guyz can anyone check this code. i have errors in this code :-s <?php // database connection $conn = mysql_connect("localhost", "mraneeb_aneeb", "eavAo+4ceIc3") OR DIE (mysql_error()); @mysql_select_db ("mraneeb_photos", $conn) OR DIE (mysql_error()); // Do this process if user has browse the // file and click the submit button if ($_FILES) { $image_types = Array ("image/bmp", "image/jpeg", "image/pjpeg", "image/gif", "image/x-png"); if (is_uploaded_file ($_FILES['userfile']['tmp_nameÂ'])) { $userfile = addslashes (fread (fopen ($_FILES["userfile"]["tmp_name"], "r"), filesize ($_FILES["userfile"]["tmp_name"]))); $file_name = $_FILES["userfile"]["name"]; $file_size = $_FILES["userfile"]["size"]; $file_type = $_FILES["userfile"]["type"]; if (in_array (strtolower ($file_type), $image_types)) { $sql = "INSERT INTO image " . "(image_type, image, image_size, image_name, image_date) "; $sql.= "VALUES ("; $sql.= "'{$file_type}', '{$userfile}', '{$file_size}', " . "'{$file_name}', NOW())"; @mysql_query ($sql, $conn); Header("Location:".$_SERVER["PHP_SELF"]); exit(); } } } // Do this process of user has click // a file name to view or remove if ($_GET) { $iid = $_GET["iid"]; $act = $_GET["act"]; switch ($act) { case rem: $sql = "DELETE FROM image WHERE image_id=$iid"; @mysql_query ($sql, $conn); Header("Location:./index.php"); exit(); break; default: print "<img src="image.php?iid=$iid">"; break; } } ?> <html> <head> <title>Storing Images in DB</title> </head> <body> <form method="post" enctype="multipart/form-data"> Select Image File: <input type="file" name="userfile" size="40"> <input type="submit" value="submit"> </form> <?php $sql = "SELECT * FROM image ORDER BY image_date DESC"; $result = mysql_query ($sql, $conn); if (mysql_num_rows($result)>0) { while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $i++; $str .= $i.". "; $str .= "<a href='index.php?iid=".$row["image_id"]."'>" . $row["image_name"]."</a> "; $str .= "[".$row["image_date"]."] "; $str .= "[".$row["image_size"]."] "; $str .= "[<a href='index.php?act=rem&iid=".$row["image_id"] . "'>Remove</a>]<br>"; } print $str; } ?> </body> </html>
and isn't it a good idea to remove your mysql password? if anyone knows your website url they now have access to your database!
the error is here .. in these lines print "<img src="image.php?iid=$iid">"; and if (mysql_num_rows($result)>0) {
print "<img src="image.php?iid=$iid">"; should be print "<img src=\"image.php?iid=$iid\">";
Uhm, some further advice -- this is why I don't use double quotes for print or echo, this is why I prefer echo to print... STOP using string addition when comma delimits are faster or there's no reason to be using addition. I'd probably also use switch instead of in_array as it's typically faster. Also, why are you printing escaped brackets? Much less printing content BEFORE your HTML tag? Might also help if from the start you output complete forms and valid markup. This 'kind-of' cleans it up, probably runs 5 to 10% faster, though it still leaves me with a lot of "WHY?!?" <?php // database connection $conn = mysql_connect("localhost", "mraneeb_aneeb", "eavAo+4ceIc3") OR DIE (mysql_error()); @mysql_select_db ("mraneeb_photos", $conn) OR DIE (mysql_error()); // Do this process if user has browse the // file and click the submit button if ($_FILES) { $image_types = Array ( 'image/bmp', 'image/jpeg', 'image/pjpeg', 'image/gif', 'image/x-png' ); if (is_uploaded_file ($_FILES['userfile']['tmp_nameÂ'])) { $userfile=addslashes(fread(fopen( $_FILES['userfile']['tmp_name'],'r'), filesize($_FILES['userfile']['tmp_name'] ))); $file_name = $_FILES['userfile']['name']; $file_size = $_FILES['userfile']['size']; $file_type = $_FILES['userfile']['type']; if (in_array (strtolower ($file_type), $image_types)) { $sql = " INSERT INTO image (image_type, image, image_size, image_name, image_date) VALUES ('{$file_type}','{$userfile}', '{$file_size}', '{$file_name}', NOW())"; @mysql_query ($sql, $conn); Header("Location:".$_SERVER["PHP_SELF"]); exit(); } } } // Do this process of user has click // a file name to view or remove if ($_GET) { $iid = $_GET["iid"]; $act = $_GET["act"]; switch ($act) { case rem: $sql = "DELETE FROM image WHERE image_id=$iid"; @mysql_query ($sql, $conn); Header("Location:./index.php"); exit(); break; default: echo '<img src="image.php?iid=$iid" alt="uploaded image">'; break; } } ?> <html><head> <title>Storing Images in DB</title> </head><body> <form method="post" enctype="multipart/form-data"> <fieldset> <label for="userFile">Select Image File:</label> <input type="file" name="userfile" id="userFile" size="40"> <input type="submit" value="submit"> </fieldset> </form> <?php $sql = "SELECT * FROM image ORDER BY image_date DESC"; $result = mysql_query ($sql, $conn); $i=0; // you forgot to initialize, NEVER trust default values on vars if (mysql_num_rows($result)>0) { while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $i++; echo $i,'. ' <a href="index.php?iid='.$row['image_id'].'"> ',$row['image_name'],' </a> [',$row['image_date'],'] [',$row['image_size'],'] [<a href="index.php?act=rem&iid=',$row['image_id'],'"> Remove</a>]<br>'; } } ?> </body></html> Code (markup):