Home » Php » Displaying a single image and data – PHP

Displaying a single image and data – PHP

Posted by: admin February 22, 2020 Leave a comment

Q(Question):

Hi all
I am extremely new to php and need some help

I found a code that Atli addressed in a 11/23/07 thread and have been working with it-all is great. My main question is how do I search for a single file and display the image for that single file. The code example by Atli will list all files

Thanks

A(Answer):

which of the 3 threads do you mean? (a link would be really helpful)

A(Answer):

Sorry-here is the link
http://bytes.com/topic/php/insights/…base-using-php

A(Answer):

Check out MySQL’s WHERE clause.

A(Answer):

Thanks for the WHERE clause link–I gave it a shot but get the result "There are no files in database" any advice for a rookie?
# Query for existing files
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber Created FROM FileStorage Where Toolnumber = ‘textfield’ ");

A(Answer):

well, obviously there is no Toolnumber field with the value of ‘textfield’.

besides, make sure, all field names are correctly written (SQL can be/is case sensitive)

A(Answer):

Thanks for the rapid reply
I did find That Toolnumber should be ToolNumber-corrected it but still the same
will ‘textfield’ pull over from my search page?

A(Answer):

Isn’t textfield meant to be $textfield i.e a variable?

A(Answer):

I tried it with the $ variable but get a undefined variable error

A(Answer):

Lets see your code, you need to take whatever the user entered in the text box, put it into a variable then use that in the SQL to retrieve.

A(Answer):

here is the code I am using that gives me undefined variable error

<?php
# Connect to the database
$dbLink = mysqli_connect("xx.xx.xx.xx", "xxxxx", "xxxxxxxx", "tools");
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
# Query for a list of all existing files
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber Created FROM FileStorage Where ToolNumber = [$textfield]");
# Check if it was successfull
if($result)
{
# Make sure there are some files in there
if(mysqli_num_rows($result) == 0) {
echo "<p>There are no files in the database</p>";
}
else
{
# Print the top of a table
echo "<table width='100%'><tr>";
echo "<td><b>Name</b></td>";
echo "<td><b>Mime</b></td>";
echo "<td><b>Size (bytes)</b></td>";
echo "<td><b>Created</b></td>";
echo "<td><b>Tool Number</b></td>";
echo "<td><b>&nbsp;</b></td>";
echo "</tr>";
# Print each file
while($row = mysqli_fetch_assoc($result))
{
# Print file info
echo "<tr><td>". $row['FileName']. "</td>";
echo "<td>". $row['FileMime']. "</td>";
echo "<td>". $row['FileSize']. "</td>";
echo "<td>". $row['Created']. "</td>";
echo "<td>". $row['ToolNumber']. "</td>";
# Print download link
echo "<td><a href='get_file.php?id=". $row['FileID'] ."'>Download</a></td>";
echo "</tr>";
}
# Close table
echo "</table>";
}
# Free the result
mysqli_free_result($result);
}
else
{
echo "Error! SQL query failed:";
echo "<pre>". $dbLink->error ."</pre>";
}
# Close the mysql connection
mysqli_close($dbLink);
?>

A(Answer):

I’m not sure what the square brackets are for… of cause $textfield has to be defined somewhere (looks like some form data).

// just one possibility...
$textfield = $_POST['user_input'];
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, `ToolNumber Created` FROM FileStorage WHERE ToolNumber = " . mysql_real_escape_string($textfield));
// use ' around the value if it is a string

A(Answer):

would something like this work?

$textfield = $_POST['textfield'];
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = " . mysql_real_escape_string($textfield));

here is the code for the search

<form id="form1" name="form1" method="get" action="list_files.php">
<label>Tool Number
<input type="text" name="textfield" />
</label>
<p>
<label>
<input type="submit" name="Submit" value="Submit" />
</label>
</p>

sorry for so many questions. I have only been doing this since Monday

A(Answer):

Your method is get on the form, not post so change this:

<form id="form1" name="form1" method="get" action="list_files.php">

To:

<form id="form1" name="form1" method="post" action="list_files.php">

And that should work OK.

Or alternatively change:

$textfield = $_POST['textfield'];

To:

$textfield = $_GET['textfield'];

Cheers

A(Answer):

Well I did the reccommended changes and now get another error:

Error! SQL query failed:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” at line 1
PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user ‘ODBC’@’localhost’ (using password: NO) in C:\Inetpub\wwwroot\tlsc\list_files.php on line 12 PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Inetpub\wwwroot\tlsc\list_files.php on line 12

This is line 12:

$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = " . mysql_real_escape_string($textfield));

A(Answer):

I think you need to surround the variable if not an int.

$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysql_real_escape_string($textfield) . "'");

A(Answer):

well I tried:

‘" . mysql_real_escape_string($textfield) . "’");

as reccommended- but get:

There are no files in the database

PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user ‘ODBC’@’localhost’ (using password: NO) in C:\Inetpub\wwwroot\tlsc\list_files.php on line 12 PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Inetpub\wwwroot\tlsc\list_files.php on line 12

A(Answer):

OK just try the following:

$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime, FileSize,
ToolNumber, Created
FROM FileStorage
WHERE ToolNumber = '$textfield'
");

The mysql_real_escape_string function is to make the data safe for MySQL insertion, maybe that is not used with mysqli, I have never really used it.

