Jump to content

whats this error?


shujjah

Recommended Posts

this is my code

<?phpsession_start();include('access.php');check_access();require"db_connect.php";require"date.php";$title = (get_magic_quotes_gpc()) ? $_POST['title'] : mysql_real_escape_string($_POST['title']);$body = (get_magic_quotes_gpc()) ? $_POST['body'] : mysql_real_escape_string($_POST['body']);$platform = (get_magic_quotes_gpc())  ? $_POST['platform'] : mysql_real_escape_string($_POST['platform']);$genre = (get_magic_quotes_gpc())  ? $_POST['genre'] : mysql_real_escape_string($_POST['genre']);$gameplay = (get_magic_quotes_gpc()) ? $_POST['gameplay'] : mysql_real_escape_string($_POST['gameplay']);$graphics = (get_magic_quotes_gpc()) ? $_POST['graphics'] : mysql_real_escape_string($_POST['graphics']);$sound = (get_magic_quotes_gpc())  ? $_POST['sound'] : mysql_real_escape_string($_POST['sound']);$multiplayer = (get_magic_quotes_gpc()) ? $_POST['multiplayer'] : mysql_real_escape_string($_POST['multiplayer']);$path = "uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; function get_ext($file){   $chunks = explode(".", $file);  return array_pop($chunks);}		/* 	  Here we are creating a function to get the extention of a file. 		We then create a variable that uses the 'strstr' function. 		strstr = Find first occurrence of a string, says php.net/strstr 		We then call the $file variable up and then add a object to look for. 		In this case, it is the "." (period). 		We then return the variable 	*/ if (isset($_POST['Submit'])){		 $file = $_FILES['image_file']; 		 		/* 		  So the submit button was pressed. 			We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; 		*/ 		 		if($file == NULL){ 		  echo "No image selected."; 			/* If no file was selected, echo the error. */ 		}else{ 					  			$file_name =$uploaddir . basename($_FILES['image_file']['name']); 			$up_path = $path; 			$ext = get_ext($file_name); 						 			list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); 			$fileExt = explode(",",$allowedExt); 			 			/* List = Assign variables as if they were an array - php.net/list  			  so we are assigning 4 different variables, width, height, file type and attributes 				We will not be using $ftype or $attr, they are merely there to show you. 				 				We are also creating a new variable with the explode function on our allowed file extentions. 			*/ 			 			if ($width > $maxWidth){ 			  echo "The width of the image can only be: ".$maxWidth."px"; 			}elseif ($height > $maxHeight){ 			  echo "The height of the image can only be: ".$maxHeight."px"; 				/* We did a check to see if the width and height are the correct sizes. */ 			}elseif (!in_array($ext,$fileExt)){ 			  echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; 				/* We check if the extention of the file is in the array we made. */ 			}else{ 			 if (move_uploaded_file($_FILES['image_file']['tmp_name'], $path)) {				  echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; 					/* If the file was moved to the folder, we echo the message and move the file */ 				}else{ 					echo "Error with uploading the image."; 					/* 					  If the file was not moved, echo the error 					  This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly 					*/ 				} 			  if(!$title){  //this means If the title is really empty.					 echo "Error: Game Name is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$body){  //this means If the title is really empty.					 echo "Error:Main review body is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$platform){  //this means If the title is really empty.					 echo "Error:Game Platform is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$genre){  //this means If the title is really empty.					 echo "Error:Game Genre is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$gameplay){  //this means If the title is really empty.					 echo "Error:Gameplay rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$graphics){  //this means If the title is really empty.					 echo "Error:Graphics rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$sound){  //this means If the title is really empty.					 echo "Error:Sound rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$multiplayer){  //this means If the title is really empty.					 echo "Error:Multiplayer rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }						  else {$overall = ($gameplay + $graphics + $sound + $multiplayer)/4;$author = $_SESSION['id'];$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall)					   VALUES ('$title','$body',$author,$date,'$platform','$genre',$gameplay,$graphics,$sound,$multiplayer,'$file_name',$overall)");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (30) Seconds";		  echo "<meta http-equiv=Refresh content=30;url=index.php>";}}} }else{echo "No form was submitted";}?>

now i tried submitting the form twice and i get thisWarning: move_uploaded_file(uimages/) [function.move-uploaded-file]: failed to open stream: Permission denied in D:\xampp\htdocs\addr.php on line 70Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'D:\xampp\tmp\php18D.tmp' to 'uimages/' in D:\xampp\htdocs\addr.php on line 70Error with uploading the image.07-25-07 11:34pmThank you! Review added Successfully!Your review will be on display after being approved by our editors.You'll be redirected to Home Page after (30) Secondsalthought it gives the confirmation message but in the databse i tried it twice there is no new row!!!! which means nothing was submitted??????ah man now what plz help!!!!!!!!!!!!!

Link to comment
Share on other sites

  • Replies 153
  • Created
  • Last Reply

so this means i was using the correct varible before that is $file_name. and y no info is saved into the databse???? i tried it twice ????? plz help and read my last post about the prob of not submitting any data into the database. please.

Link to comment
Share on other sites

You need the path AND the filename. First you had the filename, then you had the path. You need both. You need the absolute path to the file you want to save, including the filename. Fix the problem with move_uploaded_file and then you can address the other problem. Typically an error in one location will cause something else to not work correctly.

Link to comment
Share on other sites

thnkx now it works here is my code now

<?phpsession_start();include('access.php');check_access();require"db_connect.php";require"date.php";$title = (get_magic_quotes_gpc()) ? $_POST['title'] : mysql_real_escape_string($_POST['title']);$body = (get_magic_quotes_gpc()) ? $_POST['body'] : mysql_real_escape_string($_POST['body']);$platform = (get_magic_quotes_gpc())  ? $_POST['platform'] : mysql_real_escape_string($_POST['platform']);$genre = (get_magic_quotes_gpc())  ? $_POST['genre'] : mysql_real_escape_string($_POST['genre']);$gameplay = (get_magic_quotes_gpc()) ? $_POST['gameplay'] : mysql_real_escape_string($_POST['gameplay']);$graphics = (get_magic_quotes_gpc()) ? $_POST['graphics'] : mysql_real_escape_string($_POST['graphics']);$sound = (get_magic_quotes_gpc())  ? $_POST['sound'] : mysql_real_escape_string($_POST['sound']);$multiplayer = (get_magic_quotes_gpc()) ? $_POST['multiplayer'] : mysql_real_escape_string($_POST['multiplayer']);$path = "uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; function get_ext($file){   $chunks = explode(".", $file);  return array_pop($chunks);}		/* 	  Here we are creating a function to get the extention of a file. 		We then create a variable that uses the 'strstr' function. 		strstr = Find first occurrence of a string, says php.net/strstr 		We then call the $file variable up and then add a object to look for. 		In this case, it is the "." (period). 		We then return the variable 	*/ if (isset($_POST['Submit'])){		 $file = $_FILES['image_file']; 		 		/* 		  So the submit button was pressed. 			We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; 		*/ 		 		if($file == NULL){ 		  echo "No image selected."; 			/* If no file was selected, echo the error. */ 		}else{ 					  			$file_name =$path . basename($_FILES['image_file']['name']); 			$up_path = $path; 			$ext = get_ext($file_name); 						 			list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); 			$fileExt = explode(",",$allowedExt); 			 			/* List = Assign variables as if they were an array - php.net/list  			  so we are assigning 4 different variables, width, height, file type and attributes 				We will not be using $ftype or $attr, they are merely there to show you. 				 				We are also creating a new variable with the explode function on our allowed file extentions. 			*/ 			 			if ($width > $maxWidth){ 			  echo "The width of the image can only be: ".$maxWidth."px"; 			}elseif ($height > $maxHeight){ 			  echo "The height of the image can only be: ".$maxHeight."px"; 				/* We did a check to see if the width and height are the correct sizes. */ 			}elseif (!in_array($ext,$fileExt)){ 			  echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; 				/* We check if the extention of the file is in the array we made. */ 			}else{ 			 if (move_uploaded_file($_FILES['image_file']['tmp_name'], $file_name)) {				  echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; 					/* If the file was moved to the folder, we echo the message and move the file */ 				}else{ 					echo "Error with uploading the image."; 					/* 					  If the file was not moved, echo the error 					  This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly 					*/ 				} 			  if(!$title){  //this means If the title is really empty.					 echo "Error: Game Name is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$body){  //this means If the title is really empty.					 echo "Error:Main review body is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$platform){  //this means If the title is really empty.					 echo "Error:Game Platform is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$genre){  //this means If the title is really empty.					 echo "Error:Game Genre is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$gameplay){  //this means If the title is really empty.					 echo "Error:Gameplay rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$graphics){  //this means If the title is really empty.					 echo "Error:Graphics rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$sound){  //this means If the title is really empty.					 echo "Error:Sound rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$multiplayer){  //this means If the title is really empty.					 echo "Error:Multiplayer rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }						  else {$overall = ($gameplay + $graphics + $sound + $multiplayer) / 4;$author = $_SESSION['id'];$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall)					   VALUES ('$title','$body',$author,$date,'$platform','$genre',$gameplay,$graphics,$sound,$multiplayer,'$file_name',$overall)");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (15) Seconds";		  echo "<meta http-equiv=Refresh content=15;url=index.php>";}}} }else{echo "No form was submitted";}?>

now the image was uploaded and it gave the message that image is uploaded and review is added but in the databse there is no new row?????the image upload now works fine thnkx for that.So now y isnt it saving anything into the database?

Link to comment
Share on other sites

ARe you sure that all of the columns (author, date_added, gameplay, graphics, graphics, sound, overall) are defined in the database table as numeric data types (e.g. INT, BIGINT, etc.)? If not, you will have to put quotation marks around their value in the VALUES part of the insert.

Link to comment
Share on other sites

ok i added the line and i get this errorImage: 'uimages/1.jpg' has successfully beed uploaded to: 'uimages/'07-26-07 10:54pmYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1185472479,'PS3','Action',6,5,5,7,'uimages/1.jpg',5.75)' at line 2Thank you! Review added Successfully!Your review will be on display after being approved by our editors.You'll be redirected to Home Page after (15) SecondsHtml form

<html><!-- Created on: 7/19/2007 --><head>  <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">  <title>Gamerz Galore Add A Review</title>  <meta name="description" content="">  <meta name="keywords" content="">  <meta name="author" content="Unregistered User">  <meta name="generator" content="AceHTML Freeware"><link rel="stylesheet" type="text/css" href="add.css"></head><body><center><div id="body"><form action="addr.php" method="post" enctype="multipart/form-data">Game Name: <input type="text" name="title" size="40" maxlength="200"><br>Content:  <textarea name="body" cols="50" rows="15"> </textarea> <br>Platform:  <select name="platform">	<option value="Xbox360"> Xbox360</option>	<option value="PS3"> PS3</option>	<option value="PC"> PC</option></select>	 			<br>	<tr><td>Genre:<select name="genre">	<option value="Racing"> Racing</option>	<option value="Action"> Action</option>	<option value="Adventure"> Adventure</option>	<option value="Sports"> Sports</option></select>					  <br>			<b>Rating</b>	<br>  Gameplay:  <select name="gameplay">	<option value="1"> 1</option>	<option value="2"> 2</option>	<option value="3"> 3</option>	<option value="4"> 4</option>	<option value="5"> 5</option>	<option value="6"> 6</option>	<option value="7"> 7</option>	<option value="8"> 8</option>	<option value="9"> 9</option>	<option value="10"> 10</option></select>			  <br>Graphics:<select name="graphics">	<option value="1"> 1</option>	<option value="2"> 2</option>	<option value="3"> 3</option>	<option value="4"> 4</option>	<option value="5"> 5</option>	<option value="6"> 6</option>	<option value="7"> 7</option>	<option value="8"> 8</option>	<option value="9"> 9</option>	<option value="10"> 10</option></select>		  <br>Sound:<select name="sound">	<option value="1"> 1</option>	<option value="2"> 2</option>	<option value="3"> 3</option>	<option value="4"> 4</option>	<option value="5"> 5</option>	<option value="6"> 6</option>	<option value="7"> 7</option>	<option value="8"> 8</option>	<option value="9"> 9</option>	<option value="10"> 10</option></select>			<br>Multiplayer:<select name="multiplayer">	<option value="1"> 1</option>	<option value="2"> 2</option>	<option value="3"> 3</option>	<option value="4"> 4</option>	<option value="5"> 5</option>	<option value="6"> 6</option>	<option value="7"> 7</option>	<option value="8"> 8</option>	<option value="9"> 9</option>	<option value="10"> 10</option></select>		  <br>		Image:<input type="file" name="image_file"><br><br><br><br><input type="submit" name="Submit" value="Submit">	   </form></div></center></body></html>

