Forums
This topic is locked
php upload and update record, again...
Posted 24 Apr 2002 16:03:57
1
has voted
24 Apr 2002 16:03:57 Martin Galabinski posted:
Hi,I've read the instructions on adding a hidden form object and I still get the same error message.
You have an error in your SQL syntax near '' at line 1
I can upload an image with insert just fine. I can modify records just fine. I cannot update an image field.
Help?
Marty
Thanks,
Marty
Replies
Replied 24 Apr 2002 17:29:12
24 Apr 2002 17:29:12 Eric Kaiser replied:
Some code would be helpful. I have experienced this when the script is expecting a value from a URL passed variable and it isn't there. But without code, I can't really help you.
Replied 24 Apr 2002 17:48:37
24 Apr 2002 17:48:37 Martin Galabinski replied:
Thanks. The code follows. I did not include it earlier because several people have had this problem before and I assumed it was a common issue. Sorry.
Thanks, Marty
<?php
// Copyright (c) Interakt Online 2001
// www.interakt.ro/
require("./../adodb/adodb.inc.php"
;
require("./../Connections/connGcpdb.php";
?><?php
// *** Edit Operations: declare Tables
$MM_editAction = $PHP_SELF;
if ($QUERY_STRING) {
$MM_editAction = $MM_editAction . "?" . $QUERY_STRING;
}
$MM_abortEdit = 0;
$MM_editQuery = "";
?><?php
# PHP Upload File v1.07
# Copyright 2001. Tim Green. All rights reserved.
# With many thanks to Massimo Foti and Waldo Smeets
if (isset($file)) {
# System Check Variables
$tgCHeader=getenv("CONTENT_LENGTH";
$tgRefPage=getenv("HTTP_REFERER";
$tg_FileSize=100*1024;
# Flags
$tg_OptionCheckSize=true;
$tg_UseRedirects=true;
$tg_UseErrorMsgs=true;
$tg_UpCopySuccess=false;
$tg_StatusMsg=false;
if ($tg_UseErrorMsgs) {
# Error Messages
$tg_ErrPrefix="?msg=";
$tg_OrigFileOver=$tg_ErrPrefix."Duplicate File Detected and Overwritten.";
$tg_UploadOpAbort=$tg_ErrPrefix."Duplicate Filename Encountered. Upload Aborted.";
$tg_CopyOpFailed=$tg_ErrPrefix."Unable to Copy File. Check Permissions of Target Directory.";
$tg_InvalidMIMEType=$tg_ErrPrefix."The Uploaded File was of an unknown, or unacceptable file type. Upload aborted.";
$tg_FileTooBig=$tg_ErrPrefix."The file exceeded the maximum allowable file size. Upload Aborted.";
$tg_MaliciousUpload=$tg_ErrPrefix."File Discrepancy Encountered. Upload Aborted.";
$tg_SuccessUpload=$tg_ErrPrefix."File Upload Successful.";
}
if (is_uploaded_file($file)) {
if (($tgCHeader <= $tg_FileSize)&&(filesize($file_name) <= $tg_FileSize)||(!$tg_OptionCheckSize)) {
$tg_Root=dirname($HTTP_SERVER_VARS["PATH_TRANSLATED"])."/";
$tg_Dir="../uploaded_images/";
if ($tg_Dir=="/" {
$tg_Dir="";
}
$tg_File="$file_name";
$tg_OrigFile=$file;
$tg_Path="$tg_Root"."$tg_Dir"."$tg_File";
$tg_OptionCheckMIME=true;
$tg_cMimeVals="";
tg_OpenWin();
# Specifies the action to be taken if the file exists. overwrite, rename, abort
$tg_ExistsAction="overwrite";
# Check MIME type of file
if ($tg_OptionCheckMIME) {
$tgMIME="image/bmp|image/cgm|image/cmu-raster|image/g3fax|image/gif|image/ief|image/jpeg|image/naplps|image/pjpeg|image/png|image/targa|image/tiff|image/vnd.dwg|image/vnd.dxf|image/vnd.fpx|image/vnd.net.fpx|image/vnd.svf|image/x-cmu-raster|image/x-emf|image/x-jg|image/x-pict|image/x-png|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-tiff|image/x-win-bmp|image/x-xbitmap|image/x-xbm|image/x-xpixmap|image/x-wmf|image/x-windowdump";
