justsomeguy Posted July 22, 2007 Share Posted July 22, 2007 The function to check the extension isn't technically correct, it just returns everything from the first dot on. If the filename has more then one dot then the function won't return the extension. Use this function instead: function get_ext($file){ $chunks = explode(".", $file); return array_pop($chunks);} This will not include the dot, only the extension, so remove the dots from your list of extensions. Link to comment Share on other sites More sharing options...
shujjah Posted July 23, 2007 Author Share Posted July 23, 2007 ok now the code looks like this $allowedExt = "gif,bmp,png,jpg"; $imagename = "$up_path.$file_name";function get_ext($file){ $chunks = explode(".", $file); return array_pop($chunks);}[code]but still i get File extention not recognized.Allowed extentions: gif,bmp,png,jpgso now what? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 23, 2007 Share Posted July 23, 2007 Debug. Print out the extension that get_ext is returning and make sure it is what it is supposed to be. Link to comment Share on other sites More sharing options...
shujjah Posted July 23, 2007 Author Share Posted July 23, 2007 and how to do that? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 23, 2007 Share Posted July 23, 2007 Use the echo or print statement to print out the variables you are working with and make sure the values are what you expect. Link to comment Share on other sites More sharing options...
jhecht Posted July 24, 2007 Share Posted July 24, 2007 if you use array_pop, doesnt it get rid of the last value, and in this case wouldn't the last value be the extension you want? I would use something like this: get_ext($fileName){ $last = strrpos($fileName,"."); return substr($fileName,$last);}$extension = get_ext($your_Image_Name_Variable);//.. other code here//Is this file extension allowed?if(in_array($extension,$fileExt)){ //Something about uploading/moving}else{ //Error out} And uhm, why not just put the values of $fileExt into an array from the beginning?$fileExt = array('.jpg','.bmp','.gif');//Continue the listIt'll save time. Also, you shouldn't escape every $_POST string. Some servers have magic quotes enabled, so it automatically escapes strings. you should do a check by getting the value through the function get_magic_quotes_gpc() and if its true or false(1 or 0) do mysql_real_escape_string accordingly. Link to comment Share on other sites More sharing options...
shujjah Posted July 24, 2007 Author Share Posted July 24, 2007 i didnt really get what u are saying but this is my code now <?phprequire"db_connect.php";$title = mysql_real_escape_string($_POST['title']);$body = mysql_real_escape_string($_POST['body']);$platform = mysql_real_escape_string($_POST['platform']);$genre = mysql_real_escape_string($_POST['genre']);$gameplay = mysql_real_escape_string($_POST['gameplay']);$graphics = mysql_real_escape_string($_POST['graphics']);$sound = mysql_real_escape_string($_POST['sound']);$multiplayer = mysql_real_escape_string($_POST['multiplayer']);$path = "/uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $fileExt = array('.jpg','.bmp','.gif');$imagename = "$up_path.$file_name";function get_ext($fileName){ $last = strrpos($fileName,"."); return substr($fileName,$last);} $extension = get_ext($filename); /* Here we are creating a function to get the extention of a file. We then create a variable that uses the 'strstr' function. strstr = Find first occurrence of a string, says php.net/strstr We then call the $file variable up and then add a object to look for. In this case, it is the "." (period). We then return the variable */ if (isset($_POST['Submit'])){ $file = $_FILES['image_file']; /* So the submit button was pressed. We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; */ if($file == NULL){ echo "No image selected."; /* If no file was selected, echo the error. */ }else{ $file_name = $_FILES['image_file']['name']; $up_path = $path.$file_name; $ext = get_ext($file); list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); $fileExt = explode(",",$allowedExt); /* List = Assign variables as if they were an array - php.net/list so we are assigning 4 different variables, width, height, file type and attributes We will not be using $ftype or $attr, they are merely there to show you. We are also creating a new variable with the explode function on our allowed file extentions. */ if ($width > $maxWidth){ echo "The width of the image can only be: ".$maxWidth."px"; }elseif ($height > $maxHeight){ echo "The height of the image can only be: ".$maxHeight."px"; /* We did a check to see if the width and height are the correct sizes. */ }elseif(in_array($extension,$fileExt)){ echo "File extention not recognized.<br /> Allowed extentions: ".$fileExt; /* We check if the extention of the file is in the array we made. */ }else{ if(move_uploaded_file($file_name,$up_path)){ echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; /* If the file was moved to the folder, we echo the message and move the file */ }else{ echo "Error with uploading the image."; /* If the file was not moved, echo the error This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly */ } if(!$title){ //this means If the title is really empty. echo "Error: Game Name is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$body){ //this means If the title is really empty. echo "Error:Main review body is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$platform){ //this means If the title is really empty. echo "Error:Game Platform is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$genre){ //this means If the title is really empty. echo "Error:Game Genre is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$gameplay){ //this means If the title is really empty. echo "Error:Gameplay rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$graphics){ //this means If the title is really empty. echo "Error:Graphics rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$sound){ //this means If the title is really empty. echo "Error:Sound rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$multiplayer){ //this means If the title is really empty. echo "Error:Multiplayer rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } else {$author = mysql_query("SELECT username FROM `users` Where id=' " . $_SESSION['id'] . " ' " );$auth = @mysql_fetch_assoc($author);$rauthor = $auth;$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture) VALUES ('$title','$body','$rauthor','$date','$platform','$genre','$gameplay','$graphics','$sound','$multiplayer','$imagename')");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (4) Seconds"; echo "<meta http-equiv=Refresh content=4;url=index.php>";}}} }else{echo "No form was submitted";}?