addr.php

<?phpsession_start();include('access.php');check_access();require"db_connect.php";require"date.php";$title = (get_magic_quotes_gpc()) ? $_POST['title'] : mysql_real_escape_string($_POST['title']);$body = (get_magic_quotes_gpc()) ? $_POST['body'] : mysql_real_escape_string($_POST['body']);$platform = (get_magic_quotes_gpc())  ? $_POST['platform'] : mysql_real_escape_string($_POST['platform']);$genre = (get_magic_quotes_gpc())  ? $_POST['genre'] : mysql_real_escape_string($_POST['genre']);$gameplay = (get_magic_quotes_gpc()) ? $_POST['gameplay'] : mysql_real_escape_string($_POST['gameplay']);$graphics = (get_magic_quotes_gpc()) ? $_POST['graphics'] : mysql_real_escape_string($_POST['graphics']);$sound = (get_magic_quotes_gpc())  ? $_POST['sound'] : mysql_real_escape_string($_POST['sound']);$multiplayer = (get_magic_quotes_gpc()) ? $_POST['multiplayer'] : mysql_real_escape_string($_POST['multiplayer']);$path = "uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; function get_ext($file){   $chunks = explode(".", $file);  return array_pop($chunks);}		/* 	  Here we are creating a function to get the extention of a file. 		We then create a variable that uses the 'strstr' function. 		strstr = Find first occurrence of a string, says php.net/strstr 		We then call the $file variable up and then add a object to look for. 		In this case, it is the "." (period). 		We then return the variable 	*/ if (isset($_POST['Submit'])){		 $file = $_FILES['image_file']; 		 		/* 		  So the submit button was pressed. 			We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; 		*/ 		 		if($file == NULL){ 		  echo "No image selected."; 			/* If no file was selected, echo the error. */ 		}else{ 					  			$file_name =$path . basename($_FILES['image_file']['name']); 			$up_path = $path; 			$ext = get_ext($file_name); 						 			list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); 			$fileExt = explode(",",$allowedExt); 			 			/* List = Assign variables as if they were an array - php.net/list  			  so we are assigning 4 different variables, width, height, file type and attributes 				We will not be using $ftype or $attr, they are merely there to show you. 				 				We are also creating a new variable with the explode function on our allowed file extentions. 			*/ 			 			if ($width > $maxWidth){ 			  echo "The width of the image can only be: ".$maxWidth."px"; 			}elseif ($height > $maxHeight){ 			  echo "The height of the image can only be: ".$maxHeight."px"; 				/* We did a check to see if the width and height are the correct sizes. */ 			}elseif (!in_array($ext,$fileExt)){ 			  echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; 				/* We check if the extention of the file is in the array we made. */ 			}else{ 			 if (move_uploaded_file($_FILES['image_file']['tmp_name'], $file_name)) {				  echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; 					/* If the file was moved to the folder, we echo the message and move the file */ 				}else{ 					echo "Error with uploading the image."; 					/* 					  If the file was not moved, echo the error 					  This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly 					*/ 				} 			  if(!$title){  //this means If the title is really empty.					 echo "Error: Game Name is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$body){  //this means If the title is really empty.					 echo "Error:Main review body is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$platform){  //this means If the title is really empty.					 echo "Error:Game Platform is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$genre){  //this means If the title is really empty.					 echo "Error:Game Genre is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$gameplay){  //this means If the title is really empty.					 echo "Error:Gameplay rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$graphics){  //this means If the title is really empty.					 echo "Error:Graphics rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$sound){  //this means If the title is really empty.					 echo "Error:Sound rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$multiplayer){  //this means If the title is really empty.					 echo "Error:Multiplayer rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }						  else {$overall = ($gameplay + $graphics + $sound + $multiplayer) / 4;$author = $_SESSION['id'];$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall)					   VALUES ('$title','$body',$author,$date,'$platform','$genre',$gameplay,$graphics,$sound,$multiplayer,'$file_name',$overall)");if (!$result) echo mysql_error(); echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (15) Seconds";		  echo "<meta http-equiv=Refresh content=15;url=index.php>";}}} }else{echo "No form was submitted";}?>

