Menu
Community /Pin to ProfileBookmark
@NogDogAug 23.2010 — #My guess without seeing any code is that either the SQL syntax you used with the image page was wrong (often just a simple typo like a missing comma or quote, or you failed to escape the value (e.g. via mysql_real_escape_string()) and some character in the path's value was screwing up the SQL (e.g. a back-slash?). I'd suggest doing some basic debugging of the query, for instance, if using the basic MySQL interface:
(Don't forget to make sure display_errors is on if you want to see the results of user_error() in the browser instead of the error log.)@NogDogAug 23.2010 — #So have you tried adding the error-checking as I suggested above? E.g.:
Also, you should be applying mysql_real_escape_string() to each of the input values being used in your query, in order to prevent SQL injection errors/attacks. (Unless you have magic_quotes_gpc turned on, in which case you shouldnegate its damage first).@NogDogAug 23.2010 — #mysql_real_escape_string() "escapes" certain characters by inserting a back-slash in front of them. This makes the MySQL SQL parser treat them as the literal character and ignoring any special meaning they might otherwise have in an SQL statement, e.g.: http://xkcd.com/327/ .
image or file path to database
i know this topic has been covered before, but all of the solutions seem to deal with uploading the file after the image or file has been submitted in a form. my situation is somewhat different.
what i have is a mixed form where users submit info, and this is of course passed over to the next page as usual. here is where things differ from the norm: the next page validates the user input for errors and either redirects them to back to the first page to fix errors or proceed. (in the future the user will be asked for more information on the next page, but that is irrelevant for the moment.) if all of the user info checks out, the very last step is to write the image to a temporary folder.
on the next page (or wherever it will be later) the user info is entered into the database, a folder is created using the username, and the image name and path are changed so that the file now appears in the user folder. i did it this way so that only users who have completed registration will get a folder and image, and therefore not clutter my database with useless stuff.
all is good so far, but here is my problem: i cannot get the image path to write to the database. as i have mentioned, the image at this point is no longer associated with the original form that posted it, and the new path is now stored in a session variable containing the new file name and parent folder. i know the path works because the image will display if called up in a regular html img statement.
also, and this might be the giveaway for anyone who knows more about this than me, when i try to insert the path variable into the database with my other variables (name, email, etc) the user info is not entered into the database at all. however if i remove the path variable from my insert code, the other info is entered into a new user account as per normal – just no user image path.
i have tried several solutions including change the field type, but i get nothing at all. in the end i need the file in the user folder so that users can easily get to it, but i need the path to appear correctly in the database – since the file is already on the server i cannot see any difference between the file exsisting in the database or not, as long as i can get to wherever it is. later i will need to put multiple user images into an array or something and keep them organized, so i need to crack this.
(sorry for rambling on, but i’m just trying to give enough info up front.)
Sign in
to post a comment6 Comments(s) ↴
0
@NogDogAug 23.2010 — #My guess without seeing any code is that either the SQL syntax you used with the image page was wrong (often just a simple typo like a missing comma or quote, or you failed to escape the value (e.g. via mysql_real_escape_string()) and some character in the path's value was screwing up the SQL (e.g. a back-slash?). I'd suggest doing some basic debugging of the query, for instance, if using the basic MySQL interface:[code=php]
$query = "<your query sting goes here>";
$result = mysql_query($query);
if($result == false) {
user_error(mysql_error()."<br />n$query"); // or use error_log()
exit; // or do something more "graceful"
}
[/code](Don't forget to make sure display_errors is on if you want to see the results of user_error() in the browser instead of the error log.)
0
@NogDogAug 23.2010 — #So have you tried adding the error-checking as I suggested above? E.g.:[code=php]
$sql = "INSERT INTO $userdata SET username='$username', email='$email',
password='$password, userimg='$userimg'";
$result = mysql_query($sql);
if($result == false) {
die(mysql_error()."<br />n$sql");
}
[/code]Also, you should be applying mysql_real_escape_string() to each of the input values being used in your query, in order to prevent SQL injection errors/attacks. (Unless you have magic_quotes_gpc turned on, in which case you should
0
@NogDogAug 23.2010 — #mysql_real_escape_string() "escapes" certain characters by inserting a back-slash in front of them. This makes the MySQL SQL parser treat them as the literal character and ignoring any special meaning they might otherwise have in an SQL statement, e.g.: