I have strayed slightly from my studies and attempted to write my own little upload form script.
I am stuck on, well, a lot of places… But the one thing I am looking for is, if $variable = $_POST[‘variable’]; is empty, I would like another value uploaded to the database in it’s place.
Something like:
[code=php]
require_once(‘php/conn.php’);
if(isset($_POST[‘submit’]))
{
$day = $_POST[‘day’];
$month = $_POST[‘month’];
$year = $_POST[‘year’];
$title = $_POST[‘title’];
$sender = $_POST[‘sender’];
$picture = $_FILES[‘picture’][‘name’];
$output_form = false;
if(empty($day))
{ $day == date(‘j’); }
else { $day = $_POST[‘day’]; }
if(empty($month))
{ $month == date(‘F’); }
else { $month = $_POST[‘month’]; }
if(empty($year))
{ $year == date(‘Y’); }
else { $year = $_POST[‘year’]; }
if(empty($title))
{ $title == “no title”; }
else { $title = $_POST[‘title’]; }
if(empty($sender))
{ $title == “anonymous”; }
else { $title = $_POST[‘sender’]; }
if() {}
$connect = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD) or die(‘Problem connecting to Database’) ;
mysqli_select_db($connect, DB_NAME);
$query = “INSERT INTO images VALUES (0, ‘$day’, ‘$month’, ‘$year’, ‘$title’, ‘$sender’, ‘$picture’)” ;
$data = mysqli_query($connect, $query) or die(‘Problem Inserting into Database’);
echo ‘<h3>Image successfull uploaded</h3>’;
echo ‘Click here to insert another <a href=”manual.php”>Manual Upload</a>’;
mysqli_close($connect);
}
[code=php]$_POST['foo'] = isset($_POST['foo']) && !empty($_POST['foo'] ? $_POST['foo'] : "default value";[/code]
So what's the problem you are having?
Your current code is quite error prone, for example you will generate a notice level error if one of the fields you expect isn't set as you never check before trying to use it. There is also no need for all the re-assignment of variables, I still don't get why people always seem to think this is necessary!
[code=php]$_POST['foo'] = isset($_POST['foo']) && !empty($_POST['foo'] ? $_POST['foo'] : "default value";[/code]
BTW your current code is very insecure, I would have a read up on SQL injection attacks.[/QUOTE]
[code=php]
if(!empty($day)) { $_POST['day']; }
else { $day == date(''); }[/code]
[code=php]
<?php
require_once('php/conn.php');
if(isset($_POST['submit']))
{
$day = trim($_POST['day']);
$output_form = false;
if(isset($_POST['day']) && !empty($_POST['day']))
{ $connect = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD) or die('Problem Connecting') ;
mysqli_select_db($connect, DB_NAME);
$query = "INSERT INTO images (day) VALUES ('$day')" ;
$data = mysqli_query($connect, $query) or die('Problem Inserting');
echo '<h3>Image successfull uploaded</h3>';
echo 'Click here to insert another <a href="manual.php">Manual Upload</a>';
$day = "";
mysqli_close($connect);
}
else { echo 'WHAT AM I DOING WRONG???';}
}
else { $output_form = true; }
[/code]
[code=php]
$day = $_POST['day'];
$month = $_POST['month'];
$year = $_POST['year'];
$title = $_POST['title'];
$sender = $_POST['sender']; [/code]
[code=php]$_POST['day'] = isset($_POST['day']) && !empty($_POST['day'] ? $_POST['day'] : date('d');
$_POST['month'] = isset($_POST['month']) && !empty($_POST['month'] ? $_POST['month'] : date('m');
// etc[/code]
You haven't done anything which will protect you against SQL injection. All trim() does is remove any whitespace from the start and end of the string.
By reassigning variables I mean this:
[code=php]
$day = $_POST['day'];
$month = $_POST['month'];
$year = $_POST['year'];
$title = $_POST['title'];
$sender = $_POST['sender']; [/code]
All it does is complicate things introduce more areas for error.