Link to comment
Share on other sites

it is Field Type Collation Attributes Null Default Extra Action id int(11) No auto_increment title varchar(200) latin1_general_ci No body text latin1_general_ci No author int(11) No date_added int(11) No platform varchar(50) latin1_general_ci No genre varchar(50) latin1_general_ci No gameplay int(11) No graphics int(11) No sound int(11) No multiplayer int(11) No validate tinyint(2) No 0 picture varchar(200) latin1_general_ci No overall int(3) No Check All / Uncheck All With selected: --------------------------------------------------------------------------------

Link to comment
Share on other sites

Change these lines:

$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall)					   VALUES ('$title','$body',$author,$date,'$platform','$genre',$gameplay,$graphics,$sound,$multiplayer,'$file_name',$overall)");if (!$result) echo mysql_error();

To this:

$sql = "INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall)					   VALUES ('$title','$body',$author,$date,'$platform','$genre',$gameplay,$graphics,$sound,$multiplayer,'$file_name',$overall)";$result = mysql_query($sql);if (!$result) echo mysql_error() . "<br>\n" . $sql;

Copy and paste the query that it shows into phpMyAdmin and see what it says.

Link to comment
Share on other sites

i inputed the code into phpmyadmin and i got thisErrorSQL query: $sql = "INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall) VALUES ('$title','$body',$author,$date,'$platform','$genre',$gameplay,$graphics,$sound,$multiplayer,'$file_name',$overall)";MySQL said: #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$sql = "INSERT INTO reviews (title, body, author, date_added, platform, genre, g' at line 1

Link to comment
Share on other sites

in your PHP code , after you define $sql, do thisecho $sql;echo "\n<br />\n";then, copy and paste the result in the browser into phpMyAdmin and see what it says

Link to comment
Share on other sites

ok i added thaat to the code and now when i click submit in the form i get thisImage: 'uimages/untitled.bmp' has successfully beed uploaded to: 'uimages/'07-26-07 11:41pmINSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall) VALUES ('asdfasd',' fasdfasdfasd',,1185475264,'PS3','Sports',4,5,4,6,'uimages/untitled.bmp',4.75 ) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1185475264,'PS3','Sports',4,5,4,6,'uimages/untitled.bmp',4.75 )' at line 6INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall) VALUES ('asdfasd',' fasdfasdfasd',,1185475264,'PS3','Sports',4,5,4,6,'uimages/untitled.bmp',4.75 )Thank you! Review added Successfully!Your review will be on display after being approved by our editors.You'll be redirected to Home Page after (15) Seconds???

Link to comment
Share on other sites

Well, think about it. If $author is empty, and if you are setting $author equal to $_SESSION['id'], then what is the only possibility? That $_SESSION['id'] is empty. You can verify that for yourself:print_r($_SESSION);

Link to comment
Share on other sites

Now that i think about it,i dont recall seeing a session_start(); call at the top of your page code. That may be the problem.

Link to comment
Share on other sites

There is a session_start() there, so I suppose it must be that the $_SESSION['id'] variable is not set. Hmm... in the original script was there a login page of some sorts? That may have been where the variable was coming from. For testing purposes, you could just set $author = 0 for the moment until you implement another system.Also, try this:

print_r($_SESSION);

and see what it says.