if ($tgMIME!="custom" {
$acceptMIME=explode("|",$tgMIME);
} else {
$acceptMIME=explode(",",$tg_cMimeVals);
}
$testMIME=false;
for ($k=0; $k < count($acceptMIME); $k++) {
if ($acceptMIME[$k]==$file_type) {
$testMIME=true;
}
}
} else {
$testMIME=true;
}
if ($testMIME) {
# Now we need to check if the file exists in it's path
$testExists=file_exists($tg_Path);
if ($testExists) {
switch ($tg_ExistsAction) {
case "overwrite":
# Delete the original and copy over
unlink($tg_Path);
$tg_copyStatus=true;
$tg_StatusMsg=$tg_OrigFileOver;
break;
case "rename":
# Rename the Uploaded File and copy over
$unid=uniqid(rand(1,5));
$tg_NewName=$unid.$tg_File;
$tg_Path="$tg_Root"."$tg_Dir"."$tg_NewName";
$tg_copyStatus=true;
if ($tg_UseErrorMsgs) {
# $tg_File - contains original File Name
# $tg_NewName - contains New File Name
$tg_FileRenamed=$tg_ErrPrefix."The file $tg_File already exists. Uploaded file was renamed to $tg_NewName.";
} else {
$tg_FileRenamed="";
}
$tg_StatusMsg=$tg_FileRenamed;
break;
case "abort":
# stop processing upload
$tg_copyStatus=false;
$tg_StatusMsg=$tg_UploadOpAbort;
break;
}
} else {
$tg_copyStatus=true;
}
if ($tg_copyStatus) {
# Now we need to track the copy operation
$copyStatus=@copy("$tg_OrigFile","$tg_Path";
if(!$copyStatus) {
# Failed Copy Operation
if (!$tg_StatusMsg) {
$tg_StatusMsg=$tg_CopyOpFailed;
}
tg_CloseWin();
tg_RedirFail($tg_StatusMsg);
$tg_UpCopySuccess=false;
} else {
$tg_UpCopySuccess=true;
}
} else {
tg_CloseWin();
tg_RedirFail($tg_StatusMsg);
$tg_UpCopySuccess=false;
}
} else {
tg_CloseWin();
tg_RedirFail($tg_InvalidMIMEType);
$tg_UpCopySuccess=false;
}
} else {
# File is too big, go back to the referring page.
$tg_StatusMsg=$tg_FileTooBig;
$tg_ReferringPage=$tgRefPage.$tg_StatusMsg;
if ($tg_UseRedirects) {
header("Location: $tgReferringPage";
}
}
} else {
# If this part of the code has been reached then a possibly malicious upload has occurred
tg_RedirFail($tg_MaliciousUpload);
$tg_UpCopySuccess=false;
}
}
function tg_CloseWin() {
echo "<script language=\"Javascript\">\n";
echo "uploadWindow.close();\n";
echo "</script>\n";
}
function tg_RedirFail($msg) {
if ($GLOBALS["tg_UseRedirects"]) {
echo "<script language=\"Javascript\"> window.location=\"admin.php$msg\"; </script>\n";
}
}
function tg_OpenWin() {
# Open the progress Window
echo "<script language=\"Javascript\">\n";
echo "var width=screen.width;\n";
echo "var height=screen.height;\n";
echo "var winwidth=280;\n";
echo "var winheight=100;\n";
echo "var top=(height-winheight)/2;\n";
echo "var left=(width-winwidth)/2;\n";
echo "uploadWindow=window.open(\"tgupprog.htm\",\"newWindow\",\"width=\"+winwidth+\",height=\"+winheight+\",left=\"+left+\",top=\"+top);\n";
echo "for (var loop=0;loop<20000;loop++) {\n";
echo "// pause loop\n";
echo "}\n";
echo "</script>\n";
}
if($tg_UpCopySuccess) {
# Successful Copy Operation
if ($tg_NewName=="" {
$file=$tg_File;
} else {
$file=$tg_NewName;
}
?><?php
// *** Update Record: set variables
if (isset($MM_update) && (isset($MM_recordId))) {
// $MM_editConnection = $MM_connGcpdb_STRING;
$MM_editTable = "tblrealtor";
$MM_editColumn = "RealtorID";
$MM_recordId = "" . $MM_recordId . "";
$MM_editRedirectUrl = "";
$MM_fieldsStr = "file_name|value";
$MM_columnsStr = "RealtorImage|',none,''";
