uploading files

[ziggi]

hey everyone,

I'm having trouble uploading files using PHP to a MySQL database.

I've viewed the help files but still can't work it out!! I've been stuck now for at least a week, can anyone help.

the error message is as follows:

Fatal error: Call to undefined function escape_data() in C:\Program Files\Apache Group\Apache2\test\php mysql\13\13\script_13_02.php on line 20

Here is my php code:

PHP: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Add a Print</title>
</head>
<body>
<?php #add_print.php
// This page allows the administrator to add a print (product).
require_once ('../mysql_connect.php'); // Connect to the database.
if (isset($_POST['submit'])) { // Handle the form.
 
// Validate the print_name, image, artist (existing or first_name, last_name, middle_name), size, price, and description.
// Check for a print name.
if (!empty($_POST['print_name'])) {
$pn = escape_data($_POST['print_name']);
} else {
$pn = FALSE;
echo '<p><font color="red">Please enter the print\'s name!</font></p>';
}
 
// Check for an image (not required).
if (is_uploaded_file ($_FILES['image']['tmp_name'])) {
if (move_uploaded_file($_FILES['image']['tmp_name'], "../uploads/{$_FILES['image']['name']}")) { // Move the file over.
echo '<p>The file has been uploaded!</p>';
} else { // Couldn't move the file over.
echo '<p><font color="red">The file could not be moved.</font></p>';
$i = '';
}
$i = $_FILES['image']['name'];
} else {
$i = '';
}
 
// Check for a size (not required).
if (!empty($_POST['size'])) {
$s = escape_data($_POST['size']);
} else {
$s = '<i>Size information not available.</i>';
}
 
// Check for a price.
if (is_numeric($_POST['price'])) {
$p = $_POST['price'];
} else {
$p = FALSE;
echo '<p><font color="red">Please enter the print\'s price!</font></p>';
}
 
// Check for a description (not required).
if (!empty($_POST['description'])) {
$d = escape_data($_POST['description']);
} else {
$d = '<i>No description available.</i>';
}
 
// Validate the artist.
if ($_POST['artist'] == 'new') {
// If it's a new artist, add the artist to the database.
$query = 'INSERT INTO artists (artist_id, first_name, middle_name, last_name) VALUES (NULL, '; 
if (!empty($_POST['first_name'])) {
$query .= "'" . escape_data($_POST['first_name']) . "', ";
} else {
$query .= 'NULL, ';
}
if (!empty($_POST['middle_name'])) {
$query .= "'" . escape_data($_POST['middle_name']) . "', ";
} else {
$query .= 'NULL, ';
}
// Check for a last_name.
if (!empty($_POST['last_name'])) {
$query .= "'" . escape_data($_POST['last_name']) . "')";
$result = @mysql_query ($query); // Run the query.
$a = @mysql_insert_id(); // Get the artist ID. 
} else {
$a = FALSE;
echo '<p><font color="red">Please enter the artist\'s last name!</font></p>';
}
 
} elseif ( ($_POST['artist'] == 'existing') && ($_POST['existing'] > 0)) {
$a = $_POST['existing'];
} else {
$a = FALSE;
echo '<p><font color="red">Please enter or select the print\'s artist!</font></p>';
}
 
if ($pn && $p && $a) {
 
// Add the print to the database.
$query = "INSERT INTO prints (artist_id, print_name, price, size, description, image_name) VALUES ($a, '$pn', $p, '$s', '$d', '$i')";
if ($result = @mysql_query ($query)) { // Worked.
echo '<p>The print has been added.</p>';
} else { // If the query did not run OK.
echo '<p><font color="red">Your submission could not be processed due to a system error.</font></p>'; 
}
 
} else { // Failed a test.
echo '<p><font color="red">Please click "back" and try again.</font></p>';
}
 