> and i get this Warning: strrpos() expects parameter 1 to be string, array given in D:\xampp\htdocs\addr1.php on line 18File extention not recognized.Allowed extentions: Arrayand justsome guy here is the code with ur function <?phprequire"db_connect.php";$title = mysql_real_escape_string($_POST['title']);$body = mysql_real_escape_string($_POST['body']);$platform = mysql_real_escape_string($_POST['platform']);$genre = mysql_real_escape_string($_POST['genre']);$gameplay = mysql_real_escape_string($_POST['gameplay']);$graphics = mysql_real_escape_string($_POST['graphics']);$sound = mysql_real_escape_string($_POST['sound']);$multiplayer = mysql_real_escape_string($_POST['multiplayer']);$path = "/uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; $imagename = "$up_path.$file_name";function get_ext($file){ $chunks = explode(".", $file); return array_pop($chunks);} /* Here we are creating a function to get the extention of a file. We then create a variable that uses the 'strstr' function. strstr = Find first occurrence of a string, says php.net/strstr We then call the $file variable up and then add a object to look for. In this case, it is the "." (period). We then return the variable */ if (isset($_POST['Submit'])){ $file = $_FILES['image_file']; /* So the submit button was pressed. We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; */ if($file == NULL){ echo "No image selected."; /* If no file was selected, echo the error. */ }else{ $file_name = $_FILES['image_file']['name']; $up_path = $path.$file_name; $ext = get_ext($file); list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); $fileExt = explode(",",$allowedExt); /* List = Assign variables as if they were an array - php.net/list so we are assigning 4 different variables, width, height, file type and attributes We will not be using $ftype or $attr, they are merely there to show you. We are also creating a new variable with the explode function on our allowed file extentions. */ if ($width > $maxWidth){ echo "The width of the image can only be: ".$maxWidth."px"; }elseif ($height > $maxHeight){ echo "The height of the image can only be: ".$maxHeight."px"; /* We did a check to see if the width and height are the correct sizes. */ }elseif (!in_array($ext,$fileExt)){ echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; /* We check if the extention of the file is in the array we made. */ }else{ if(move_uploaded_file($file_name,$up_path)){ echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; /* If the file was moved to the folder, we echo the message and move the file */ }else{ echo "Error with uploading the image."; /* If the file was not moved, echo the error This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly */ } if(!$title){ //this means If the title is really empty. echo "Error: Game Name is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$body){ //this means If the title is really empty. echo "Error:Main review body is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$platform){ //this means If the title is really empty. echo "Error:Game Platform is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$genre){ //this means If the title is really empty. echo "Error:Game Genre is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$gameplay){ //this means If the title is really empty. echo "Error:Gameplay rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$graphics){ //this means If the title is really empty. echo "Error:Graphics rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$sound){ //this means If the title is really empty. echo "Error:Sound rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$multiplayer){ //this means If the title is really empty. echo "Error:Multiplayer rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } else {$author = mysql_query("SELECT username FROM `users` Where id=' " . $_SESSION['id'] . " ' " );$auth = @mysql_fetch_assoc($author);$rauthor = $auth;$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture) VALUES ('$title','$body','$rauthor','$date','$platform','$genre','$gameplay','$graphics','$sound','$multiplayer','$imagename')");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (4) Seconds"; echo "<meta http-equiv=Refresh content=4;url=index.php>";}}} }else{echo "No form was submitted";}?> and this is the error File extention not recognized.Allowed extentions: gif,bmp,png,jpgah please can someone point out the prob? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2007 Share Posted July 24, 2007 if you use array_pop, doesnt it get rid of the last value, and in this case wouldn't the last value be the extension you want? I would use something like this:It doesn't get rid of the last value, it returns the last value and removes it from the array. We don't care if it gets removed from the temporary array or not, all we want to do is return the value. array_pop does that.ah please can someone point out the prob?Again, you need to print out the values that you are using. It doesn't help if it says that the extension wasn't found if we don't know which extension it's trying to find. Print out the extension, print out everything that you are using to check the values. That's the only way to debug. Link to comment Share on other sites More sharing options...
