Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Help... Cannot make simple thing work !
Help... Cannot make simple thing work !
  • El Forum
    Guest
  •  
#1
07-10-2010, 03:04 PM

[eluser]MiniMonty[/eluser]
Hi all,

new to codeigniter (but not to php) - I'm trying to upload an image and write some text from a form to the DB. This would usually take me minutes but it's so far taken an hour and still doesn't work. I've reduced my "uploader" code to it's very bare bones (no checking of anything) - I've read the user guide and the examples - but my 'real world' attempts fail again and again.
I'd be very grateful if someone could point out what is wrong with my code.

Best wishes
Monty

Code:
<?php

class Events_new_listing extends Controller {
    
    function index()
    {
        require_once(''.APPPATH.'builder/session_controllers/general_user.php');
        $this->load->helper(array('form', 'url'));
        
        $this->load->library('validation');
        $rules['event_name'] = "required";
        $rules['venue'] = "required";
        //$rules['address'] = "required";
        $rules['zip'] = "required";
        $rules['city'] = "required";
        $rules['price'] = "required";
        $rules['description'] = "required";


        $this->validation->set_rules($rules);
                
        if ($this->validation->run() == FALSE)
        {
            $this->load->view('events/events_create_listing');
        }
        else
        {  
        
        ///  start uploader
         $target_path = "/images/events/";

        $target_path = $target_path . basename( $_FILES['user_image']['name']);

        if(move_uploaded_file($_FILES['user_image']['tmp_name'], $target_path)) {
                ///  start db insert
                    $this->db->query("INSERT INTO blahblahblah.trees_listing (user_id, list_date, event_name, venue, address, city,
                    zip, price, contact_tel, contact_email, description, promotions, state, time_from, time_to, event_type, category, img_path)
                     VALUES('$_POST[user_id]', now(), '$_POST[event_name]','$_POST[venue]','$_POST[address]','$_POST[city]','$_POST[zip]','$_POST
                     [price]','$_POST[contact_tel]', '$_POST[contact_email]', '$_POST[description]', '$_POST[promotions]', '$_POST[state]',
                     '$_POST[time_from]', '$_POST[time_to]' , '$_POST[event_type]' ,'$_POST[category]', '$img_path' )");    
         ///   end db insert
        } else{
        $this->load->view('garden/trees_create_listing');
        exit;
        }    
        ///  end uploader
        
    
        


        $this->load->view('garden/trees_view');
        
        }
    }
}

?>
  • El Forum
    Guest
  •  
#2
07-10-2010, 03:18 PM

[eluser]Buso[/eluser]
- What happens when you run the script?
- What were you expecting to happen?
  • El Forum
    Guest
  •  
#3
07-10-2010, 03:59 PM

[eluser]MiniMonty[/eluser]
I don't know what I was expecting ( LOL) I've scratched my head about this for so long now I can't see the wood for the trees : )

I can rewrite it like this and it writes to the DB just fine

Code:
<?php

class Events_new_listing extends Controller {
    
    function index()
    {
        require_once(''.APPPATH.'builder/session_controllers/general_user.php');
        $this->load->helper(array('form', 'url'));
        
        $this->load->library('validation');
        $rules['event_name'] = "required";
        $rules['venue'] = "required";
        //$rules['address'] = "required";
        $rules['zip'] = "required";
        $rules['city'] = "required";
        $rules['price'] = "required";
        $rules['description'] = "required";


        $this->validation->set_rules($rules);
                
        if ($this->validation->run() == FALSE)
        {
            $this->load->view('events/events_create_listing');
        }
        else
        {  
                ///  start db insert
                    $this->db->query("INSERT INTO blahblahblah.events_listing (user_id, list_date, event_name, venue, address, city,
                    zip, price, contact_tel, contact_email, description, promotions, state, time_from, time_to, event_type, category, img_path)
                     VALUES('$_POST[user_id]', now(), '$_POST[event_name]','$_POST[venue]','$_POST[address]','$_POST[city]','$_POST[zip]','$_POST
                     [price]','$_POST[contact_tel]', '$_POST[contact_email]', '$_POST[description]', '$_POST[promotions]', '$_POST[state]',
                     '$_POST[time_from]', '$_POST[time_to]' , '$_POST[event_type]' ,'$_POST[category]', '$img_path' )");    
         ///   end db insert
        
         $this->load->view('events/events_view');
        
        }
        
      }
      
    }    

?>


I just need to tack on a really basic image uploader and I can go to bed !