Link to comment
Share on other sites

now this is my codecheckpass.php ( login script )

<?php		session_start();		require_once "db_connect.php";		$_POST['username'] = addslashes($_POST['username']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$password = md5($_POST['password']); // encrypt the password		$userrow = mysql_query("SELECT * FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$con);if (!$userrow)  {  die('Could not connect: ' . mysql_error());  }		if(mysql_num_rows($userrow) != "1"){				// no rows found, wrong password or username				echo "<font color='red'><b>Wrong username or password!</b></font>";				include "login.php";		} else {				// 1 row found exactly, we have the user!				$_SESSION['user'] = $_POST['username'];				$_SESSION['id'] = $userrow['id'];				header("Location: adr.html");		}?>

addr.php

<?phpsession_start();include('access.php');check_access();require"db_connect.php";require"date.php";$title = (get_magic_quotes_gpc()) ? $_POST['title'] : mysql_real_escape_string($_POST['title']);$body = (get_magic_quotes_gpc()) ? $_POST['body'] : mysql_real_escape_string($_POST['body']);$platform = (get_magic_quotes_gpc())  ? $_POST['platform'] : mysql_real_escape_string($_POST['platform']);$genre = (get_magic_quotes_gpc())  ? $_POST['genre'] : mysql_real_escape_string($_POST['genre']);$gameplay = (get_magic_quotes_gpc()) ? $_POST['gameplay'] : mysql_real_escape_string($_POST['gameplay']);$graphics = (get_magic_quotes_gpc()) ? $_POST['graphics'] : mysql_real_escape_string($_POST['graphics']);$sound = (get_magic_quotes_gpc())  ? $_POST['sound'] : mysql_real_escape_string($_POST['sound']);$multiplayer = (get_magic_quotes_gpc()) ? $_POST['multiplayer'] : mysql_real_escape_string($_POST['multiplayer']);$path = "uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; print_r($_SESSION);function get_ext($file){   $chunks = explode(".", $file);  return array_pop($chunks);}		/* 	  Here we are creating a function to get the extention of a file. 		We then create a variable that uses the 'strstr' function. 		strstr = Find first occurrence of a string, says php.net/strstr 		We then call the $file variable up and then add a object to look for. 		In this case, it is the "." (period). 		We then return the variable 	*/ if (isset($_POST['Submit'])){		 $file = $_FILES['image_file']; 		 		/* 		  So the submit button was pressed. 			We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; 		*/ 		 		if($file == NULL){ 		  echo "No image selected."; 			/* If no file was selected, echo the error. */ 		}else{ 					  			$file_name =$path . basename($_FILES['image_file']['name']); 			$up_path = $path; 			$ext = get_ext($file_name); 						 			list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); 			$fileExt = explode(",",$allowedExt); 			 			/* List = Assign variables as if they were an array - php.net/list  			  so we are assigning 4 different variables, width, height, file type and attributes 				We will not be using $ftype or $attr, they are merely there to show you. 				 				We are also creating a new variable with the explode function on our allowed file extentions. 			*/ 			 			if ($width > $maxWidth){ 			  echo "The width of the image can only be: ".$maxWidth."px"; 			}elseif ($height > $maxHeight){ 			  echo "The height of the image can only be: ".$maxHeight."px"; 				/* We did a check to see if the width and height are the correct sizes. */ 			}elseif (!in_array($ext,$fileExt)){ 			  echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; 				/* We check if the extention of the file is in the array we made. */ 			}else{ 			 if (move_uploaded_file($_FILES['image_file']['tmp_name'], $file_name)) {				  echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; 					/* If the file was moved to the folder, we echo the message and move the file */ 				}else{ 					echo "Error with uploading the image."; 					/* 					  If the file was not moved, echo the error 					  This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly 					*/ 				} 			  if(!$title){  //this means If the title is really empty.					 echo "Error: Game Name is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$body){  //this means If the title is really empty.					 echo "Error:Main review body is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$platform){  //this means If the title is really empty.					 echo "Error:Game Platform is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$genre){  //this means If the title is really empty.					 echo "Error:Game Genre is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$gameplay){  //this means If the title is really empty.					 echo "Error:Gameplay rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$graphics){  //this means If the title is really empty.					 echo "Error:Graphics rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$sound){  //this means If the title is really empty.					 echo "Error:Sound rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$multiplayer){  //this means If the title is really empty.					 echo "Error:Multiplayer rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }						  else {$overall = ($gameplay + $graphics + $sound + $multiplayer) / 4;$author = $_SESSION['id'];$date = time();echo make_datestr(time());$sql = "INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall)					   VALUES ('$title','$body',$author,$date,'$platform','$genre',$gameplay,$graphics,$sound,$multiplayer,'$file_name',$overall)";echo $sql;echo "\n<br />\n";$result = mysql_query($sql);if (!$result) echo mysql_error() . "<br>\n" . $sql;echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (15) Seconds";		  echo "<meta http-equiv=Refresh content=15;url=index.php>";}}} }else{echo "No form was submitted";}?>