shujjah Posted July 24, 2007 Author Share Posted July 24, 2007 i dont know which variables to echo but here my code now <?phprequire"db_connect.php";$title = mysql_real_escape_string($_POST['title']);$body = mysql_real_escape_string($_POST['body']);$platform = mysql_real_escape_string($_POST['platform']);$genre = mysql_real_escape_string($_POST['genre']);$gameplay = mysql_real_escape_string($_POST['gameplay']);$graphics = mysql_real_escape_string($_POST['graphics']);$sound = mysql_real_escape_string($_POST['sound']);$multiplayer = mysql_real_escape_string($_POST['multiplayer']);$path = "/uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; $imagename = "$up_path.$file_name";function get_ext($file){ $chunks = explode(".", $file); return array_pop($chunks);}echo "$file";echo "$chunks";echo "$allowedExt";echo "$ext";echo "$fileExt";echo "<br>"; /* Here we are creating a function to get the extention of a file. We then create a variable that uses the 'strstr' function. strstr = Find first occurrence of a string, says php.net/strstr We then call the $file variable up and then add a object to look for. In this case, it is the "." (period). We then return the variable */ if (isset($_POST['Submit'])){ $file = $_FILES['image_file']; /* So the submit button was pressed. We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; */ if($file == NULL){ echo "No image selected."; /* If no file was selected, echo the error. */ }else{ $file_name = $_FILES['image_file']['name']; $up_path = $path.$file_name; $ext = get_ext($file); list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); $fileExt = explode(",",$allowedExt); /* List = Assign variables as if they were an array - php.net/list so we are assigning 4 different variables, width, height, file type and attributes We will not be using $ftype or $attr, they are merely there to show you. We are also creating a new variable with the explode function on our allowed file extentions. */ if ($width > $maxWidth){ echo "The width of the image can only be: ".$maxWidth."px"; }elseif ($height > $maxHeight){ echo "The height of the image can only be: ".$maxHeight."px"; /* We did a check to see if the width and height are the correct sizes. */ }elseif (!in_array($ext,$fileExt)){ echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; /* We check if the extention of the file is in the array we made. */ }else{ if(move_uploaded_file($file_name,$up_path)){ echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; /* If the file was moved to the folder, we echo the message and move the file */ }else{ echo "Error with uploading the image."; /* If the file was not moved, echo the error This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly */ } if(!$title){ //this means If the title is really empty. echo "Error: Game Name is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$body){ //this means If the title is really empty. echo "Error:Main review body is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$platform){ //this means If the title is really empty. echo "Error:Game Platform is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$genre){ //this means If the title is really empty. echo "Error:Game Genre is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$gameplay){ //this means If the title is really empty. echo "Error:Gameplay rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$graphics){ //this means If the title is really empty. echo "Error:Graphics rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$sound){ //this means If the title is really empty. echo "Error:Sound rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$multiplayer){ //this means If the title is really empty. echo "Error:Multiplayer rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } else {$author = mysql_query("SELECT username FROM `users` Where id=' " . $_SESSION['id'] . " ' " );$auth = @mysql_fetch_assoc($author);$rauthor = $auth;$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture) VALUES ('$title','$body','$rauthor','$date','$platform','$genre','$gameplay','$graphics','$sound','$multiplayer','$imagename')");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (4) Seconds"; echo "<meta http-equiv=Refresh content=4;url=index.php>";}}} }else{echo "No form was submitted";}?> and here is the result after submitting the form with a .gif imagegif,bmp,png,jpgFile extention not recognized.Allowed extentions: gif,bmp,png,jpgnow what? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2007 Share Posted July 24, 2007 You can't echo $ext before you get it. ...$file_name = $_FILES['image_file']['name']; $up_path = $path.$file_name;$ext = get_ext($file);echo "\$ext: {$ext}<br>";... Link to comment Share on other sites More sharing options...