ALL and any help much appreciated

Best wishes
Monty
  • El Forum
    Guest
  •  
#4
07-10-2010, 04:01 PM

[eluser]treeface[/eluser]
Side note: you should really sanitize your input by using CI's query binding feature:

http://ellislab.com/codeigniter/user-gui...eries.html

Very bottom of that page.
  • El Forum
    Guest
  •  
#5
07-10-2010, 04:26 PM

[eluser]treeface[/eluser]
Also...it would be helpful if you start doing simple checks against specific lines in the script. Where does the script terminate? What are the contents of the return value of the query() method? What's the value of $target_path? You have to throw as much random info out as possible if you want fast help (partially because it might help you figure out the problem on your own).
  • El Forum
    Guest
  •  
#6
07-10-2010, 04:29 PM

[eluser]MiniMonty[/eluser]
[quote author="treeface" date="1278817312"]Side note: you should really sanitize your input by using CI's query binding feature:

http://ellislab.com/codeigniter/user-gui...eries.html

Very bottom of that page.[/quote]


Hmmm...

This is part of my issue with CI. The oldskool version is this:
$sql = "SELECT * FROM some_table WHERE id = 3 AND status = live AND author = Rick";
(typing 66 characters)

The CI version is this
$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));
(typing 106 characters - two thirds as much code again as the oldskool version)
Might not seem like much when you're writing one query but extend that out over a project and it seems like a lot more time and effort.
So how does the CI version save me time or allow me to write less code ?? !!

Anyway - can anyone show me / teach me / tell me / how to add a simple image uploader onto my script ? :-S
  • El Forum
    Guest
  •  
#7
07-10-2010, 04:33 PM

[eluser]MiniMonty[/eluser]
[quote author="treeface" date="1278818761"]Also...it would be helpful if you start doing simple checks against specific lines in the script. Where does the script terminate? What are the contents of the return value of the query() method? What's the value of $target_path? You have to throw as much random info out as possible if you want fast help (partially because it might help you figure out the problem on your own).[/quote]

Code:
///  start uploader
         $target_path = "/images/events/";

Thanks for your advice and interest - I really appreciate it and need some help.

The upload script works perfectly in a non-framework environment (it's about as basic an upload script as you'll ever see). What I don't understand is why it won't work in the CI "controller" ??
  • El Forum
    Guest
  •  
#8
07-10-2010, 04:44 PM

[eluser]treeface[/eluser]
Yeh, except the way you had it in your original code opens you up to SQL injection attacks. Someone could submit something like...

a';DROP TABLE users; SELECT * FROM users WHERE username = 't

...into the 'city' field and bam you've lost your users table. So the question really comes down to whether you're going to be using the native PHP mysql_real_escape_string() function on all of your inputs (a lot of code), the CI $this->db->escape() function on all of your inputs (slightly less code, in terms of characters), or query binding (the least amount of code). If you weren't to use query binding, you'd have to do this:

$sql = “SELECT * FROM some_table WHERE id = ".$this->db->escape($id)." AND status = ".$this->db->escape($status)." AND author = ".$this->db->escape($author)."”;

Quite a bit more verbose than query binding, IMO, and annoying to have to remember, even if it is shorter, in terms of characters, than using mysql_real_escape_string(). Also I think it just looks cleaner and lets you change your queries with greater ease.

Sorry, can't help with the image uploader. I think it's important to recognize that the bit you took out is native to PHP itself, so perhaps it's a more fundamental error that's going on. Perhaps var_dump() the tmp_name and filepaths and all that? If move_uploaded_file() is returning false, something's going wrong there.

<b>Edit:</b> Forget this last paragraph...I'm looking around to see if it's something to do with CI.
  • El Forum
    Guest
  •  
#9
07-10-2010, 04:51 PM

[eluser]treeface[/eluser]
Can you do a var_dump on the $_FILES? Also can you get the value of the $target_path <b>after</b> you change the value?




Theme © iAndrew 2016 - Forum software by © MyBB