// create the $MM_fields and $MM_columns arrays
$MM_fields = Explode("|", $MM_fieldsStr);
$MM_columns = Explode("|", $MM_columnsStr);
// set the form values
for ($i=0; $i+1 < sizeof($MM_fields); ($i=$i+2)) {
$MM_fields[$i+1] = $$MM_fields[$i];
}
// append the query string to the redirect URL
if ($MM_editRedirectUrl && $QUERY_STRING && (strlen($QUERY_STRING) > 0)) {
$MM_editRedirectUrl .= ((strpos($MM_editRedirectUrl, '?') == false)?"?":"&" . $QUERY_STRING;
}
}
?><?php
// *** Update Record: construct a sql update statement and execute it
if (isset($MM_update) && (isset($MM_recordId))) {
// create the sql update statement
$MM_editQuery = "update " . $MM_editTable . " set ";
for ( $i=0; $i+1 < sizeof($MM_fields); ($i=$i+2))
{
$formVal = $MM_fields[$i+1];
$MM_typesArray = Explode(",", $MM_columns[$i+1]);
$delim = ($MM_typesArray[0] != "none" ? $MM_typesArray[0] : "";
$altVal = ($MM_typesArray[1] != "none" ? $MM_typesArray[1] : "";
$emptyVal = ($MM_typesArray[2] != "none" ? $MM_typesArray[2] : "";
if ($formVal == "" || !isset($formVal))
{
$formVal = $emptyVal;
}
else
{
if ($altVal != ""
{
$formVal = $altVal;
}
else if ($delim == "'"
{ // do not escape quotes in PHP4
$formVal = "'" .$formVal . "'";
}
else
{
$formVal = $delim . $formVal . $delim;
}
}
if ($i != 0)
{
$MM_editQuery = $MM_editQuery . ", " . $MM_columns[$i] . " = " . $formVal;
}
else
{
$MM_editQuery = $MM_editQuery . $MM_columns[$i] . " = " . $formVal;
}
}
$MM_editQuery = $MM_editQuery . " where " . $MM_editColumn . " = " . $MM_recordId;
if ($MM_abortEdit != 1)
{
// execute the insert
$queryrs = $connGcpdb->Execute($MM_editQuery) or DIE($connGcpdb->ErrorMsg());
if ($MM_editRedirectUrl)
{
header ("Location: $MM_editRedirectUrl";
}
}
}
?><?php
$rsRealtor__MMColParam = "1";
if (isset($HTTP_GET_VARS["RealtorID"]))
{$rsRealtor__MMColParam = $HTTP_GET_VARS["RealtorID"];}
?><?php
if (!$tg_StatusMsg) {
$tg_StatusMsg=$tg_SuccessUpload;
}
tg_CloseWin();
if ($tg_UseRedirects) {
echo "<script language=\"Javascript\"> window.location=\"admin_realtors.php$tg_StatusMsg\"; </script>\n";
} else {
$msg=$tg_StatusMsg;
}
}
?><?php
$rsRealtor=$connGcpdb->Execute("SELECT * FROM tblrealtor WHERE RealtorID = " . ($rsRealtor__MMColParam) . "" or DIE($connGcpdb->ErrorMsg());
$rsRealtor_numRows=0;
$rsRealtor__totalRows=$rsRealtor->RecordCount();
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<form name="form1" method="POST" action="<?php echo $MM_editAction?>" enctype="multipart/form-data">
<p>
<?php echo $rsRealtor->Fields("RealtorID"?>
</p>
<p>
<input type="file" name="file" value="<?php echo $rsRealtor->Fields("RealtorImage"?>">
</p>
<p>
<input type="submit" name="Submit" value="Change Image">
</p>
<input type="hidden" name="MM_update" value="true">
<input type="hidden" name="MM_recordId" value="<?php echo $rsRealtor->Fields("RealtorID" ?>">
<input type="hidden" name="file_name">
</form>
</body>
</html>
<?php
$rsRealtor->Close();
?>
Thanks,
Marty
Thanks, Marty
<?php
// Copyright (c) Interakt Online 2001
// www.interakt.ro/
require("./../adodb/adodb.inc.php"
;require("./../Connections/connGcpdb.php"
;?><?php
// *** Edit Operations: declare Tables
$MM_editAction = $PHP_SELF;
if ($QUERY_STRING) {
$MM_editAction = $MM_editAction . "?" . $QUERY_STRING;
}
$MM_abortEdit = 0;
$MM_editQuery = "";
