Insert into table not working

Hello guys!

I have this code which is inserts data one of my table. The problem is that it doesn’t…
It’s driving me crazy, where did I go wrong?

<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/tartalomkezelo/core/init.php';
include 'includes/header.php';
include 'includes/navigation.php';

if(isset($_GET['add'])){
 $saletypeQuery = $db->query("SELECT * FROM saletype");
 $parentQuery = $db->query("SELECT * FROM categories WHERE parent = 0 ORDER BY category");
 if ($_POST){
 $title = sanitize($_POST['title']);
 $saletype = sanitize($_POST['saletype']);
 $categories = sanitize($_POST['child']);
 $price = sanitize($_POST['price']);
 $description = sanitize($_POST['description']);
 $dbpath = '';

   if (!empty($_FILES)){
     $image = $_FILES['image'];
     $name = $image['name'];
     $nameArray = explode('.',$name);
     $fileName = $nameArray[0];
     $fileExt = $nameArray[1];
     $mime = explode('/',$image['type']);
     $mimeType = $mime[0];
     $mimeExt = $mime[1];
     $tmpLoc = $image['tmp_name'];
     $fileSize = $image['size'];
     $allowed = array('png', 'jpg', 'jpeg', 'gif');
     $uploadName = md5('microtime').'.'.$fileExt;
     $uploadPath = BASEURL.'/images/estate/'.$uploadName;
     $dbpath = '/tartalomkezelo/images/estate/'.$uploadName;
      if ($mimeType != 'image'){
        $errors[] = 'Only image file allowed. ';
      }
      if (!in_array($fileExt, $allowed)){
        $errors[] = 'Only the following allowed. png, jpg, jpeg, gif. ';
      }
      if ($fileSize > 15000000){
        $errors[] = '15 Mb size limit. ';
      }
      if ($fileExt != $mimeExt && ($mimeExt == 'jpeg' && $fileExt != 'jpg')){
        $errors[] = 'Wrong image fomat.. ';
     }
   }
  if(!empty($errors)){
    echo display_errors($errors);
   }
  else {
     move_uploaded_file($tmpLoc,$uploadPath);
      $insertSql = "INSERT INTO estate (`title`, `price`, `saletype`, `categories`, `image`, `description`)
                    VALUES ('$title', '$price', '$saletype', '$categories', '$description', '$dbpath', '$description')";
                    $db->query($insertSql);
                    header('Location: estate.php');
  }
}
?>

You name six columns in the insert query, but provide seven values.

1 Like

I don’t believe how dumb I am… :smiley: Thanks!
But one more question.
When I hit the submit button, it uploads the image, but every time I add a new post, it rewrites the previously uploaded image and adds for every post, So there is only one image in the folder every time, the new one.
What could cause this?

You seem to be naming the file with a hash of the string ‘microtime’ every time.
I’m guessing what you wanted to do was a hash of the timestamp to get a unique ID.

md5(microtime())
1 Like

Yes, you are right. That what is I was trying to do! Thanks for your help, now it’s working as it sould be.

Hy Sam!

I hope you can help me this time to. Since the problem I have is in the same (but modified) code I posted above a few days ago, I did not create a new topic, so I ask you here.

I am trying to modify the code to upload multiple image file. But when I select 6 images for example, it uploads 6 records into the database with the same hashed name but it only uploads one image file (random I guess). If I try it with 3 images the same happen: 3 same image path in the row and one uploaded image. I post the whole code below:

<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/tartalomkezelo/core/init.php';
if(!is_logged_in()){
  login_error_redirect();
}
include 'includes/header.php';
include 'includes/navigation.php';

if(isset($_GET['delete'])){
  $id = sanitize($_GET['delete']);
  $db->query("UPDATE estate SET deleted = 1 WHERE id = '$id'");
  header('Location: estate.php');
}

$dbpath = '';
if(isset($_GET['add']) || isset($_GET['edit'])){
 $saletypeQuery = $db->query("SELECT * FROM saletype");
 $parentQuery = $db->query("SELECT * FROM categories WHERE parent = 0 ORDER BY category");
 $title = ((isset($_POST['title']) && $_POST['title'] != '')?sanitize($_POST['title']):'');
 $saletype = ((isset($_POST['saletype']) && $_POST['saletype'] != '')?sanitize($_POST['saletype']):'');
 $saletype = ((isset($_POST['saletype']) && !empty($_POST['saletype']))?sanitize($_POST['saletype']):'');
 $parent = ((isset($_POST['parent']) && !empty($_POST['parent']))?sanitize($_POST['parent']):'');
 $category = ((isset($_POST['child'])) && !empty($_POST['child'])?sanitize($_POST['child']):'');
 $price = ((isset($_POST['price']) && $_POST['price'] != '')?sanitize($_POST['price']):'');
 $description = ((isset($_POST['description']) && $_POST['description'] != '')?sanitize($_POST['description']):'');
 $saved_image = '';