shujjah Posted July 24, 2007 Author Share Posted July 24, 2007 ok now this is the code echo "$file";echo "$chunks";echo "$allowedExt";echo "$fileExt";echo "<br>"; /* Here we are creating a function to get the extention of a file. We then create a variable that uses the 'strstr' function. strstr = Find first occurrence of a string, says php.net/strstr We then call the $file variable up and then add a object to look for. In this case, it is the "." (period). We then return the variable */ if (isset($_POST['Submit'])){ $file = $_FILES['image_file']; /* So the submit button was pressed. We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; */ if($file == NULL){ echo "No image selected."; /* If no file was selected, echo the error. */ }else{ $file_name = $_FILES['image_file']['name']; $up_path = $path.$file_name; $ext = get_ext($file); echo "\$ext: {$ext}<br>"; list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); $fileExt = explode(",",$allowedExt); /* List = Assign variables as if they were an array - php.net/list so we are assigning 4 different variables, width, height, file type and attributes We will not be using $ftype or $attr, they are merely there to show you. We are also creating a new variable with the explode function on our allowed file extentions. */ if ($width > $maxWidth){ echo "The width of the image can only be: ".$maxWidth."px"; }elseif ($height > $maxHeight){ echo "The height of the image can only be: ".$maxHeight."px"; /* We did a check to see if the width and height are the correct sizes. */ }elseif (!in_array($ext,$fileExt)){ echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; /* We check if the extention of the file is in the array we made. */ }else{ if(move_uploaded_file($file_name,$up_path)){ echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; /* If the file was moved to the folder, we echo the message and move the file */ }else{ echo "Error with uploading the image."; /* If the file was not moved, echo the error This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly */ } if(!$title){ //this means If the title is really empty. echo "Error: Game Name is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$body){ //this means If the title is really empty. echo "Error:Main review body is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$platform){ //this means If the title is really empty. echo "Error:Game Platform is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$genre){ //this means If the title is really empty. echo "Error:Game Genre is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$gameplay){ //this means If the title is really empty. echo "Error:Gameplay rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$graphics){ //this means If the title is really empty. echo "Error:Graphics rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$sound){ //this means If the title is really empty. echo "Error:Sound rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$multiplayer){ //this means If the title is really empty. echo "Error:Multiplayer rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } else {$author = mysql_query("SELECT username FROM `users` Where id=' " . $_SESSION['id'] . " ' " );$auth = @mysql_fetch_assoc($author);$rauthor = $auth;$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture) VALUES ('$title','$body','$rauthor','$date','$platform','$genre','$gameplay','$graphics','$sound','$multiplayer','$imagename')");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (4) Seconds"; echo "<meta http-equiv=Refresh content=4;url=index.php>";}}} }else{echo "No form was submitted";}?> and i get thisgif,bmp,png,jpg$ext: ArrayFile extention not recognized.Allowed extentions: gif,bmp,png,jpg Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2007 Share Posted July 24, 2007 You're sending the entire file array to get_ext, not the filename. You need to send the filename. Link to comment Share on other sites More sharing options...
shujjah Posted July 24, 2007 Author Share Posted July 24, 2007 so what shud i do exactly can tell the vaariable i should use and where?will i use $file_name and where ? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2007 Share Posted July 24, 2007 Yes, you need to send the file name to the get_ext function instead of the file array. Link to comment Share on other sites More sharing options...
shujjah Posted July 24, 2007 Author Share Posted July 24, 2007 still didnt work now this is the code function get_ext($file){ $chunks = explode(".", $file_name); return array_pop($chunks);} also tried function get_ext($file_name){ $chunks = explode(".", $file_name); return array_pop($chunks);} and the errorgif,bmp,png,jpg$ext: ArrayFile extention not recognized.Allowed extentions: gif,bmp,png,jpg Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2007 Share Posted July 24, 2007 Don't redefine the get_ext function. Just send the filename to it. You might want to read through some of the documentation at php.net on the language reference and language features, there is a lot of info there. ...$file_name = $_FILES['image_file']['name']; $up_path = $path.$file_name;$ext = get_ext($file_name);... Link to comment Share on other sites More sharing options...