?><?php
# PHP Upload File v1.07
# Copyright 2001. Tim Green. All rights reserved.
# With many thanks to Massimo Foti and Waldo Smeets
if (isset($file)) {
# System Check Variables
$tgCHeader=getenv("CONTENT_LENGTH"
;$tgRefPage=getenv("HTTP_REFERER"
;$tg_FileSize=100*1024;
# Flags
$tg_OptionCheckSize=true;
$tg_UseRedirects=true;
$tg_UseErrorMsgs=true;
$tg_UpCopySuccess=false;
$tg_StatusMsg=false;
if ($tg_UseErrorMsgs) {
# Error Messages
$tg_ErrPrefix="?msg=";
$tg_OrigFileOver=$tg_ErrPrefix."Duplicate File Detected and Overwritten.";
$tg_UploadOpAbort=$tg_ErrPrefix."Duplicate Filename Encountered. Upload Aborted.";
$tg_CopyOpFailed=$tg_ErrPrefix."Unable to Copy File. Check Permissions of Target Directory.";
$tg_InvalidMIMEType=$tg_ErrPrefix."The Uploaded File was of an unknown, or unacceptable file type. Upload aborted.";
$tg_FileTooBig=$tg_ErrPrefix."The file exceeded the maximum allowable file size. Upload Aborted.";
$tg_MaliciousUpload=$tg_ErrPrefix."File Discrepancy Encountered. Upload Aborted.";
$tg_SuccessUpload=$tg_ErrPrefix."File Upload Successful.";
}
if (is_uploaded_file($file)) {
if (($tgCHeader <= $tg_FileSize)&&(filesize($file_name) <= $tg_FileSize)||(!$tg_OptionCheckSize)) {
$tg_Root=dirname($HTTP_SERVER_VARS["PATH_TRANSLATED"])."/";
$tg_Dir="../uploaded_images/";
if ($tg_Dir=="/"
{$tg_Dir="";
}
$tg_File="$file_name";
$tg_OrigFile=$file;
$tg_Path="$tg_Root"."$tg_Dir"."$tg_File";
$tg_OptionCheckMIME=true;
$tg_cMimeVals="";
tg_OpenWin();
# Specifies the action to be taken if the file exists. overwrite, rename, abort
$tg_ExistsAction="overwrite";
# Check MIME type of file
if ($tg_OptionCheckMIME) {
$tgMIME="image/bmp|image/cgm|image/cmu-raster|image/g3fax|image/gif|image/ief|image/jpeg|image/naplps|image/pjpeg|image/png|image/targa|image/tiff|image/vnd.dwg|image/vnd.dxf|image/vnd.fpx|image/vnd.net.fpx|image/vnd.svf|image/x-cmu-raster|image/x-emf|image/x-jg|image/x-pict|image/x-png|image/x-portable-anymap|image/x-portable-bitmap|image/x-portable-graymap|image/x-portable-pixmap|image/x-rgb|image/x-tiff|image/x-win-bmp|image/x-xbitmap|image/x-xbm|image/x-xpixmap|image/x-wmf|image/x-windowdump";
if ($tgMIME!="custom"
{$acceptMIME=explode("|",$tgMIME);
} else {
$acceptMIME=explode(",",$tg_cMimeVals);
}
$testMIME=false;
for ($k=0; $k < count($acceptMIME); $k++) {
if ($acceptMIME[$k]==$file_type) {
$testMIME=true;
}
}
} else {
$testMIME=true;
}
if ($testMIME) {
# Now we need to check if the file exists in it's path
$testExists=file_exists($tg_Path);
if ($testExists) {
switch ($tg_ExistsAction) {
case "overwrite":
# Delete the original and copy over
unlink($tg_Path);
$tg_copyStatus=true;
$tg_StatusMsg=$tg_OrigFileOver;
break;
case "rename":
# Rename the Uploaded File and copy over
$unid=uniqid(rand(1,5));
$tg_NewName=$unid.$tg_File;