this is the error i get when $author is set to session id.Array ( [user] => Shujjah [id] => ) Image: 'uimages/1.gif' has successfully beed uploaded to: 'uimages/'07-27-07 04:14pmINSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall) VALUES ('dfsgdf',' gsdfgsdfghsdfgdfgsdfsgdfg',,1185534882,'PC','Sports',3,5,6,4,'uimages/1.gif',4.5 ) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1185534882,'PC','Sports',3,5,6,4,'uimages/1.gif',4.5 )' at line 6INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall) VALUES ('dfsgdf',' gsdfgsdfghsdfgdfgsdfsgdfg',,1185534882,'PC','Sports',3,5,6,4,'uimages/1.gif',4.5 )Thank you! Review added Successfully!Your review will be on display after being approved by our editors.You'll be redirected to Home Page after (15) Secondsand this is what i get when author is set to 1. and in the databse there is a new rowArray ( [user] => Shujjah [id] => ) Image: 'uimages/1.jpg' has successfully beed uploaded to: 'uimages/'07-27-07 04:19pmINSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall) VALUES ('dfsgh',' dfgsdfgsdfgsdf',1,1185535196,'PC','Racing',4,5,5,5,'uimages/1.jpg',4.75 ) Thank you! Review added Successfully!Your review will be on display after being approved by our editors.You'll be redirected to Home Page after (15) Seconds

Link to comment
Share on other sites

one more thing the script i had before just entered the review into the databse even though there was a prob with the image ie. it gave an image upload error but still the review was uploaded so i tried this script

