Re: NULL and empty space

[John Holmes <holmes072000@xxxxxxxxxxx>]

Craig Hoffman wrote:

> I have an form where someone can choose to upload a photo. If the person 
> does not upload a photo, an emtpy string is inserted in the DB. How can 
> I have it insert 'NULL' in the DB instead of an empty string when they 
> choose NOT to upload a photo but complete the form anyway?
>
> Any help is appreciated!
>  Much Thanks -- CH
>
>  Here is my code and query if it helps:
> if($_POST["postback_upload"])
>
>     {
>         include "include/db.php";
>     //image uploader
>     $uploadpath = 'images/climbs/';
>     
>     $source = $_FILES['photo']['tmp_name'];
>     $route_photo = $_FILES['photo']['name'];
>     $dest == '';
>     if (($source != 'none') && ($source != '')) {
>         $dest = $uploadpath.$route_photo;
>         if ($dest != '') {
>             if (move_uploaded_file($source, $dest)) {
>                 echo ("<h2>Image and Climbing log has been successfully 
> stored.</h2> ");
>             } else {
>                 echo ("<h2>Image could not be stored.<h2>");
>             }
>         }
>     } else {
>             echo ("<h2>No new image supplied. Climbing long has been 
> successfully stored.<h2>");
>             }
>
>         //photo uploader - make "route_photo" a varible for MySQL to 
> work -- need to find out why.
>        
>     
>            
>         $query = "INSERT INTO routes(user_id , date_climbed , route , 
> pitchs , rating, area, outcrop, type, style, private_comments, 
> public_comments, stars, route_photo)
>         VALUES('NULL', '$_POST[date_climbed]', '$_POST[route]', 
> '$_POST[pitchs]', '$_POST[rating]',
>         '$_POST[area]', '$_POST[outcrop]', '$_POST[type]', 
> '$_POST[style]',         
> '$_POST[private_comments]','$_POST[public_comments]','$_POST[stars]', 
> '$route_photo')";
>         echo $query;
>         $msg = "<span style='color:red'>Could not insert record</span>";
>         $result = mysql_query($query,$db) or die(mysql_error());

if(empty($_FILES['photo']) || $_FILES['photo']['name'] == 'none')
{ $route_photo = 'NULL'; }
else
{ $route_photo = "'" . $_FILES['photo']['name'] . "'"; }

$query = "INSERT INTO routes (user_id, date_climbed, ..., route_photo) 
VALUES (NULL, '$_POST['date_climbed']', ..., $route_photo)";

Obviously add the rest of your stuff in there. What you're basically 
doing is setting the column to NULL (notice there are no quotes around 
NULL **when it's put in the query**) or to 'some value', when there is a 
values in $_FILES (note how there are quotes around the value if there 
is one **when it's put in the query**).

Also notice how you're setting the "user_id" column to the _string_ 
'NULL' instead of an actual NULL value (without quotes). You're also 
taking POSTed data and putting it directly into your query, which can 
open you up to all sorts of vulnerabilities if not done correctly.

You could also use an is_uploaded_file() thrown in there, also.

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php