shujjah Posted July 24, 2007 Author Share Posted July 24, 2007 ah thnkx now this is the code <?phprequire"db_connect.php";$title = mysql_real_escape_string($_POST['title']);$body = mysql_real_escape_string($_POST['body']);$platform = mysql_real_escape_string($_POST['platform']);$genre = mysql_real_escape_string($_POST['genre']);$gameplay = mysql_real_escape_string($_POST['gameplay']);$graphics = mysql_real_escape_string($_POST['graphics']);$sound = mysql_real_escape_string($_POST['sound']);$multiplayer = mysql_real_escape_string($_POST['multiplayer']);$path = "uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; $imagename = "$up_path.$file_name";function get_ext($file){ $chunks = explode(".", $file); return array_pop($chunks);} /* Here we are creating a function to get the extention of a file. We then create a variable that uses the 'strstr' function. strstr = Find first occurrence of a string, says php.net/strstr We then call the $file variable up and then add a object to look for. In this case, it is the "." (period). We then return the variable */ if (isset($_POST['Submit'])){ $file = $_FILES['image_file']; /* So the submit button was pressed. We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; */ if($file == NULL){ echo "No image selected."; /* If no file was selected, echo the error. */ }else{ $file_name = $_FILES['image_file']['name']; $up_path = $path.$file_name; $ext = get_ext($file_name); list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); $fileExt = explode(",",$allowedExt); /* List = Assign variables as if they were an array - php.net/list so we are assigning 4 different variables, width, height, file type and attributes We will not be using $ftype or $attr, they are merely there to show you. We are also creating a new variable with the explode function on our allowed file extentions. */ if ($width > $maxWidth){ echo "The width of the image can only be: ".$maxWidth."px"; }elseif ($height > $maxHeight){ echo "The height of the image can only be: ".$maxHeight."px"; /* We did a check to see if the width and height are the correct sizes. */ }elseif (!in_array($ext,$fileExt)){ echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; /* We check if the extention of the file is in the array we made. */ }else{ if(move_uploaded_file($file_name,$up_path)){ echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; /* If the file was moved to the folder, we echo the message and move the file */ }else{ echo "Error with uploading the image."; /* If the file was not moved, echo the error This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly */ } if(!$title){ //this means If the title is really empty. echo "Error: Game Name is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$body){ //this means If the title is really empty. echo "Error:Main review body is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$platform){ //this means If the title is really empty. echo "Error:Game Platform is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$genre){ //this means If the title is really empty. echo "Error:Game Genre is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$gameplay){ //this means If the title is really empty. echo "Error:Gameplay rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$graphics){ //this means If the title is really empty. echo "Error:Graphics rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$sound){ //this means If the title is really empty. echo "Error:Sound rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$multiplayer){ //this means If the title is really empty. echo "Error:Multiplayer rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } else {$author = mysql_query("SELECT username FROM `users` Where id=' " . $_SESSION['id'] . " ' " );$auth = @mysql_fetch_assoc($author);$rauthor = $auth;$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture) VALUES ('$title','$body','$rauthor','$date','$platform','$genre','$gameplay','$graphics','$sound','$multiplayer','$imagename')");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (4) Seconds"; echo "<meta http-equiv=Refresh content=4;url=index.php>";}}} }else{echo "No form was submitted";}?> and this is the errorError with uploading the image.Fatal error: Call to undefined function make_datestr() in D:\xampp\htdocs\addr.php on line 115 Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2007 Share Posted July 24, 2007 You need to include the file that has the make_datestr function in it, I posted it a while back I think. If you search the forum for make_datestr you might be able to find it. Link to comment Share on other sites More sharing options...
