Problem Updating MySQL field based on user_email field

[dennishall]

Hi:

I'm going crazy trying to do the following:

I'm making a job registration process where the user registers on one php page to the website, must acknowlege and email receipt using an activate php page, then is directed to upload their C.V. (resume) based on the email address they enter in the active page output. I then run an upload page to store the resume in teh MySQL db based on the users email address in the same record.

 

If I isolate the process of the user registering to the db, it works perfectly.

If I isolate the file upload process into the db, it works perfect.

I simply cannot upload teh file to the existing record based on teh email form field matching the user_email field in the db.

With the processes together, teh user is activated, but teh file is not uploaded.

 

Maybe I've simply been at this too long today, but am compeled to get through it by end day.

If anyone can help sugest a better way or help me fix this, I will soo greatly appreciate it.

 

My code is as follows for the 2 pages.

 

---------activate.php-------

<?php

session_start();

include ('reg_dbc.php');

if (!isset($_GET['usr']) && !isset($_GET['code']) )

{

$msg = "ERROR: The code does not match..";

exit();

}

$rsCode = mysql_query("SELECT activation_code from subscribers where user_email='$_GET[usr]'") or die(mysql_error());

list($acode) = mysql_fetch_array($rsCode);

if ($_GET['code'] == $acode)

{

mysql_query("update subscribers set user_activated=1 where user_email='$_GET[usr]'") or die(mysql_error());

echo "<h3><center>Thank You! This is step 2 of 3. </h3>Your email is confirmed. Please upload your C.V. now to complete step 3.</center>";

} else

{ echo "ERROR: Incorrect activation code... not valid"; }

 

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

 

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />

<title>Job application activation</title>

</head>

<body>

<center>

<br/><br/><br/>

<p align="center">

  <form name="form1" method="post" action="upload.php" style="padding:5px;">

  <p>Re-enter you Email : <input name="email" type="text" id="email"/></p></form>

          <form enctype="multipart/form-data" action="upload.php" method="POST">

          <input type="hidden" name="MAX_FILE_SIZE" value="4000000">

          Upload your C.V.: <input name="userfile" type="file" id="userfile">

          <input name="upload" type="submit" id="upload" value="Upload your C.V."/></form>

</p>

</center>

</body>

 

</html>

--------upload.php----------

<?php

session_start();

if (!isset($_GET['usr']) && !isset($_GET['code']) )

{

$msg = "ERROR: The code does not match..";

exit();

}

if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)

{

$fileName = $_FILES['userfile']['name'];

$tmpName  = $_FILES['userfile']['tmp_name'];

$fileSize = $_FILES['userfile']['size'];

$fileType = $_FILES['userfile']['type'];

$email = $_POST['email']['user_email'];

 

$fp      = fopen($tmpName, 'r');

$content = fread($fp, filesize($tmpName));

$content = addslashes($content);

fclose($fp);

 

if(!get_magic_quotes_gpc())

{

    $fileName = addslashes($fileName);

}

 

include 'reg_dbc.php';

 

$query = "UPDATE subscribers WHERE $email = user_email (name, size, type, content ) ". "VALUES ('$fileName', '$fileSize', '$fileType', '$content')";

 

mysql_query($query) or die('Error, query failed');

mysql_close($dbname);

}

?>

<center>

<br/>

<br/>

<br/>

<br/>

Thank you for uploading your <?php echo "$fileName"; ?> file, completing your registration, and providing us your C.V. for this position.

<br/>

<br/>

<br/>

We will contact you if your canditature qualifies.

</center>

[objnoob]

To start: Your form in activate.php is split into two <form> tags.

 

In upload.php your attempting to access $email from an array inside of $_POST. I do not see where this inner array is derived. After fixing activate.php's form, try resolving email from $_POST['email'];

 

In addition, your SQL Update statement is incorrect. Try the following:

UPDATE subscribers SET name='$fileName', size='$fileSize', type='$fileType', content='$content' WHERE user_email='$email';

[dennishall]

The 2 form tags are because one is an email and the other is a file upload.

 

How can I do this differently?

[objnoob]

     <form name="form1" action="upload.php" enctype="multipart/form-data" method="post" style="padding:5px;">
        <p>Re-enter you Email : <input name="email" type="text" id="email"/></p>
         <input type="hidden" name="MAX_FILE_SIZE" value="4000000">
          Upload your C.V.: <input name="userfile" type="file" id="userfile">
          <input name="upload" type="submit" id="upload" value="Upload your C.V."/></form>

[dennishall]

Thanks objNoob:

 

I have done this and see no difference.

 

Any other suggestions?

