Upload Image Error

drax007

Hi there,

Im trying to upload an image to a directory and insert a pointer for that image in a table in my database along with other various of attributes of data.

i was so sure the code was correct, but keep getting a 404 error when running the page and trying to upload image by cicking submit.... Heres whats in the browser when i get the 404 error: http://localhost/woodside/%3C?=$_SERVER['PHP_SELF']?>

Could anybody take a glance at the code and shed some light on it please?

Thank You

<?php
//image upload test
$file_dir = "C:/wamp/www/Woodside/Images/";
$link_dir = "./images/";
$file_url = "http://localhost/woodside/images/";

if (isset($_POST['submit']))
	{
$image_name = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
$uploadfile = $file_dir.basename($image_name);
if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";
// Query to insert data
$sql = "INSERT INTO `animaltable` (`Name`, `Type`, `Breed`, `Image`) VALUES ('".$_POST['pname']."', '".$_POST['ptype']."', '".$_POST['breed']."', '".$link_dir.$image_name."')";
echo "$sql<br />";
//mysql_query($sql)or die(mysql_error());

} else {
   echo "Possible file upload attack!\n";
}
// Uncomment these lines if you are having problems
//echo 'Here is some more debugging info:';
//print_r($_FILES);

print "</pre>";
	  print "<center>Image path: $file_dir<br>\n";
	  print "<center>Image name: $image_name<br>\n";
	  print "<center>Image size: $image_size bytes<br>\n";
	  print "<center>Image type: $image_type<p><br>\n\n";
      print "<img src=\"$file_url/$image_name\"><p>\n\n";
}
?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="POST" enctype="multipart/form-data">
Pet Name <input type=text name=pname /><br />
Type <input type=text name=ptype /><br />
Breed <input type=text name=breed /><br />
<input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="file" accept=".jpg" size="20" name="image" title="Image Upload" /><br>

<input type="submit" name=submit value="Submit">

</form>

mzonas

yo. Try to use in form:

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="POST" enctype="multipart/form-data">

if that doesn't help, try this:

$url = $_SERVER["PHP_SELF"];
<?php print "<form action='$url' method='POST' enctype='multipart/form-data'>

tell me if it helps ;]

bradgrafelman

The problem is that your server doesn't have short_tags enabled (as it shouldn't), so '<?' won't work - you need to use the full '<?php' tags.

Also note that mzonas is on the right track, though his/her first coding snippet is missing a vital part - an echo statement. The fix, then, would be:

<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" enctype="multipart/form-data">

drax007

Hi there,

Thanks everybody for replying 🙂

I changed the line of code on the form to:

<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" enctype="multipart/form-data"

This has fixed the 404 error, thank you very much 🙂

It has however created a new error...

I have tried to simpliy the page code by removing the other attributes in the table (that are inserted with the image) except for the image itself and the AnimalID (the Primary KEY Animal table of which image is an attribute of)......

When i run the page i get this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Image`) VALUES ('52','./Images/linda.GIF')' at line 1

Please Note: The number 52 is the AnimalID number (most recent AnimalID record)....which is determind by another simple query that ORDERS Animal records by AnimalID Desc (SEE 1st 5 lines of code)

The animal table is never updated as the image field is alwasy empty (when checkedwith phpmyamdmin)...However the image is uploaded to the specificed directory.!!

If anybody could help me, that be great as i been stuck on this for a long time now and feel are close! 🙂

Heres the simplified page code:


<?php
mysql_select_db($database_woodside, $woodside);
$query_animal = "SELECT AnimalID FROM animal ORDER BY AnimalID DESC";
$animal = mysql_query($query_animal, $woodside) or die(mysql_error());
$row_animal = mysql_fetch_assoc($animal);
$totalRows_animal = mysql_num_rows($animal);


//image upload test
$file_dir = "C:/wamp/www/Woodside/Images/";
$link_dir = "./Images/";
$file_url = "http://localhost/woodside/Images/";

if (isset($_POST['submit']))
	{
$image_name = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
$uploadfile = $file_dir.basename($image_name);
if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";
// Query to insert data
mysql_select_db($database_woodside, $woodside);
$sql = "INSERT INTO `animal` (`AnimalID`,` `Image`) VALUES ('".$_POST['panimal']."','".$link_dir.$image_name."')";
echo "$sql<br />";
mysql_query($sql)or die(mysql_error());

} else {
   echo "Possible file upload attack!\n";
}
//Uncomment these lines if you are having problems
echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";
	  print "<center>Image path: $file_dir<br>\n";
	  print "<center>Image name: $image_name<br>\n";
	  print "<center>Image size: $image_size bytes<br>\n";
	  print "<center>Image type: $image_type<p><br>\n\n";
      print "<img src=\"$file_url/$image_name\"><p>\n\n";
}
?>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST" enctype="multipart/form-data"><br/>

<input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="file" accept=".jpg" size="20" name="image" title="Image Upload" /><br>

<input type="submit" name=submit value="Submit">
<input name="panimal" type="hidden" value="<?php echo $row_animal['AnimalID']; ?>" />
</form>
<?php
mysql_free_result($animal);
?>

Please help me! :eek:

drax007

Hi there,

I just tried removing AnimalID from this bit of code: [/code]$sql = "INSERT INTO animal (AnimalID,Image`) VALUES ('".$_POST['panimal']."','".$link_dir.$image_name."')";[/code], so it only inserts the image! and it works!!!

