fopen ignores backslash & first letter of filename???

fuzzy1

Hey All,
I've been getting some weird behavior of late on my WAMP stack (development server) wherein various simple scripts will only work half the time, and other weird stuff. Take the script below for example, where fopen ignores the last backslash and first letter of the file name "report.pdf" generating the error:

Warning: fopen(C:\AreaPro\wamp\www\crm\data\inspection_pdfs\Id_No eport.pdf) [function.fopen]: failed to open stream: Invalid argument...

while this problem goes away if I but change the file name to... say... "myreport.pdf" ... in either case the script prints "Insert Failed" even though the insert does not fail (though $contents [longblob] inserts only an empty blob in the first scenario using filename "report.pdf") which is just plain weird if you ask me, but I'm just a noob so... maybe someone can elucidate me here???

$pdf_id = 'Id_No';
if (!file_exists('C:\AreaPro\wamp\www\crm\data\inspection_pdfs\Id_No\report.pdf'))
{
echo "File Not Found report.pdf";
}
$filename = "C:\AreaPro\wamp\www\crm\data\inspection_pdfs\Id_No\report.pdf";
$handle = fopen($filename, "rb");
$contents = fread($handle, filesize($filename));
$contents = addslashes($contents);

$dbQuery = "INSERT INTO inspection_pdfs VALUES ('$pdf_id','$contents')";
mysql_query($dbQuery) or die("Contract Already Exists for Record No.<br>'$pdf_id'");

if(mysql_query($dbQuery)) 
{ 
print("File Inserted!"); 
} 
else
{ 
print('Insert Failed');
}

Installer

"backslash-r" means carriage return when inside double quotes. Put the string in single quotes like in the second line.

Also, do you know you're executing the query twice?

fuzzy1

Damn double quotes! \r.... got it. Thanks Installer!

You know as rule I try to avoid those double quotes, can't say why I didn't here.

As for executing the query twice... uh... really???😕

Installer

Once here:

mysql_query($dbQuery)

and then again here:

mysql_query($dbQuery)

bradgrafelman

In fact, I don't even know why you have that last if() block. You already have an "or ..." statement attached to the first mysql_query() call, so there's really no reason to check again if the query failed (assuming you rewrote it correctly in the first place).

fuzzy1

I wrestled this little nugget out of a really over complicated and poorly written tutorial trying to get a pdf into a table (and PLEASE, let's not start that debate again, PDF IN THE TABLE is what is needed for this particular application).

Anyway, I stripped it down from well near a 100 lines of crap to get what I've got. At that, tested a couple of times over a week ago, and well... it worked so I ran with it -- wasn't broke, didn't try to fix it. As of early today however, along with a couple of other scripts in another web app I'm working on I discovered it no longer worked. Go figure. Apparently I wasn't finished paring this one down.

At that fopen freed and handle were new to me, as was the $dbQuery which I gather from some digging today is a php class/Pear type thing as opposed to a simple user defined variable??? No?

Anyway, here's what I've settled on (syntax a bit more familiar to me at least). Maybe someone will come along and splain why it's screwed up too?
Thanks for the input. I learned a thing or two (I think... I hope???)

$pdf_id = $focus->id;
$filename = "$pdfdir/report.pdf";
$handle = fopen($filename, "rb");
$contents = fread($handle, filesize($filename));
$contents = addslashes($contents);

$insert = "INSERT INTO inspection_pdfs VALUES ('$pdf_id','$contents')";
$result = @mysql_query($insert) or die("Contract Already Exists for Record No.<br>'$pdf_id'");

Still, I'm finding instances today where

$sql ="some query string";
$result=@('$sql')

WILL NOT work, whereas

mysql_query("some query string");// does?
So I ask you, Is there some significant difference between...

$sql ="some query string";
AND
$query ="some query string";
OR
$my_var ="some query string"; // ????