[objnoob]

Please post the code of both files so I can ensure you've made the correct changes.

[dennishall]

Thanks objNoob:

 

I have uploaded contact.zip.

 

I have made other changes to the files since positng the original code, as I think this may be related to globals not being declared, but I just do not know enough about globals yet.

 

[attachment deleted by admin]

[objnoob]

Your SQL Update statement in upload.php is invalid. Doesn't appear to be legit. Read my post above about fixing this.

[dennishall]

Hi objNoob:

 

I followed your instructions as best as I could, but no difference.

My knowledge and skills are definately lacking on global variables, could this be the issue?

 

I have added the application form into the zip file and resubmitted it with you suggestions in the files.

 

I do suspect my email variable is the issue as well, but am lost on how to fix it. Been working at it too long.

 

Can you please advise further?

 

Best Regards,

dennishall

 

[attachment deleted by admin]

[objnoob]

I advise you begin with adding some simple error checking segments. Rather than just simply killing the script, you should, after each database interaction, check whether the query failed: 

 

$result = mysql_query($mysql_con, "SELECT jill FROM jack WHERE hill='grassy'")
if ($result === false){
echo mysql_error(); die();
}

 

Because your program is not defining any functions, and everything appears to be in scope, your issue is not globals. Your issue may involve trying to access unset elements of a super global such as $_SESSION. I noticed in applicationform.php you compare an md5 hash to $_SESSION['ckey']. I just cannot find where you're actively setting the $_SESSION index 'ckey'.

 

Are you receiving any error messages??

[dennishall]

Hi objNoob:

 

I used to have sessions enabled, however, when I migrated to a new host, I had soo many session errors displaying (that I disabled sessions until I could catch up with my backlog. Only lately, i have started going back and enabling sessions.

 

The files you have should have teh start_session(); remmed out?

 

I am not getting ckey errors, it is all working fine.

 

You can check this out at http://mbtech.products-and-services.ca/careers.php and you can see the successful registration in the db at http://mbtech.products-and-services.ca/cms/index.php, click on Subscribers in the menu (I have temproarily disabled security just for you).

 

I really appreciate this assistance.

dennishall

[objnoob]

Well, I've ran through your code understand there is a capta script your including. I also ventured to your website to enter myself. And I've found problem number 1.

 

First problem.......  in upload.php:

 

if (!isset($_GET['usr'])

{

$msg = "ERROR: You are not in the database..";

exit();

}

 

Since you are calling upload.php from a form found in activate.php using method='POST', no variables are being stored in the superglobal $_GET. So !isset($_GET['usr']) is always TRUE thus setting $msg and exiting the script. Y

[objnoob]

Sorry, for double post -- having issues with this message board's message input box jumping around as I type.

 

Perhaps you should modify that first check in your upload.php to

 

 

if (!isset($_POST['email'])){
echo 'You did not enter your email address<br />';
echo 'Use your browser back button to go back';
                die();
}else{
$sql_result = mysql_query("SELECT user_email from subscribers where user_email='{$_POST['email']}'")
if ($sql_result === false){
	echo mysql_error().'<br >';
	die('SQL ERROR')
}

// check if no email was found in the database
if (mysql_num_rows($sql_result) == 0){ 	
	echo 'The email you provided was not found in the database!';
	die();
}
}

[dennishall]

Thanks for this help objNoob:

 

I remmed out:

if (!isset($_GET['usr']) && !isset($_GET['code']) )

{

$msg = "ERROR: The code does not match..";

exit();

}

 

and replaced it with the code you provided, no change.

When you activated your user and then went to upload your resume in activate.php, you received a blank white screen. This screen is supposed to display the display upload.php html code (at the bottom of upload.php).

You also saw that the file to upload was not present in the database.

Although I know this is not the issue, an image of the subscribers db table is attached for your reference.

 

If you wish to help me more, I can provide you (via your email) with my online meeting room access and chat. you can then see things more first hand.

 

Let me know...

Thanks so much for this.

dennishall

 

[attachment deleted by admin]

[objnoob]

I attached upload.php with fixes. Some things including the SQL Update Statement.

 

I also use mysql_real_escape_string function on $email = $_POST['email'] to prevent SQL injection.

 

Hopefully, this will solve the topic, and your frustrations.

 

[attachment deleted by admin]

[dennishall]

!!!! objNoob !!!!

 

You ARE the man!!!

 

I works GREAT.

SOLVED

 

Now I gotta analyze the new upload file to get a deeper undertanding.

 

Sincerely... If there is anything I can do to help you anytime, please email me directly or message me here.

 

All the best,

dennishall