To set defaults you can just check if the field was posted and filled in, and if not set your default. This is what the code I posted above does:
[code=php]$_POST['day'] = isset($_POST['day']) && !empty($_POST['day'] ? $_POST['day'] : date('d');
[/QUOTE]
$_POST['month'] = isset($_POST['month']) && !empty($_POST['month'] ? $_POST['month'] : date('m');
// etc[/code]
[code=php]if(empty($month))
{ $month == date('F'); }
else { $month = $_POST['month']; }[/code]
[code=php]if (!isset($_POST['day']) || empty($_POST['day'])) {
$_POST['day'] = date('d');
}[/code]
Tell me... Why on earth do all 3 text books I am learning from & use as a reference, don't tell us to do it that way? Unless that's just a more advanced way & I haven't reached those chapters yet![/QUOTE]
[CODE]function mysql_insert_array($data, $table = 'users') {
include($_SERVER['DOCUMENT_ROOT'].'/includes/vit.php');
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die();
foreach ($data as $field=>$value) {
$fields[] = '' . $field . '
';
$values[] = "'" . mysql_real_escape_string($value) . "'";
}
$field_list = join(',', $fields);
$value_list = join(', ', $values);
$query = "INSERT INTO " . $table . "
(" . $field_list . ") VALUES (" . $value_list . ")";
if (mysql_query($query)) return true;
return false;
}[/CODE]
[CODE]$ary = array(
'user_name'=>$_POST['username'],
'password'=>$_POST['password'],
'first_name'=>$_POST['first'],
'last_name'=>$_POST['last'],
'phone'=>$_POST['phone'],
'email'=>$_POST['email'],
'paymentTag'=>false);
mysql_insert_array($ary);[/CODE]
$month == date('F'); is saying "is the result of the date('F') function equal to the contents of the $month variable?". The == operator is for checking equality, not assignment. So if $month is empty what you are inserting into your db is not the result of the $date function but the boolean value false.[/QUOTE]
The code I gave you is just a shorthand way of writing the same thing (minus errors and reassignment of variables ?). Note that I use isset() first. Because expressions are evaluated from left to right.[/QUOTE]
[code=php]
define('DB_HOST','localhost');
define('DB_USER','root');
define('DB_PASSWORD','*****');
define('DB_NAME','database_name');
[/code]
Original Post or Original Poster[/QUOTE]
SrWebDeveloper: So... With regards to coding defensively, I guess what I have to do is write code as if Every One is out to get me. Hehe... It seems the only way to learn this, as it isn't quiet as "basic" as learning HTML or CSS, is by repetition and making mistakes. Just have to code, code, code...[/quote]
It's the mistakes that make you wise. Plus a thousand other cliche's! :p[/QUOTE]
I consider it good practice, or so I am told (LoL) to use a separate file for connection variables anyways, usually a connect.php page and then just require_once(); it in...[/QUOTE]
True statement. And ideally this connection file is located outside the document root and is accessibly only by www/apache and privileged developers (you and w/e co-developers [B]need[/B] access).[/QUOTE]
[CODE]
JavaScript Operators:
(condition) ? value1 : value 2
[/CODE]
[code=php]
$_POST['day'] = isset($_POST['day']) && !empty($_POST['day'] ? $_POST['day'] : date('d');[/code]
?: is called the ternary operator and it's common in most C style languages (C, java, js, PHP etc).
It works like an inline if statement - if condition is true then x else y. It just evaluates to one of the 2 values depending on the condition, nothing more complicated than that.
You can use the assignment operator (=) to assign the evaluated result to a variable, or you can use it directly (with return or echo for example).[/QUOTE]
Not sure why, but I really don't like the ternary "operator." I almost always use an if() block ...[/QUOTE]
[code=php]$_POST['day'] = isset($_POST['day']) && !empty($_POST['day'] ? date('m') : date('d');[/code]
[code=php]if (isset($_POST['day']) && !empty($_POST['day'])) {
$_POST['day'] = date('m');
} else {
$_POST['day'] = date('d');
}[/code]
[code=php]
// add one to $x
$x++;
[/code]
[code=php]$_POST['day'] = isset($_POST['day']) && !empty($_POST['day'] ? $_POST['day'] : date('d'); [/code]
Doesn't seem to like echo...[code=php]$_POST['day'] = isset($_POST['day']) && !empty($_POST['day'] ? echo $_POST['day'] : echo date('d'); [/code]
[code=php]$_POST['day'] = isset($_POST['day']) && !empty($_POST['day']) ? $day1 = $_POST['day'] : $day1 = date('d') ;
echo "$day1" ;[/code]
[code=php]
echo $_POST['day'] = isset($_POST['day']) && !empty($_POST['day'] ? $_POST['day'] : date('d');
[/code]
[code=php]
echo $_POST['day'] = isset($_POST['day']) && !empty($_POST['day'] ? $_POST['day'] : date('d');
[/code]
[/QUOTE]
[code=php]
$foo =
isset($_POST['foo']) ?
trim($_POST['foo']) :
'bar'
;
[/code]
Of course, if you're splitting it across multiple lines, you may as well use an IF block :p[/QUOTE]
[code=php]
$foo =
isset($_POST['foo']) ?
trim($_POST['foo']) :
'bar'
;
[/code]
[code=php]
if(isset($_POST))
{
$foo = trim($_POST['foo'];
}
else
{
$foo = 'bar';
}
[/code]
0.1.9 — BETA 5.19