shujjah Posted July 24, 2007 Author Share Posted July 24, 2007 ok i got error uploading the image but the review was submitted ( the message )but the date in the databse in the row is id title body author date_added platform genre gameplay graphics sound multiplayer validate picture overall 1 dfgsdf gsdfgsdfgsdf 0 0000-00-00 00:00:00 Xbox360 Racing 1 1 1 1 0 . 0 so y the author is 0 ? and y the date is also 00000000000? and y the picture is 0? and also i want to save the overall also in the databse that shud be (gamepaly +graphics +sound+mulitpalyer) divided by 4 so how to do that? <?phprequire"db_connect.php";require"date.php";$title = mysql_real_escape_string($_POST['title']);$body = mysql_real_escape_string($_POST['body']);$platform = mysql_real_escape_string($_POST['platform']);$genre = mysql_real_escape_string($_POST['genre']);$gameplay = mysql_real_escape_string($_POST['gameplay']);$graphics = mysql_real_escape_string($_POST['graphics']);$sound = mysql_real_escape_string($_POST['sound']);$multiplayer = mysql_real_escape_string($_POST['multiplayer']);$path = "uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; $imagename = "$up_path.$file_name";function get_ext($file){ $chunks = explode(".", $file); return array_pop($chunks);} /* Here we are creating a function to get the extention of a file. We then create a variable that uses the 'strstr' function. strstr = Find first occurrence of a string, says php.net/strstr We then call the $file variable up and then add a object to look for. In this case, it is the "." (period). We then return the variable */ if (isset($_POST['Submit'])){ $file = $_FILES['image_file']; /* So the submit button was pressed. We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; */ if($file == NULL){ echo "No image selected."; /* If no file was selected, echo the error. */ }else{ $file_name = $_FILES['image_file']['name']; $up_path = $path.$file_name; $ext = get_ext($file_name); list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); $fileExt = explode(",",$allowedExt); /* List = Assign variables as if they were an array - php.net/list so we are assigning 4 different variables, width, height, file type and attributes We will not be using $ftype or $attr, they are merely there to show you. We are also creating a new variable with the explode function on our allowed file extentions. */ if ($width > $maxWidth){ echo "The width of the image can only be: ".$maxWidth."px"; }elseif ($height > $maxHeight){ echo "The height of the image can only be: ".$maxHeight."px"; /* We did a check to see if the width and height are the correct sizes. */ }elseif (!in_array($ext,$fileExt)){ echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; /* We check if the extention of the file is in the array we made. */ }else{ if(move_uploaded_file($file_name,$up_path)){ echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; /* If the file was moved to the folder, we echo the message and move the file */ }else{ echo "Error with uploading the image."; /* If the file was not moved, echo the error This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly */ } if(!$title){ //this means If the title is really empty. echo "Error: Game Name is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$body){ //this means If the title is really empty. echo "Error:Main review body is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$platform){ //this means If the title is really empty. echo "Error:Game Platform is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$genre){ //this means If the title is really empty. echo "Error:Game Genre is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$gameplay){ //this means If the title is really empty. echo "Error:Gameplay rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$graphics){ //this means If the title is really empty. echo "Error:Graphics rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$sound){ //this means If the title is really empty. echo "Error:Sound rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$multiplayer){ //this means If the title is really empty. echo "Error:Multiplayer rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } else {$author = mysql_query("SELECT username FROM `users` Where id=' " . $_SESSION['id'] . " ' " );$auth = @mysql_fetch_assoc($author);$rauthor = $auth;$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture) VALUES ('$title','$body','$rauthor','$date','$platform','$genre','$gameplay','$graphics','$sound','$multiplayer','$imagename')");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (30) Seconds"; echo "<meta http-equiv=Refresh content=30;url=index.php>";}}} }else{echo "No form was submitted";}?> Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2007 Share Posted July 24, 2007 The author is 0 because in the database it is an integer but you are sending it the username. Use the ID in the session, and remove the quotes around it in the SQL statement, you don't use quotes around a number. The date is blank because in the database the date column is set to something like datetime, change the column to int. The picture being 0 is because the database field is probably an integer, and it needs to be varchar for the text data. and also i want to save the overall also in the databse that shud be (gamepaly +graphics +sound+mulitpalyer) divided by 4 so how to do that?You can use addition and division as normal, what's the problem? Link to comment Share on other sites More sharing options...
shujjah Posted July 24, 2007 Author Share Posted July 24, 2007 i dont know how to do the addition etc.will this work $overall = "($multipalyer + $gameplay + $graphics + $sound) / 4" ????and the picture field is a varchar 200 field? plus the variable i am using is it the right variable to ues for the iamge name?and about the author i use sessiong id to get that username and store it in the databse then what is the prob?and i changed the date field to int so i tried again and i get thisError with uploading the image.07-24-07 11:01pmThank you! Review added Successfully!Your review will be on display after being approved by our editors.You'll be redirected to Home Page after (30) Secondsand now in the date field i get this no. 1185300110 and y is there an image upload error? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2007 Share Posted July 24, 2007 When you put quotes around something you're making a string, not executing code. Remove the quotes around that, you don't want a string with all that stuff in it, you want the result of the code being executed. and the picture field is a varchar 200 field?Is that a question?plus the variable i am using is it the right variable to ues for the iamge name?You're using a variable called $imagename. At the top of the code you set $imagename to this:$imagename = "$up_path.$file_name";But at that point neither $up_path nor $filename have been defined, so $imagename will only have the period. You have several variables available, you can store just the filename, or the filename plus the path, or whatever you want to use later on. Choose one of them and use that.Also, you're not using move_uploaded_file correctly. You're doing this:if(move_uploaded_file($file_name,$up_path)){You need to give it the temporary name from the file array and the destination filename. Check the reference page, and check the section on handling file uploads:http://www.php.net/manual/en/function.move-uploaded-file.phpand about the author i use sessiong id to get that username and store it in the databse then what is the prob?The problem is that you are using the session id to get the username and store that in the database instead of just storing the session id in the database. Link to comment Share on other sites More sharing options...