A(Answer):

You’re using MySQLi, so mysql_* functions are not going to work. Change it to mysqli_…

A(Answer):

Not quite sure I undestand– can you explain a little and/or give a example?

A(Answer):

He means use mysqli_real_escape_string() instead of mysql_real_escape_string() like so:

$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($textfield) . "'");

A(Answer):

Back again–got this error:

There are no files in the database

PHP Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\Inetpub\wwwroot\tlsc\list_files.php on line 17

do I need to do something like this

"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE id= '$id'
AND ToolNumber =
'" . mysqli_real_escape_string($textfield) . "'");

A(Answer):

Hi,

Change:

mysqli_real_escape_string($textfield)

To:

mysqli_real_escape_string($dbLink,$textfield)

A(Answer):

Guess what–more errors

PHP Parse error: parse error in C:\Inetpub\wwwroot\tlsc\list_files.php on line 21

here are lines 21 thru 70

if($result)
{
# Make sure there are some files in there
if(mysqli_num_rows($result) == 0) {
echo "<p>There are no files in the database</p>";
}
else
{
# Print the top of a table
echo "<table width='100%'><tr>";
echo "<td><b>Name</b></td>";
echo "<td><b>Mime</b></td>";
echo "<td><b>Size (bytes)</b></td>";
echo "<td><b>Created</b></td>";
echo "<td><b>Tool Number</b></td>";
echo "<td><b>&nbsp;</b></td>";
echo "</tr>";
# Print each file
while($row = mysqli_fetch_assoc($result))
{
# Print file info
echo "<tr><td>". $row['FileName']. "</td>";
echo "<td>". $row['FileMime']. "</td>";
echo "<td>". $row['FileSize']. "</td>";
echo "<td>". $row['Created']. "</td>";
echo "<td>". $row['ToolNumber']. "</td>";
# Print download link
echo "<td><a href='get_file.php?id=". $row['FileID'] ."'>Download</a></td>";
echo "</tr>";
}
# Close table
echo "</table>";
}
# Free the result
mysqli_free_result($result);
}
else
{
echo "Error! SQL query failed:";
echo "<pre>". $dbLink->error ."</pre>";
}
# Close the mysql connection
mysqli_close($dbLink);
?>

A(Answer):

I suspect the error is just prior to what you pasted.

Please post all the code and use code tags as well please. Its very difficult to read without tags.

A(Answer):

mike,

Please read your Personal Messages. You have already received a warning.

A(Answer):

how do I do code tags??

A(Answer):

sorry about the tags

here is the code–let me know if I did it correct

<?php
# Connect to the database
$dbLink = mysqli_connect("71.39.54.10", "root", "trinidad", "tools");
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
# Query for a list of all existing files
// just one possibility...
$textfield = $_POST['textfield'];
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield)
# Check if it was successfull
if($result)
{
# Make sure there are some files in there
if(mysqli_num_rows($result) == 0) {
echo "<p>There are no files in the database</p>";
}
else
{
# Print the top of a table
echo "<table width='100%'><tr>";
echo "<td><b>Name</b></td>";
echo "<td><b>Mime</b></td>";
echo "<td><b>Size (bytes)</b></td>";
echo "<td><b>Created</b></td>";
echo "<td><b>Tool Number</b></td>";
echo "<td><b>&nbsp;</b></td>";
echo "</tr>";
# Print each file
while($row = mysqli_fetch_assoc($result))
{
# Print file info
echo "<tr><td>". $row['FileName']. "</td>";
echo "<td>". $row['FileMime']. "</td>";
echo "<td>". $row['FileSize']. "</td>";
echo "<td>". $row['Created']. "</td>";
echo "<td>". $row['ToolNumber']. "</td>";
# Print download link
echo "<td><a href='get_file.php?id=". $row['FileID'] ."'>Download</a></td>";
echo "</tr>";
}
# Close table
echo "</table>";
}
# Free the result
mysqli_free_result($result);
}
else
{
echo "Error! SQL query failed:";
echo "<pre>". $dbLink->error ."</pre>";
}
# Close the mysql connection
mysqli_close($dbLink);
?>

A(Answer):

You’ve missed some quotes:


$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield)

Should be


$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield) . "'";

A(Answer):

added the quotes–now get:
PHP Parse error: parse error in C:\Inetpub\wwwroot\tlsc\list_files.php on line 17 here are lines 12 – 17


$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield) . "'";

A(Answer):

It’s missing the ending parenthesis (‘)’) of the mysqli function. Add one just before the semi colon.

A(Answer):

AWSOME–That did the trick!!!! Thanks for ALL the help

A(Answer):

No problem.

A hearty ‘you’re welcome’ from us all.

A(Answer):

Glad you got there in the end.

Good Luck