Junior Coders
PHP and MySQL
Hi all,
I am working on an idea for my site but not sure how to go about part if it. The idea is that I have several image files each with a php script in, when I run this PHP script it gets a list of all the pictures in the folder and adds them into a database, but if the picture already exists in the database then it skips it. Does anyone have any ideas of how do do this?
Cheers
Modtoreador
Code:foreach(scandir('.') as $file) if(!mysql_num_rows(mysql_query(sprintf('select filename from files where filename=\'%s\'', mysql_real_escape_string($file))))) mysql_query(sprintf('insert into files (filename) values (\'%s\')', mysql_real_escape_string($file)));
Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
Junior Coders
Thanks for the quick reply Twey.
I am new to PHP and am still learning about it, so I am just trying to work out what each part of the code does, but I am stuck at two bits:
What does the %s mean?PHP Code:filename=\'%s\'
And:
I have never heard of this command before.PHP Code:mysql_real_escape_string($file)
If you dont mind please could you explain them?
Modtoreador
"String:" it's replaced by sprintf() with the second argument.What does the %s mean?The term is "function" -- it returns a value. It escapes the string so it's safe to use in MySQL queries to the current connection.I have never heard of this command before.
Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
Modarator Man.
%s is a placeholder for mysql_real_escape_string($file)What does the %s mean?
So, %s will be replaced with mysql_real_escape_string($file)
To prevent MySQL injection.I have never heard of this command before.
Example:
Say I put in your URL ?page=DELETE database 'database';
Without mysql_real_escape_string($file), your database would be deleted.
Peter - alotofstuffhere[dot]com - Email Me - Donate via PayPal - Got spare hardware? Donate 'em to me :) Just send me a PM.
Currently: enjoying the early holidays :)Read before posting: FAQ | What you CAN'T do with JavaScript | Form Rules | Thread Title Naming Guide
Junior Coders
Thanks to both of you. But I have one more question
Say I wanted to have a the file path put into the database as well would this work:
?Code:foreach(scandir('.') as $file) if(!mysql_num_rows(mysql_query(sprintf('select filename from files where filename=\'%s\'', mysql_real_escape_string($file))))) mysql_query(sprintf('insert into files (filename, path) values (\'%s\', 'pictures/thunbnails/%s') mysql_real_escape_string($file)));
Modtoreador
Send the same value as the next parameter to sprintf() as well, and yes. There's not much point storing it if it's the same for each file, though.
Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
Posting Permissions
Reply With Quote
Bookmarks