jhecht Posted July 24, 2007 Share Posted July 24, 2007 On a quick note, I dont know if you already know whether or not magic quotes is on or not on this server, but just in case you have to port this code to another server with settings you aren't familiar with, you may want to replace the things on top with things like this: $title = (get_magic_quotes_gpc()) ? $_POST['title'] : mysql_real_escape_string($_POST['title']);$body = (get_magic_quotes_gpc()) ? $_POST['body'] : mysql_real_escape_string($_POST['body']);$platform = (get_magic_quotes_gpc()) ? $_POST['platform'] : mysql_real_escape_string($_POST['platform']);$genre = (get_magic_quotes_gpc()) ? $_POST['genre'] : mysql_real_escape_string($_POST['genre']);$gameplay = (get_magic_quotes_gpc()) ? $_POST['gameplay'] : mysql_real_escape_string($_POST['gameplay']);$graphics = (get_magic_quotes_gpc()) ? $_POST['graphics'] : mysql_real_escape_string($_POST['graphics']);$sound = (get_magic_quotes_gpc()) ? $_POST['sound'] : mysql_real_escape_string($_POST['sound']);$multiplayer = (get_magic_quotes_gpc()) ? $_POST['multiplayer'] : mysql_real_escape_string($_POST['multiplayer']); This checks if magic quotes is set to on(1), and if it is, just return the string since there's no need to escape a string thats already been escaped. If its off, it escapes the string as normal. And as justsomeguy said, you need to just store the id of the user. The reasons people use Id's in things like this is because its better to have to update one row(say, if a user changes his username) in the usertable, while still having the same id. but having to go and change every single row where the user's name used to be "bob" and now is "bigFatBob" might get annoying if bob has, let's say, a couple hundred posts. Link to comment Share on other sites More sharing options...
shujjah Posted July 25, 2007 Author Share Posted July 25, 2007 ok now this is my code <?phpsession_start();include('access.php');check_access();require"db_connect.php";require"date.php";$title = (get_magic_quotes_gpc()) ? $_POST['title'] : mysql_real_escape_string($_POST['title']);$body = (get_magic_quotes_gpc()) ? $_POST['body'] : mysql_real_escape_string($_POST['body']);$platform = (get_magic_quotes_gpc()) ? $_POST['platform'] : mysql_real_escape_string($_POST['platform']);$genre = (get_magic_quotes_gpc()) ? $_POST['genre'] : mysql_real_escape_string($_POST['genre']);$gameplay = (get_magic_quotes_gpc()) ? $_POST['gameplay'] : mysql_real_escape_string($_POST['gameplay']);$graphics = (get_magic_quotes_gpc()) ? $_POST['graphics'] : mysql_real_escape_string($_POST['graphics']);$sound = (get_magic_quotes_gpc()) ? $_POST['sound'] : mysql_real_escape_string($_POST['sound']);$multiplayer = (get_magic_quotes_gpc()) ? $_POST['multiplayer'] : mysql_real_escape_string($_POST['multiplayer']);$path = "uimages/"; $maxSize = "100000"; $maxWidth = "130"; $maxHeight = "150"; $allowedExt = "gif,bmp,png,jpg"; function get_ext($file){ $chunks = explode(".", $file); return array_pop($chunks);} /* Here we are creating a function to get the extention of a file. We then create a variable that uses the 'strstr' function. strstr = Find first occurrence of a string, says php.net/strstr We then call the $file variable up and then add a object to look for. In this case, it is the "." (period). We then return the variable */ if (isset($_POST['Submit'])){ $file = $_FILES['image_file']; /* So the submit button was pressed. We then create a variable and call the file using $_FILES['INPUT_NAME_HERE']; */ if($file == NULL){ echo "No image selected."; /* If no file was selected, echo the error. */ }else{ $file_name =$uploaddir . basename($_FILES['image_file']['name']); $up_path = $path; $ext = get_ext($file_name); list($width, $height, $ftype, $attr) = getimagesize($_FILES['image_file']['tmp_name']); $fileExt = explode(",",$allowedExt); /* List = Assign variables as if they were an array - php.net/list so we are assigning 4 different variables, width, height, file type and attributes We will not be using $ftype or $attr, they are merely there to show you. We are also creating a new variable with the explode function on our allowed file extentions. */ if ($width > $maxWidth){ echo "The width of the image can only be: ".$maxWidth."px"; }elseif ($height > $maxHeight){ echo "The height of the image can only be: ".$maxHeight."px"; /* We did a check to see if the width and height are the correct sizes. */ }elseif (!in_array($ext,$fileExt)){ echo "File extention not recognized.