2 replies to this topic

[gold killer]

I dont have a clue why this isnt working, its not getting the information from the form for some reason, its comming back saying the string lenghts are 0 when ive inserted data into the fields...

I tried printing the vars but it showed nothing so im abit lost

<?php
include ("Admin/config.php");
?>
<script type="text/javascript" src="/Admin/javaFunctions.js"></script>
<?
	  if($_POST['add_tutorial']){
	   
		 if(!isset($user)){//If the user isnt logged in
		 
			  $user = array("username" => "Guest");//Make a fake user with the username of guest, add an id and set their ip
			  
		 }
			$name = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['name'])));
			 $site = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['site'])));
			$websiteName = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['websiteName'])));
			 $webAddr = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['webAddr'])));
			 $date = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['date'])));
			 $image = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['image'])));
			 $content = $_POST['content'];
			 
			  if ($category =="-"){
			   
				   print "You have selected an invalid category.<br />Please add a category and try again!";
				   
			  }elseif( strlen($name) == "0"|| strlen($site) == "0"|| strlen($image) == "0"){
			  
				  die ("A required field was missed!\n");
			  
			  }else{
	   
				   if ($_FILES['image']['size'] <= "500000"){ //If not and the file is less than 500000b
				   
					print "<strong>Upload Status</strong><br />"; //Show the upload status
					
					if($_FILES) { //If the file exists
					
						 print "<strong>File exists</strong>"; //Tell the user
						 
					}else{ 
					 
						print "<strong>File doesn't exist</strong>"; //Error message
						 die();
						 
					}
					
					$sql_error = "There was a problem adding the tutorial!<br />";
					
					$time = time();
					
					$folder = "Admin/images/";
					
					$image_url = $folder . $time . '_' . $_FILES['image']['name'];
					
					if(copy($_FILES['image']['tmp_name'], $image_url)){ //Move the file to the specified folder, or show an error message
						$location= $_FILES['image']['name'];
						$add_tut = mysql_query ("
						  INSERT INTO `tutorials` 
						(`author` , `name` , `site` , `local` , `date` , `category` , `image` , `ip` , `websiteName` , `webAddr` )
						VALUES (
						 '$author', '$name', '$site', '1', '$date', '$category', '$image_url', '$_SERVER[REMOTE_ADDR]', '$websiteName', '$webAddr');")or die("$sql_error");
	  
						print "<p>You have submitted a tutorial!<br />
									Please allow 48hrs for it to be approved.</p>";
					  }
					  
				  }
	 
			 }
			 
		}
	  ?>
	  <!--Add Tutorials-->
	  <h1>Add a tutorial</h1>
	  <p>Please fill in all the below fields, your tutorial will still need approval before it becomes active on <?=$site?></p>
	  <form method="post" class="small" enctype="multipart/form-data" action="add_tutorial.php">
	   <table width="99%" cellpadding="1" cellspacing="1">
		<tr>
		 <td align="right">
		  Tutorial name:
		 </td>
		 <td>
		  <input type="text" name="name" id="name" onKeyUp="blankBox(this.id)" />
		 </td>
		</tr>
		<tr>
		 <td align="right">
		  Category:
		 </td>
		 <td>
		  <select name="category" id="category">
		   <?php
			$cats = mysql_query("SELECT * FROM `categories` WHERE `parent` = 0 ORDER BY `order`");
			while($c = mysql_fetch_array($cats)){
				 print "<optgroup label=\"$c[name]\">";
				 $subCats = mysql_query("SELECT * FROM `categories` WHERE `parent` = '$c[id]' ORDER BY `order`");
				while($sc = mysql_fetch_array($subCats)){
					  print "<option value=\"$sc[id]\">$sc[name]</option>";
				 }
				print "</optgroup>";
			}
		   ?>
		  </select>
		  <?php
		   if($check =="0"){
			 print"<br /><a href=\"/index/act/add_cat/\">Click here to add a category</a>";
		   }
		  ?>
		 </td>
		</tr>
		<tr id="link">
		 <td align="right">
		  Link to tutorial:
		 </td>
		 <td>
		  <input type="text" name="site" value="http://URL" onClick="this.value='http://'" id="site" onKeyUp="blankBox(this.id)" />
		 </td>
		</tr>
		<tr>
		 <td align="right">
		  Link to image:
		 </td>
		 <td>
		  <input type="file" name="image" id="image" onKeyUp="blankBox(this.id)" onBlur="blankBox(this.id)" />
		  <input type="hidden" name="date" value="<?=$date?>" />
		 </td>
		</tr>
		<tr>
		 <td align="right">
		  Website name:
		 </td>
		 <td>
		  <input type="text" name="websiteName" id="websiteName" onKeyUp="blankBox(this.id)" onBlur="blankBox(this.id)" />
		 </td>
		</tr>
		<tr>
		 <td align="right">
		  Website Address:
		 </td>
		 <td>
		  <input type="text" name="webAddr" id="webAddr" onKeyUp="blankBox(this.id)" onBlur="blankBox(this.id)" />
		 </td>
		</tr>
		<tr>
		 <td colspan="2" align="center">
		  <input type="submit" name="add_tutorial" value="Add Tutorial" />
		 </td>
		</tr>
	   </table>
	  </form>	  
	  <!--End-->

help would be appreciated, thanks

[Mr. Matt]

do a print_r and post here what is displayed:

if($_POST['add_tutorial']){

echo '<pre>';
print_r($_POST);
echo '</pre>';

echo '<pre>';
print_r($_FILES);
echo '</pre>';

Matt

[theory]

To shorten your code a little bit to this:

Include this function on top of every page.

function clean($string)
{
$data = htmlspecialchars(mysql_real_escape_string(stripslashes($string)));
return $data;
}

replace them!:

$name = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['name'])));
$site = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['site'])));
$websiteName = htmlspecialchars(mysql_real_escape_string(stripslashes($_POST['websiteName'])));
and so on...

to

$name = clean($_POST['name']);
$site = clean($_POST['site']);
$websiteName = clean($_POST['websiteName']);
and so on...

Just a little helpful tip I'd give you on shorten up your code!

Edited by theory, 19 November 2006 - 07:48 AM.