$tg_Path="$tg_Root"."$tg_Dir"."$tg_NewName";
$tg_copyStatus=true;
if ($tg_UseErrorMsgs) {
# $tg_File - contains original File Name
# $tg_NewName - contains New File Name
$tg_FileRenamed=$tg_ErrPrefix."The file $tg_File already exists. Uploaded file was renamed to $tg_NewName.";
} else {
$tg_FileRenamed="";
}
$tg_StatusMsg=$tg_FileRenamed;
break;
case "abort":
# stop processing upload
$tg_copyStatus=false;
$tg_StatusMsg=$tg_UploadOpAbort;
break;
}
} else {
$tg_copyStatus=true;
}
if ($tg_copyStatus) {
# Now we need to track the copy operation
$copyStatus=@copy("$tg_OrigFile","$tg_Path"
;if(!$copyStatus) {
# Failed Copy Operation
if (!$tg_StatusMsg) {
$tg_StatusMsg=$tg_CopyOpFailed;
}
tg_CloseWin();
tg_RedirFail($tg_StatusMsg);
$tg_UpCopySuccess=false;
} else {
$tg_UpCopySuccess=true;
}
} else {
tg_CloseWin();
tg_RedirFail($tg_StatusMsg);
$tg_UpCopySuccess=false;
}
} else {
tg_CloseWin();
tg_RedirFail($tg_InvalidMIMEType);
$tg_UpCopySuccess=false;
}
} else {
# File is too big, go back to the referring page.
$tg_StatusMsg=$tg_FileTooBig;
$tg_ReferringPage=$tgRefPage.$tg_StatusMsg;
if ($tg_UseRedirects) {
header("Location: $tgReferringPage"
;}
}
} else {
# If this part of the code has been reached then a possibly malicious upload has occurred
tg_RedirFail($tg_MaliciousUpload);
$tg_UpCopySuccess=false;
}
}
function tg_CloseWin() {
echo "<script language=\"Javascript\">\n";
echo "uploadWindow.close();\n";
echo "</script>\n";
}
function tg_RedirFail($msg) {
if ($GLOBALS["tg_UseRedirects"]) {
echo "<script language=\"Javascript\"> window.location=\"admin.php$msg\"; </script>\n";
}
}
function tg_OpenWin() {
# Open the progress Window
echo "<script language=\"Javascript\">\n";
echo "var width=screen.width;\n";
echo "var height=screen.height;\n";
echo "var winwidth=280;\n";
echo "var winheight=100;\n";
echo "var top=(height-winheight)/2;\n";
echo "var left=(width-winwidth)/2;\n";
echo "uploadWindow=window.open(\"tgupprog.htm\",\"newWindow\",\"width=\"+winwidth+\",height=\"+winheight+\",left=\"+left+\",top=\"+top);\n";
echo "for (var loop=0;loop<20000;loop++) {\n";
echo "// pause loop\n";
echo "}\n";
echo "</script>\n";
}
if($tg_UpCopySuccess) {
# Successful Copy Operation
if ($tg_NewName==""
{$file=$tg_File;
} else {
$file=$tg_NewName;
}
?><?php
// *** Update Record: set variables
if (isset($MM_update) && (isset($MM_recordId))) {
// $MM_editConnection = $MM_connGcpdb_STRING;
$MM_editTable = "tblrealtor";
$MM_editColumn = "RealtorID";
$MM_recordId = "" . $MM_recordId . "";
$MM_editRedirectUrl = "";
$MM_fieldsStr = "file_name|value";
$MM_columnsStr = "RealtorImage|',none,''";
// create the $MM_fields and $MM_columns arrays
$MM_fields = Explode("|", $MM_fieldsStr);
$MM_columns = Explode("|", $MM_columnsStr);
// set the form values
