associating photo upload with previously submitted form data

[webguync]

Hi,

 

I am working on a registration login system and after a person registers and logs in, they will get the option to upload a profile picture. The picture and registration info will need to be in two different tables. I want to know the best way to associate the two (registration info and photo) so that I know who's picture goes with what registration info? I thought about IP address, but a user might register on one computer and login and upload a photo on another computer. 

[jim_keller]

Usually this is done by having a unique, auto increment field in whichever table you're saving the user's data into. Let's say it's the "users" table. You'd have a field defined as user_id INT UNSIGNED AUTO_INCREMENT NOT NULL. Any time a row is inserted into that table, mySQL will assign the row an ID. Then you can use that same ID in your photo table to identify which user the photo is associated with

[webguync]

makes since and I do have an auto incremented ID field for both my 'users' table and 'photos' table. Still trying to grasp how I associate the two though since they may not be submitted in the same order.

[jim_keller]

when a user logs in, set a cookie that contains their user ID and a hashed version of the password you have stored in the database (e.g. md5($password)). Check the password when they try to upload a photo, and if it's good, use the user ID stored in the cookie.

[webguync]

would SESSION work as well. When a user logs in I am getting a Session ID when they login.

$_SESSION['id']

 

so for my file upload into MySQL, I was hoping I could POST that info.

[harristweed]

Why do you need a separate table for the picture? I don't think you need a table for single pictures at all. Just rename the image file to match the user unique number. i.e. If user id =123, rename my_picture.jpg to user_123.jpg. Simple?

[webguync]

well, it's kind of a two step process right now. The register form and file upload form are using two different PHP scripts. I have read it's a good security idea to have the two separate so a user will need to register and login before they can upload a file. I can post the two scripts if that will help.

[BlueSkyIS]

even if it's a two-step process, why use 2 tables?

[webguync]

b/c it doesn't work with just one tbl.

 

Say I have the contact form with name, email, user, name password. I have a table called contact. The first form is processed and the info submits fine. My second form for file upload is using it's own processing script to upload the file. The insert statement only works if it's inserting all of the correct values into the fields at that time right? This is how it seems. I can't try and go back and insert something into one field in my contact table . I have to use another table with just the one field (path_to_file ) and insert that value.

 

Hope this makes sense. Maybe I am going about this wrong?

[Pikachu2000]

You can simply update the record in the users table to add the filename for the photo at any time in the future. Since you've gone to the trouble of creating a users table, it's safe to assume that you require users to log in, right? You store a user id in a session var/cookie, right? All you need to do is update the record associated with the user id when the user uploads a photo.

[webguync]

ok, so instead of INSERT it would be (need help with this)

 

UPDATE Profile
SET Path_to_File=value, 
WHERE Path_to_File=some_value

 

Path_to_file is the MySQL field name where I want the path to the file to appear.

[Pikachu2000]

Pseudo-code, obviously.

"UPDATE `profile` SET `Path_to_file` = '$value' WHERE `user_id` = {$_SESSION['user_id']}"

[harristweed]

http://www.tizag.com/mysqlTutorial/

[webguync]

I understand the concept, but how would I store the user ID in the login in form. Hidden field? or would I store the id in a Session variable?

 

<form enctype="multipart/form-data" method="POST" action="loggedin.php" id="login_form" >
<legend>Please enter your user name and password to login</legend>



<div>
   
<label for="username">Username:</label><br />
    
<input type="text" name="UserName" id="UserName" size="20"><br /><br />
<label for="password">Password: </label><br />
<input type="Password" name="Password" id="Password" size="20"><br /><br />
   <div class="buttondiv">
<input class="button" type="submit" name="submit" value="Login" /><span id="msgbox" style="display:none"></span>
</div>
    </div><!--end login wrapper-->

</form>

[webguync]

still trying to get the file upload working. I am currently getting the following errors.

Notice: Undefined variable: value in /flash_upload.php on line 65

Notice: Undefined variable: _SESSION in /flash_upload.php on line 65

UPDATE `Profile` SET `Path_to_file` = '' WHERE `id` =

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 

 

the file upload code looks like this.

<?php

ini_set("display_errors","1");

ERROR_REPORTING(E_ALL);



$db_user = "uname";

$db_pass = "pw";

$db = "DB";





$link = mysql_connect('localhost',$db_user,$db_pass);

$db_selected = mysql_select_db($db);

/*debugging*/



if (!$link) {

    die('Could not connect: ' . mysql_error());

}

echo 'Connected successfully';



if (!$db_selected) {

    die ('Can\'t use foo : ' . mysql_error());

}



$uploadDir = dirname(__FILE__) . '/files/';

$uploadFile = $uploadDir . basename($_FILES['myfile']['name']);

//Print_r ($_FILES);



if ($_POST['submit'] != '') {

    // 1. submitting the html form

    if (!isset($_GET['jqUploader'])) {

        // 1.a javascript off, we need to upload the file

        if (move_uploaded_file ($_FILES['myfile']['tmp_name'], $uploadFile)) {

	 $statement = "UPDATE `Profile` SET `Path_to_file` = '$value' WHERE `id` = {$_SESSION['id']}";

                echo '<p>'.$statement;

                mysql_query($statement);

                echo '<p>'.mysql_error();

            // delete the file

            // @unlink ($uploadFile);

            $html_body = '<h1>File successfully uploaded!</h1><pre>';

            $html_body .= print_r($_FILES, true);

            $html_body .= '</pre>';

        } else {

            $html_body = '<h1>File upload error!</h1>';



            switch ($_FILES['myfile']['error']) {

                case 1:

                    $html_body .= 'The file is bigger than this PHP installation allows';

                    break;

                case 2:

                    $html_body .= 'The file is bigger than this form allows';

                    break;

                case 3:

                    $html_body .= 'Only part of the file was uploaded';

                    break;

                case 4:

                    $html_body .= 'No file was uploaded';

                    break;

                default:

                    $html_body .= 'unknown errror';

            }

            $html_body .= 'File data received: <pre>';

            $html_body .= print_r($_FILES, true);

            $html_body .= '</pre>';

        }

        $html_body = '<h1>Results</h1><pre>';

        $html_body .= print_r($_POST, true);

        $html_body .= '</pre>';

    } else {

        // 1.b javascript on, so the file has been uploaded and its filename is in the POST array

        $html_body = '<h1>Form posted!</h1><p>Error:<pre>';

        $html_body .= print_r($_POST, false);

        $html_body .= '</pre>';

    }

    myHtml($html_body);

} else {

    if ($_GET['jqUploader'] == 1) {

        // ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

        // 2. performing jqUploader flash upload



        if ($_FILES['Filedata']['name']) {

          if (move_uploaded_file ($_FILES['myfile']['tmp_name'], $uploadFile)) {

               $statement = "UPDATE `Profile` SET `Path_to_file` = '$value' WHERE `user_id` = {$_SESSION['user_id']}";

               // echo "<P>".$statement;

               // mysql_query($statement);

               // echo "<P>".mysql_error();

                 //delete the file

                  //@unlink ($uploadFile);

                return $uploadFile;

            }

        } else {

            if ($_FILES['Filedata']['error']) {

                return $_FILES['Filedata']['error'];

            }

        }

    }

}

// /////////////////// HELPER FUNCTIONS

function myHtml($bodyHtml)

{



    ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html lang="en">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>File Upload</title>

<link rel="stylesheet" type="text/css" media="screen" href="style.css"/>

</head>

<body>

<?php echo $bodyHtml;



    ?>

</body>

</html>

<?php

}



?>