<br /> Allowed extentions: ".$allowedExt; /* We check if the extention of the file is in the array we made. */ }else{ if (move_uploaded_file($_FILES['image_file']['tmp_name'], $file_name)) { echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; /* If the file was moved to the folder, we echo the message and move the file */ }else{ echo "Error with uploading the image."; /* If the file was not moved, echo the error This could be because the path specified was incorrect or the folder was not CHMOD'ed correctly */ } if(!$title){ //this means If the title is really empty. echo "Error: Game Name is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$body){ //this means If the title is really empty. echo "Error:Main review body is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$platform){ //this means If the title is really empty. echo "Error:Game Platform is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$genre){ //this means If the title is really empty. echo "Error:Game Genre is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$gameplay){ //this means If the title is really empty. echo "Error:Gameplay rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$graphics){ //this means If the title is really empty. echo "Error:Graphics rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$sound){ //this means If the title is really empty. echo "Error:Sound rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } elseif(!$multiplayer){ //this means If the title is really empty. echo "Error:Multiplayer rating is a required field. Please fill it."; exit(); //exit the script and don't do anything else. } else {$overall = ($gameplay + $graphics + $sound + $multiplayer)/4;$author = $_SESSION['id'];$date = time();echo make_datestr(time());$result = mysql_query("INSERT INTO reviews (title, body, author, date_added, platform, genre, gameplay, graphics, sound, multiplayer, picture, overall) VALUES ('$title','$body','$author','$date','$platform','$genre','$gameplay','$graphics','$sound','$multiplayer','$file_name','$overall')");echo "<b>Thank you! Review added Successfully!<br>Your review will be on display after being approved by our editors.<br>You'll be redirected to Home Page after (30) Seconds"; echo "<meta http-equiv=Refresh content=30;url=index.php>";}}} }else{echo "No form was submitted";}?> now it gives me no error it shows that the image was uploaded and the review was added which is good.and in the database the overall and the picture is also working.but there is still a prob with author see me code now i only stor session id in the databse but it still in the databse shows 0 whereas it should be 3? one more thing althought it shows that image was uploaded there is still no image in uimages folder i tried it twice but still no picture is present there. Link to comment Share on other sites More sharing options...
justsomeguy Posted July 25, 2007 Share Posted July 25, 2007 This is the code where you are moving the uploaded file: if (move_uploaded_file($_FILES['image_file']['tmp_name'], $file_name)) { echo "Image: '".$file_name."' has successfully beed uploaded to: '".$path."'"; The destination is just $file_name, that is the destination of the file. You're saying in the message that it was moved to $path, but $path is not part of the destination file name, only $file_name is.In the SQL statement when you are dealing with numbers remove the quotes. Quotes are for string data only. A lot of people on this forum put quotes around everything, you're not supposed to do that. If you put quotes around a number you are no longer dealing with a number, now you're dealing with a string. PHP is loosely typed so it's forgiving with things like this, but you need to know what you're telling the language to do. If you need to use numbers, use numbers instead of strings. Remove the quotes in the SQL statement around things that should be numbers like $author.That being said, you're setting $author equal to whatever $_SESSION['id'] is, so whatever is in the session should be in author, which should be in the SQL statement. So if the $_SESSION['id'] says 3, it shouldn't be using 0 for the statement. I'm assuming that SQL is casting the string as a number and using the value of 0. That's one reason to remove the quotes, you can't insert a string into a integer field. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.