But it automatically does it using a new AnimalID record....i need to make it so the AnimalID record is updated.....

How do i change the insert to an update???

bradgrafelman

I see you're echo'ing out the SQL query... can you paste what is outputted for us to examine?

EDIT: Wait, are you trying to add data to a pre-existing row? In other words, there is already a row INSERT'ed into this table, and you're simply trying to add data to the "Image" column? If so, using an INSERT query makes no sense - INSERT queries do exactly that, INSERT a new row.

Instead, you should be using an UPDATE query.

drax007

Hi there,

Yes i just realised that, i need an update .....i must be such a noob coz im having trouble tryinmg to convert it to an update....???/

Thanks 🙂

bradgrafelman

Show us what you tried.

drax007

Hi there, ive got this far:

$sql = "UPDATE `animal` SET `Image`=`$link_dir.$image_name` WHERE `AnimalID`=$query_animal";

The image uploads to the folder but not to the database....the error message says:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT AnimalID FROM animal ORDER BY AnimalID DESC' at line 1

Im obviously missing something here??

Thanks

drax007

There more code i used for the update...heres the code in full:

<?php require_once('Connections/woodside.php'); ?>
<?php
//image upload test
$file_dir = "C:/wamp/www/Woodside/Images/";
$link_dir = "./Images/";
$file_url = "http://localhost/woodside/Images/";
$image_name = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
$uploadfile = $file_dir.basename($image_name);
if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";


function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    

    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

   }
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE animal SET Image=('".$link_dir.$image_name."') WHERE AnimalID=%s",
                       //GetSQLValueString($_POST['image'], "text"),
                       GetSQLValueString($_POST['panimal'], "int"));

  mysql_select_db($database_woodside, $woodside);
  $Result1 = mysql_query($updateSQL, $woodside) or die(mysql_error());

  $updateGoTo = "latestTESTv2.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

$colname_animal = "-1";
if (isset($_GET['recordID'])) {
  $colname_animal = (get_magic_quotes_gpc()) ? $_GET['recordID'] : addslashes($_GET['recordID']);
}
mysql_select_db($database_woodside, $woodside);
$query_animal = sprintf("SELECT AnimalID, Image FROM animal WHERE AnimalID = %s", $colname_animal);
$animal = mysql_query($query_animal, $woodside) or die(mysql_error());
$row_animal = mysql_fetch_assoc($animal);
$totalRows_animal = mysql_num_rows($animal);


//Uncomment these lines if you are having problems
echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";
	  print "<center>Image path: $file_dir<br>\n";
	  print "<center>Image name: $image_name<br>\n";
	  print "<center>Image size: $image_size bytes<br>\n";
	  print "<center>Image type: $image_type<p><br>\n\n";
      print "<img src=\"$file_url/$image_name\"><p>\n\n";


?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form name="form1" action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data"><br/>

<input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input type="file" accept=".jpg" size="20" name="image" title="Image Upload" /><br>

<input type="submit" name=submit value="Submit">
<input name="panimal" type="hidden" value="<?php echo $row_animal['AnimalID']; ?>" />
<input type="hidden" name="MM_update" value="form1">
</form>
</body>
</html>
<?php
mysql_free_result($animal);
?>

Still not quite working....Somebody help me ?? please!!!

drax007

Hi there,

bit more info that may be helpful?? I added

error_reporting(E_ALL);
ini_set('display_errors', '1');

to try to see what errors are thrown and this is what is says when i try to run page:
Notice: Undefined index: image in C:\wamp\www\Woodside\latestTESTv2.php on line 8

Notice: Undefined index: image in C:\wamp\www\Woodside\latestTESTv2.php on line 9

Notice: Undefined index: image in C:\wamp\www\Woodside\latestTESTv2.php on line 10

Notice: Undefined index: image in C:\wamp\www\Woodside\latestTESTv2.php on line 12

that points to these lines of code:

$file_url = "http://localhost/woodside/Images/";

if (isset($_POST['submit']))
	{
$image_name = $_FILES['image']['name'];

So it looks like theres a problem with th $image there somewhere...

Any ideas anybody please ????? 🙂