for ($i=0; $i+1 < sizeof($MM_fields); ($i=$i+2)) {
$MM_fields[$i+1] = $$MM_fields[$i];
}
// append the query string to the redirect URL
if ($MM_editRedirectUrl && $QUERY_STRING && (strlen($QUERY_STRING) > 0)) {
$MM_editRedirectUrl .= ((strpos($MM_editRedirectUrl, '?') == false)?"?":"&"
. $QUERY_STRING;}
}
?><?php
// *** Update Record: construct a sql update statement and execute it
if (isset($MM_update) && (isset($MM_recordId))) {
// create the sql update statement
$MM_editQuery = "update " . $MM_editTable . " set ";
for ( $i=0; $i+1 < sizeof($MM_fields); ($i=$i+2))
{
$formVal = $MM_fields[$i+1];
$MM_typesArray = Explode(",", $MM_columns[$i+1]);
$delim = ($MM_typesArray[0] != "none"
? $MM_typesArray[0] : "";$altVal = ($MM_typesArray[1] != "none"
? $MM_typesArray[1] : "";$emptyVal = ($MM_typesArray[2] != "none"
? $MM_typesArray[2] : "";if ($formVal == "" || !isset($formVal))
{
$formVal = $emptyVal;
}
else
{
if ($altVal != ""
{
$formVal = $altVal;
}
else if ($delim == "'"
{ // do not escape quotes in PHP4
$formVal = "'" .$formVal . "'";
}
else
{
$formVal = $delim . $formVal . $delim;
}
}
if ($i != 0)
{
$MM_editQuery = $MM_editQuery . ", " . $MM_columns[$i] . " = " . $formVal;
}
else
{
$MM_editQuery = $MM_editQuery . $MM_columns[$i] . " = " . $formVal;
}
}
$MM_editQuery = $MM_editQuery . " where " . $MM_editColumn . " = " . $MM_recordId;
if ($MM_abortEdit != 1)
{
// execute the insert
$queryrs = $connGcpdb->Execute($MM_editQuery) or DIE($connGcpdb->ErrorMsg());
if ($MM_editRedirectUrl)
{
header ("Location: $MM_editRedirectUrl"
;}
}
}
?><?php
$rsRealtor__MMColParam = "1";
if (isset($HTTP_GET_VARS["RealtorID"]))
{$rsRealtor__MMColParam = $HTTP_GET_VARS["RealtorID"];}
?><?php
if (!$tg_StatusMsg) {
$tg_StatusMsg=$tg_SuccessUpload;
}
tg_CloseWin();
if ($tg_UseRedirects) {
echo "<script language=\"Javascript\"> window.location=\"admin_realtors.php$tg_StatusMsg\"; </script>\n";
} else {
$msg=$tg_StatusMsg;
}
}
?><?php
$rsRealtor=$connGcpdb->Execute("SELECT * FROM tblrealtor WHERE RealtorID = " . ($rsRealtor__MMColParam) . ""
or DIE($connGcpdb->ErrorMsg());$rsRealtor_numRows=0;
$rsRealtor__totalRows=$rsRealtor->RecordCount();
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<form name="form1" method="POST" action="<?php echo $MM_editAction?>" enctype="multipart/form-data">
<p>
<?php echo $rsRealtor->Fields("RealtorID"
?></p>
<p>
<input type="file" name="file" value="<?php echo $rsRealtor->Fields("RealtorImage"
?>"></p>
<p>
<input type="submit" name="Submit" value="Change Image">
</p>
<input type="hidden" name="MM_update" value="true">
<input type="hidden" name="MM_recordId" value="<?php echo $rsRealtor->Fields("RealtorID"
?>"><input type="hidden" name="file_name">
</form>
</body>
</html>
<?php
$rsRealtor->Close();
?>
Thanks,
Marty