<?phpsession_start();include('access.php');check_access();require"db_connect.php";require"date.php";$title = (get_magic_quotes_gpc()) ? $_POST['title'] : mysql_real_escape_string($_POST['title']);$body = (get_magic_quotes_gpc()) ? $_POST['body'] : mysql_real_escape_string($_POST['body']);$platform = (get_magic_quotes_gpc())  ? $_POST['platform'] : mysql_real_escape_string($_POST['platform']);$genre = (get_magic_quotes_gpc())  ? $_POST['genre'] : mysql_real_escape_string($_POST['genre']);$gameplay = (get_magic_quotes_gpc()) ? $_POST['gameplay'] : mysql_real_escape_string($_POST['gameplay']);$graphics = (get_magic_quotes_gpc()) ? $_POST['graphics'] : mysql_real_escape_string($_POST['graphics']);$sound = (get_magic_quotes_gpc())  ? $_POST['sound'] : mysql_real_escape_string($_POST['sound']);$multiplayer = (get_magic_quotes_gpc()) ? $_POST['multiplayer'] : mysql_real_escape_string($_POST['multiplayer']);$path = "uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; print_r($_SESSION);function get_ext($file){   $chunks = explode(".", $file);  return array_pop($chunks);}		/* 	  Here we are creating a function to get the extention of a file. 		We then create a variable that uses the 'strstr' function. 		strstr = Find first occurrence of a string, says php.net/strstr 		We then call the $file variable up and then add a object to look for. 		In this case, it is the "." (period). 		We then return the variable 	*/ if (isset($_POST['Submit'])){		 $file = $_FILES['image_file']; 		 		/* 		  So the submit button was pressed. 			We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; 		*/ 		 		if($file == NULL){ 		  echo "No image selected."; 			/* If no file was selected, echo the error. */ 		}else{ 					  			$file_name =$path . basename($_FILES['image_file']['name']); 			$up_path = $path; 			$ext = get_ext($file_name); 						 			list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); 			$fileExt = explode(",",$allowedExt); 			 			/* List = Assign variables as if they were an array - php.net/list  			  so we are assigning 4 different variables, width, height, file type and attributes 				We will not be using $ftype or $attr, they are merely there to show you. 				 				We are also creating a new variable with the explode function on our allowed file extentions. 			*/ 			 			if ($width > $maxWidth){ 			  echo "The width of the image can only be: ".$maxWidth."px"; 			}elseif ($height > $maxHeight){ 			  echo "The height of the image can only be: ".$maxHeight."px"; 				/* We did a check to see if the width and height are the correct sizes. */ 			}elseif (!in_array($ext,$fileExt)){ 			  echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; 				/* We check if the extention of the file is in the array we made. */ 			}else{ 			 if (move_uploaded_file($_FILES['image_file']['tmp_name'], $file_name)) {				  echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; 					/* If the file was moved to the folder, we echo the message and move the file */ 							  if(!$title){  //this means If the title is really empty.					 echo "Error: Game Name is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$body){  //this means If the title is really empty.					 echo "Error:Main review body is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$platform){  //this means If the title is really empty.					 echo "Error:Game Platform is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$genre){  //this means If the title is really empty.					 echo "Error:Game Genre is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$gameplay){  //this means If the title is really empty.					 echo "Error:Gameplay rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$graphics){  //this means If the title is really empty.					 echo "Error:Graphics rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$sound){  //this means If the title is really empty.					 echo "Error:Sound rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }			  elseif(!$multiplayer){  //this means If the title is really empty.					 echo "Error:Multiplayer rating is a required field. Please fill it.";					 exit(); //exit the script and don't do anything else.			  }						  else {$overall = ($gameplay + $graphics + $sound + $multiplayer) / 4;$author = 1;$date = time();echo make_datestr(time());$sql = "INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall)					   VALUES ('$title','$body',$author,$date,'$platform','$genre',$gameplay,$graphics,$sound,$multiplayer,'$file_name',$overall)";echo $sql;echo "\n<br />\n";$result = mysql_query($sql);if (!$result) echo mysql_error() . "<br>\n" . $sql;echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (15) Seconds";		  echo "<meta http-equiv=Refresh content=15;url=index.php>";}}else{		} }} }else{echo "No form was submitted";}?>

and it works fine when the width or height is bigger it doesnt do any thing just gives the error that the height is excedded . so do u think i shud use this script instead ? is it better than the [revious one and does it needs any adjustments?thnkx

Link to comment
Share on other sites

Ok - firstly to your first problem about the SESSION id var - taht seems to be the id of the user inserting the document. Did your script originally come with a login script? If so, check to make sure it is initializing the $_SESSION['id'] variable correctly (I would say it would be drawn from a table).For your most recent post - I would say that the one that doesn't upload on validation is better, but you should make it redirect back to the review insertion page.

Link to comment
Share on other sites

i followed the script from a tutorial here is my login.php

<?phpsession_start();if (isset($_GET['error'])){  unset($_SESSION['user']);  echo "<div style=\"color: red; font-weight: bold;\">" . stripslashes($_GET['error']) . "</div>";}elseif (isset($_SESSION['user'])){  header("Location: adr.html");  exit();}?><form method='POST' action='checkpass.php'>Username: <input type='text' name='username' maxLength='8' length='16'><br/>Password: <input type='password' name='password' length='16'><br/><input type='submit' value='Login'></form><p><a href='signup.php'>Signup</a></p>

the i have a id coloumn in the database in users table.

Link to comment
Share on other sites

Look at the output for print_r:Array ( [user] => Shujjah [id] => )The id is not set. You're setting the session here:$_SESSION['id'] = $userrow['id'];Are you sure there is a column in the database called id? You can use print_r on $userrow if you want to see what the columns are called.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...