} else { // Display the form.
?>
 
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="524288">
<fieldset><legend>Fill out the form to add a print to the catalog:</legend>
<p><b>Print Name:</b> <input type="text" name="print_name" size="30" maxlength="60" /></p>
<p><b>Image:</b> <input type="file" name="image" /></p>
<p><b>Artist:</b> 
Existing <input type="radio" name="artist" value="existing" /> 
<select name="existing"><option>Select One</option>
<?php // Retrieve all the artists and add to the pull-down menu.
$query = "SELECT artist_id, CONCAT(last_name, ', ', first_name) AS name FROM artists ORDER BY last_name ASC"; 
$result = @mysql_query ($query);
while ($row = mysql_fetch_array ($result, MYSQL_ASSOC)) {
echo "<option value=\"{$row['artist_id']}\">{$row['name']}</option>\n";
}
mysql_close(); // Close the database connection.
?>
</select><br />
New <input type="radio" name="artist" value="new" /> 
First Name: <input type="text" name="first_name" size="10" maxlength="30" />
Middle Name: <input type="text" name="middle_name" size="10" maxlength="30" />
Last Name: <input type="text" name="last_name" size="20" maxlength="30" />
</p>
<p><b>Size:</b> <input type="text" name="size" size="30" maxlength="60" /></p>
<p><b>Price:</b> <input type="text" name="price" size="10" maxlength="10" /><br /><small>Do not include the dollar sign or commas.</small></p>
<p><b>Description:</b> <textarea name="description" cols="40" rows="5"></textarea></p>
</fieldset>
 
<div align="center"><input type="submit" name="submit" value="Submit" /></div>
</form><!-- End of Form -->
<?php
} // End of main conditional.
?>
</body>
</html>

It does connect to the database because I've created a drop-down menu in MySQL that is called and displayed in my PHP page.

Can anyone help...., please.

thank you in anticipation

ziggi

[grahame]

There isn't a standard php function called escape_data. What are you trying to do at that point in your code?

[Accurax]

Yup, grahame is right, escape_data() doesnt exist ... what are you trying to do and maybe one of us can give you the correct function.

Have you maybe got your languages mixed up.... mind you escape_data() doesnt ring any bells for me.

[ziggi]

Problem solved!

Thanks for replying to my post guys it's really appreciated.

I'm a web designer whose recently moved into development via PHP & MySQL.

I've come across this e-commerce checkout script and have tried to edit it for my own purpose, so I really have no idea whether:

escape_data()

is common to PHP or not -being a novice I'll take your word that it isn't. However its aim is apparently to validate the information entered into text forms and escape any problematic characters.

// Function for escaping and trimming form data.
function escape_data ($data) {
global $dbc;
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string (trim ($data), $dbc);
} // End of escape_data() function.

Adding this code solves the problem. But I now understand that in current versions of PHP 'Magic Quotes' are turned off by default in the php.ini file.

So I'll have to check mine!

Thanks again.

[masonbarge]

I actually recognize the function. It's used by Larry Ullman in the book I used as my introductory PHP text (PHP and MYSQL for Dynamic Websites) and AFAIK he wrote it.

There is an entire chapter in the book in which you construct an e-commerce site, and I'm betting a dollar your script originated there. It's an excellent book, btw.

There's no need to wonder about magic quotes or anything else, and unless you are using a server on which you installed PHP yourself, the "default" settings are meaningless. Webhosts can and do establish defaults different from the PHP version.

The easy solution: Save this tiny page as "phpinfo.php" in your public_html directory (preferably in a password protected administrative subdirectory):

PHP: Select all

<?php
phpinfo();
?>

[masonbarge]

One more little caveat: Make sure that php.ini is the right file for modifying default settings. If your server is running suPHP, for instance, you'll have to make local changes in the .htaccess file!

[kool77]

May I add my problem over here?

I made this code (or copied it from somewhere) it is working good! but I don't know my friend told me that "you cannot write HTML tags following the <?php tag and before the ?> tag."

I don't know is it Okay to put <?php codes ?> inside <html> </html> I think it's alright, what do you think?
This is the code for uploading files:

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD /xhtml1-transitional.dtd">

<html>
<form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
<b>Choose a file to upload: </b>
<input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>
<?php
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
?>

</html>

[masonbarge]

I don't know what your friend is talking about. Well, I guess he is saying you can't write

PHP: Select all

<?php
$x="a variable";
<div>
. . .

which is true. You just use "echo" or "print" to generate the html. This is correct

PHP: Select all

?php
$x="a variable";
echo '<div>'; 

So I guess it is fair to say that you can't just pop a simple html tag inside php tags and expect it to work, but you can certainly "write html" using the proper format. You can put php tags anywhere you want as long as your server recognizes that it's php, which often means using a ".php" extension on the file.

You can certainly have a <?php tag as the first code on a page. You can certainly write plain html as long as you are outside php tags.

[kool77]

oh I see now Thanks a lot my friend..
Can you tell me what is the difference between using print command and echo?