Hi everyone I am writing a script which will allow users to upload photos to my website. It then takes the file and album names along with the file description and writes the values to a mysql database. It starts by using a form in which the user specifies the number of photos, the album title, and an album description. The user then gets led to a new page which creates the proper number of upload boxes based on the number of photos being uploaded. (Each box is given a specific identifier using a count variable that adds onto the name of each box.) When uploading only one file I have no problems, but when I try to do more than one file at a time I start having trouble. The second file will upload properly however when it tries to write the second files information to the database it gives the below error. This is the query line Below is my full code: <?php $count = 1; $photos = $_REQUEST['photos']; $album_title = $_REQUEST['title']; $description = $_REQUEST['description']; $con = mysql_connect("localhost","*******","******"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("jmazza17_photos", $con); $dirname = $album_title; $filename = "/home/jmazza17/public_html/albums/upload/".$dirname."/"; //This determines where on the server the file goes if (file_exists($filename)) { } else { mkdir($filename,0777); } while($count <= $photos){ if ((($_FILES["file_{$count}"]["type"] == "image/gif") || ($_FILES["file_{$count}"]["type"] == "image/jpeg") || ($_FILES["file_{$count}"]["type"] == "image/pjpeg")) && ($_FILES["file_{$count}"]["size"] < 200000)){ if ($_FILES["file_{$count}"]["error"] > 0) { echo "Return Code: " . $_FILES["file_{$count}"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file_{$count}"]["name"] . "<br />"; echo "Type: " . $_FILES["file_{$count}"]["type"] . "<br />"; echo "Size: " . ($_FILES["file_{$count}"]["size"] / 1024) . " Kb<br /><br />"; if (file_exists($filename.$_FILES["file_{$count}"]["name"])) { echo $_FILES["file_{$count}"]["name"] . " already exists. "; } move_uploaded_file($_FILES["file_{$count}"]["tmp_name"] , $filename . $_FILES["file_{$count}"]["name"]); } } else { echo "Invalid file"; } if ($change_name == FALSE){ $pic_name = $_FILES["file_{$count}"]["name"]; } $description_pic = 'img_description_'.$count; $pic_description = $_REQUEST[$description_pic]; $sql="INSERT INTO pics (album_title, pic_name, pic_description) VALUES ('{$album_title}','{$pic_name}','{$pic_description}')"; if (!mysql_query($sql,$con)) { die('Errors: ' . mysql_error()); } mysql_close($con); $count = $count + 1; $change_name = FALSE; echo('<br/>'); } ?> PHP: Any help would be greatly appreciated. If it would be helpful to see the code for the form that links to this page let me know and I will post it. Thanks
Hi, You may need to use mysql_real_escape_string function. So: $sql="INSERT INTO pics (album_title, pic_name, pic_description) VALUES ('".mysql_real_escape_string($album_title)."','{$pic_name}','".mysql_real_escape_string($pic_description)."')"; PHP: Please read this one: http://php.net/manual/en/function.mysql-real-escape-string.php
Thanks for the help, I put that line in and it gave me an access denied error. I read the link that you had at the bottom and it said it will use the open connection or do I have to specify another connection? Is there something I can do to try and fix it.
Here is the exact output I am getting, as you can see it uploaded the first two pictures and then it ran into the errors. As you can see it is currently being hosted on a free account with x10hosting which I am using to do live testing on the site.
I think you are doing mistake in mysql_connect function. Did you join MySQL database with MySQL user?
jmazza17'@'web8.vital.x10hosting.com' (using password: NO) Code (markup): Seems like you forgot to fill in your password? :]
yes I did, I was getting database access denied errors before when setting up the one photo portion which I fixed by linking the user to the database. This is my mysql_connect function: $con = mysql_connect("localhost","*******","******"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("jmazza17_photos", $con); PHP:
I double checked that, for some reason its not reading the connection I set at the beginning. As you can see from my last post my user name and password are there (I just **** them out for obvious reasons)
Then, do you change with this? $con = mysql_connect("localhost","*******","******"); if (!$con) { die('Could not connect: ' . mysql_error()); } $db_selected = mysql_select_db("jmazza17_photos", $con); if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } PHP:
Just double check that again by taking out the mysql_real_escape_string line: $sql="INSERT INTO pics (album_title, pic_name, pic_description) VALUES ('".mysql_real_escape_string($album_title)."','{$pic_name}','".mysql_real_escape_string($pic_description)."')"; PHP: I then replaced it with my original line: $sql="INSERT INTO pics (album_title, pic_name, pic_description) VALUES ('{$album_title}','{$pic_name}','{$pic_description}')"; PHP: I reran the upload script and it sent the first pictures information to the database it once again gave me this output: I dont know why it is giving a password problem with the mysql_real_escape_string and have not been able to find anything so far in my other searching.
Ok... I did a test on my server and attempted to run mysql_real_escape_string on a string without first connecting to the database and produced the same error as you. I know you pasted the connection section that you have done, and because of your error handling, I would think that if your connection wasn't setup properly, then php would die with errors. The only thing I can think that you might be doing is not including your php connection code. Is this code directly in your upload_ac.php file? $con = mysql_connect("localhost","*******","******"); if (!$con) { die('Could not connect: ' . mysql_error()); } $db_selected = mysql_select_db("jmazza17_photos", $con); if (!$db_selected) { die ('Can\'t use foo : ' . mysql_error()); } Code (markup): If not, do you include that file from upload_ac.php?
That code is directly in the upload_ac.php file, I was previously having problems when I did it with an include so I just put it right into the file.
If you do a var_dump($con); right after $con = mysql_connect (...); does it say: resource(2) of type (mysql link)
You must to manage user privileges. Which do you use site panel? In Cpanel (SELECT, INSERT, CREATE, UPDATE and DELETE mark):
Oh man... I see it so obviously now. You have mysql_close($con) in your loop. You need to move that below your squiggly bracket to right before ?>
Although it is good practice to free your resources, especially when locking the resources, I never use mysql_close. If it were my code, I would just remove the mysql_close altogether. You should definately use SametAras' suggestion about mysql_real_escape_string on all your _GET/_POST/_REQUEST vars that go into your database.