <input type=file name=imagefile><br>
Please enter the title of that picture: <input name=whatsit><br>
then: <input type=submit></form><br>
</body>
</html>
thanks for your help in advance
best regards
/rsasalm