if(isset($_GET['edit'])){
  $edit_id = (int)$_GET['edit'];
  $estateResults = $db->query("SELECT * FROM estate WHERE id = '$edit_id'");
  $estate = mysqli_fetch_assoc($estateResults);
   if(isset($_GET['delete_image'])){
  $image_url = $_SERVER['DOCUMENT_ROOT'].$estate['image'];
   unlink($image_url);
  $db->query("UPDATE estate SET image = '' WHERE id = '$edit_id'");
   header('Location: estate.php?edit='.$edit_id);
   }
  $category = ((isset($_POST['child']) && $_POST['child'] != '')?sanitize($_POST['child']):$estate['categories']);
  $title = ((isset($_POST['title']) && $_POST['title'] != '')?sanitize($_POST['title']):$estate['title']);
  $saletype = ((isset($_POST['saletype']) && $_POST['saletype'] != '')?sanitize($_POST['saletype']):$estate['saletype']);
  $parentQ = $db->query("SELECT * FROM categories WHERE id = '$category'");
  $parentResult = mysqli_fetch_assoc($parentQ);
  $parent = ((isset($_POST['parent']) && $_POST['parent'] != '')?sanitize($_POST['parent']):$parentResult['parent']);
  $price = ((isset($_POST['price']) && $_POST['price'] != '')?sanitize($_POST['price']):$estate['price']);
  $description = ((isset($_POST['description']) && $_POST['description'] != '')?sanitize($_POST['description']):$estate['description']);
  $saved_image = (($estate['image'] != '')?$estate['image']:'');
  $dbpath = $saved_image;
}

 if ($_POST){
 $categories = sanitize($_POST['child']);
 $price = sanitize($_POST['price']);
 $description = sanitize($_POST['description']);
 $allowed = array('png', 'jpg', 'jpeg', 'gif');
 $uploadPath = array();
 $tmpLoc = array();

 $imageCount = count($_FILES['image']['name']);
 if ($imageCount > 0){
   for($i = 0;$i<$imageCount;$i++){
 $name = $_FILES['image']['name'][$i];
 $nameArray = explode('.',$name);
 $fileName = $nameArray[0];
 $fileExt = $nameArray[1];
 $mime = explode('/',$_FILES['image']['type'][$i]);
 $mimeType = $mime[0];
 $mimeExt = $mime[1];
 $tmpLoc[] = $_FILES['image']['tmp_name'][$i];
 $fileSize = $_FILES['image']['size'][$i];
 $uploadName = md5(microtime()).'.'.$fileExt;
 $uploadPath[] = BASEURL.'/images/estate/'.$uploadName;
  if($i != 0){
    $dbpath .= ',';
  }
 $dbpath .= '/tartalomkezelo/images/estate/'.$uploadName;

 if ($mimeType != 'image'){
        $errors[] = 'Csak képet tölthetsz fel. ';
      }
      if (!in_array($fileExt, $allowed)){
        $errors[] = 'Csak png, jpg, jpeg vagy gif formátumú képeket tölthetsz fel. ';
      }
      if ($fileSize > 15000000){
        $errors[] = 'A kép nem lehet 15 Mb-nál nagyobb méretű. ';
      }
      if ($fileExt != $mimeExt && ($mimeExt == 'jpeg' && $fileExt != 'jpg')){
        $errors[] = 'Nem jó a kép formátuma. ';
     }
  }
}
if(!empty($errors)){
    echo display_errors($errors);
   }
  else {
    if($imageCount > 0){
      for($i = 0;$i<$imageCount;$i++){
        move_uploaded_file($tmpLoc[$i],$uploadPath[$i]);
     }
  }
      $insertSql = "INSERT INTO estate (`title`, `price`, `saletype`, `categories`, `image`, `description`)
                    VALUES ('$title', '$price', '$saletype', '$categories', '$dbpath', '$description')";
                     if(isset($_GET['edit'])){
                       $insertSql = "UPDATE estate SET title = '$title', price = '$price', saletype = '$saletype', categories = '$categories', image = '$dbpath', description = '$description' WHERE id = '$edit_id'";
                     }
                    $db->query($insertSql);
                    header('Location: estate.php');
  }
}
?>

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.