Hi all,
I recently uploaded my online classified site and i notice that sometime when i do insert i goes successfully but sometimes it shows successful but does not insert.
Please any help will be appreciated.
I only remove some of those code to prevent bulky errors.
I will sanitize the code on my next update.
Thank you very much for your assistance
You really should sanitize the user input with mysql_real_escape_string() before using it in your query. Or you might want to look into [URL=“http://www.php.net/pdo”]PDO.
And how about some validation of the form values? Right now you always insert, even if the form is completely empty.
And while you’re debugging, you might want to check out any mysql errors, and the actual query you’re running (I didn’t add any sanitization, but please do) :
//Writes the information to the database
$query = ""INSERT INTO banner (thumb, large, title, discription, location, cost, email, phone, address, company, url) VALUES ('$thumb', '$large', '$title', '$desc', '$location', '$cost', '$email', '$phone', '$address', '$company', '$url')";
mysql_query($query) or die('mysql error ' . mysql_error() . ' in query: $query');
This is the form code:
<form action="" method="post" name="uploadbanner" enctype="multipart/form-data"><table width="100%" border="0" class="rounded-conner-15" style="color:#333;">
<tr>
<td> </td>
<td> </td>
<td>Company</td>
<td><input name="company" type="text" id="company" size="40"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>Title</td>
<td><input name="title" type="text" id="title" size="40"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>Address</td>
<td><input name="address" type="text" id="address" size="40"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>Location</td>
<td><input name="location" type="text" id="location" size="40"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>Cost</td>
<td><input name="cost" type="text" id="cost" size="40"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>Email</td>
<td><input name="email" type="text" id="email" size="40"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>Phone</td>
<td><input name="phone" type="text" id="phone" size="40"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>Website</td>
<td><input name="url" type="text" id="phone" size="40"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>Description</td>
<td ><textarea name="desc" cols="35" rows="2" id="desc" class="text-area"></textarea></td>
</tr>
<tr>
<td width="2%"> </td>
<td width="2%"> </td>
<td width="17%">Thumb </td>
<td width="79%" class="pad-3"><input type="file" name="thumb" class="rounded-conner-15" size="25" id="input-width"/>
<input type="hidden" name="size" value="350000"></td>
</tr>
<tr>
<td width="2%"> </td>
<td width="2%"> </td>
<td width="17%">Large </td>
<td width="79%" class="pad-3"><input type="file" name="large" class="rounded-conner-15" size="25" id="input-width"/>
<input type="hidden" name="size" value="350000">
<input name="bannercount" type="hidden" id="bannercount" value="<?php echo $totalRows_banner;?>"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td><input name="upload" type="submit" class="button-bg" id="" value="Upload Photo"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table></form>
THIS IS THE CODE THAT PROCESS THE FORM ABOVE
//This is the directory where images will be saved
$targetthumb = "../dynamicbanner/thumb/";
$targetlarge = "../dynamicbanner/large/";
$targetthumb = $targetthumb . basename( $_FILES['thumb']['name']);
$targetlarge = $targetlarge . basename( $_FILES['large']['name']);
//This gets all the other information from the form
$thumb=($_FILES['thumb']['name']);
$large=($_FILES['large']['name']);
$title = $_POST['title'];
$address = $_POST['address'];
$location = $_POST['location'];
$cost = $_POST['cost'];
$desc = $_POST['desc'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$company = $_POST['company'];
$url = $_POST['url'];
//Writes the information to the database
mysql_query("INSERT INTO banner (thumb, large, title, discription, location, cost, email, phone, address, company, url) VALUES ('$thumb', '$large', '$title', '$desc', '$location', '$cost', '$email', '$phone', '$address', '$company', '$url')");
//update Uploaded Image
//mysql_query("UPDATE items SET photo1 = '$photo1'
//WHERE item_id = '$itemid'");
function thumb ($file, $path){
move_uploaded_file($file, $path);
//echo "yes";
}
$thumbnail = $_FILES['thumb']['tmp_name'];
$largeimg = $_FILES['large']['tmp_name'];
thumb($thumbnail, $targetthumb);
thumb($largeimg, $targetlarge);
header("location: edit-banner.php?banner=add&&company=$company");
I have been doing some trouble shootting on the code and notice that if i put the processing script on thesame page where i have the form, it works all the time.
But i will like the processing script to be on another page so i can adjust the code anytime with ease.
Thank you for your help.
Could you post the part of the code with the query that’s giving you problems?