Can anyone point me to a good discussion on the varieties of query syntax?

bradgrafelman

No, there's no difference. When you say "WILL NOT work" - what error are you getting? If you're using user-supplied data in the query, are you passing the variable(s) through a function like [man]addslashes/man or [man]mysql_real_escape_string/man first?

fuzzy1

While this DID work, and was in use for several days only a week or two ago it doesn't work now. EVER! No errors. Just... nothing happens.

<form method="post" name="ProdNo" action="">
<input type="submit" value="Sync Store" name="submit" class="btn">
</form>

<?php
// Make a MySQL Connection
require_once ('includes/mysql_connect.php'); // Connect to the db. 
mysql_select_db ('bike_shop') OR DIE ("Could Not select database'bike_shop':" . MYSQL_ERROR()); 

// Insert a row of information into the table "store_sync"

$sql = "LOAD DATA LOCAL INFILE 'c:/areapro/wamp/www/wallaby_cms/import_export/product.csv' 
INTO TABLE store_sync 
FIELDS TERMINATED BY ',' ";
$result = @mysql_query ($sql)or die ("FAILED TO LOAD product.csv DATA TO TABLE store_sync ");
?>

Trying to sort it out, I've found that the following DOES WORK... but only sometimes, and I have been the better part of the day narrowing down the curious circumstances in which it will -- and then ONLY upon CLICKING THE SUBMIT button I left in the form above it which -- by my reckoning -- shouldn't have anything to do with executing the script below??? Right?? I mean, this is all there is. In its ultimate context it would follow "if (isset($_POST['submit'])){ but I've stripped everything out to trouble shoot. What you see is ALL THERE IS. Just the script, and a residual form/submit, and I wouldn't think the submit button should have any effect.

<form method="post" name="ProdNo" action="">
<input type="submit" value="Sync Store" name="submit" class="btn">
</form>
<?php

// Make a MySQL Connection
require_once ('includes/mysql_connect.php'); // Connect to the db. 
mysql_select_db ('bike_shop') OR DIE ("Could Not select database'bike_shop':" . MYSQL_ERROR()); 

// Insert a row of information into the table "store_sync"

mysql_query("LOAD DATA LOCAL INFILE 'c:/areapro/wamp/www/wallaby_cms/import_export/product.csv' 
INTO TABLE store_sync 
FIELDS TERMINATED BY ','") 
or die(mysql_error());  

?>

I should reiterate that I'm working on a WAMP stack,
XP,
Apache 2.0.55 (Win32) ,

php5.1.2,
MySQL 5.0.18.

P.S. The query itself works perfectly, every time through PMA'S sql utitlty.

fuzzy1

SEE NOW THAT'S JUST WEIRD!!!!

This morning -- on a whim -- I decided to remove the form/submit from the original script of my last post, and try loading it again. Viola!! It works. Hmmmm?? Why? Pasted the form back in, saved, reloaded Viola!! Works EVERY TIME!!!!!!
You slpain it to me Lucy... what is the difference between the following script, and the first script in my last post that WOULD NOT WORK AT ALL YESTERDAY, but that did clearly work a week or so ago when it was originally implemented?

<form method="post" name="ProdNo" action="">
<input type="submit" value="Sync Store" name="submit" class="btn">
</form>
<?php
// Make a MySQL Connection
require_once ('includes/mysql_connect.php'); // Connect to the db. 
mysql_select_db ('bike_shop') OR DIE ("Could Not select database'bike_shop':" . MYSQL_ERROR()); 

// Insert a row of information into the table "store_sync"

$sql = "LOAD DATA LOCAL INFILE 'c:/areapro/wamp/www/wallaby_cms/import_export/product.csv' 
INTO TABLE store_sync 
FIELDS TERMINATED BY ',' ";
$result = @mysql_query ($sql)or die ("FAILED TO LOAD product.csv DATA TO TABLE store_sync ");
?>

I submit, there IS NO DIFFERENCE! They are the SAME SCRIPT!!!
Is this some MS Update screwing with me, or some undiscovered WORM or TROJAN (running AVG 7.5 and Spybot S&D) otherwise... WHAT THE HELL????:mad: