need help inserting a default text value into mysql

Question

end web developer, i was given a CMS done from another team and i have to link with my front-end. I have made some modifications, but due to my lack of php knowledge i have some issue here.

My users are able to fill up a form, where 1 text field is asking for their photo link. I want to check for if the value entered is not equal to what i want, then i will query insert a default avatar photo link to mysql to process.

code that i tried on php

// check if the variable $photo is empty, if it is, insert the default image link
if($photo = ""){
    $photo="images/avatarDefault.png";
}

doesn't seem to work

<?php
if($_SERVER["REQUEST_METHOD"] === "POST")
{
    //Used to establish connection with the database
    include 'dbAuthen.php';
    if (mysqli_connect_errno())
    {
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }
    else
    {

        //Used to Validate User input
        $valid = true;

        //Getting Data from the POST
        $username = sanitizeInput($_POST['username']);
        $displayname = sanitizeInput($_POST['displayname']);
        $password = sanitizeInput($_POST['password']);

        //hash the password using Bcrypt - this is to prevent 
        //incompatibility from using PASSWORD_DEFAULT when the default PHP hashing algorithm is changed from bcrypt  
        $hashed_password = password_hash($password, PASSWORD_BCRYPT);

        //Determining Type of the User
        //if B - User is student
        //if A - User is adin
        if($_POST['type'] == 'true')
            $type = 'B';
        else
            $type = 'A';

        $email = sanitizeInput($_POST['email']);
        $tutorGroup = sanitizeInput($_POST['tutorGroup']);
        $courseID = sanitizeInput($_POST['courseID']);
        $description = sanitizeInput($_POST['desc']);
        $courseYear = date("Y");
        $website = sanitizeInput($_POST['website']);
        $skillSets = sanitizeInput($_POST['skillSets']);
        $specialisation = sanitizeInput($_POST['specialisation']);
        $photo = sanitizeInput($_POST['photo']);

        // this is what i tried, checking if the value entered is empty, but doesn't work
        if($photo = ""){
            $photo="images/avatarDefault.png";
        }

        $resume = sanitizeInput($_POST['resume']);

        //Validation for Username
        $sql = "SELECT * FROM Users WHERE UserID= '$username'";
        if (mysqli_num_rows(mysqli_query($con,$sql)) > 0){
            echo 'User already exists! Please Change the Username!<br>';
            $valid = false;
        }

        if($valid){
            //Incomplete SQL Query
            $sql = "INSERT INTO Users
             VALUES ('$username','$displayname','$hashed_password','$type','$email', '$tutorGroup', ";

            //Conditionally Concatenate Values
            if(empty($courseID))
            {
                $sql = $sql . "NULL";
            }
            else
            {
                $sql = $sql . " '$courseID' ";
            }

            //Completed SQL Query
            $sql = $sql . ", '$description', '$skillSets', '$specialisation', '$website', '$courseYear', '$photo',  '$resume', DEFAULT)";

            //retval from the SQL Query
            if (!mysqli_query($con,$sql))
            {
                echo '*Error*: '. mysqli_error($con);
            }
            else
            {
                echo "*Success*: User Added!";
            }
        }

        //if student create folder for them
        if ($type == 'B')
        {
            //Store current reporting error
            $oldErrorReporting = error_reporting();

            //Remove E_WARNING from current error reporting level to prevent users from seeing code
            error_reporting($oldErrorReporting ^ E_WARNING);

            //Set current reporting error();
            error_reporting($oldErrorReporting);
        }

        mysqli_close($con);
    }
}
function sanitizeInput($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
?>

i've tried finding a way on mysql to insert default values but it seem impossible, so i have no choice but to query insert through php.

I have the logic but i'm not sure how to implement on the php with my lack of knowledge, i was thinking of checking either 1) if the photo link does not have the word .png/.jpg, $photo != ".png" 2) if the photo link length is too low $.photo.length < 10

can someone help me look into the code and tell me what i'm doing wrong? Thanks!

Consider using if(empty($photo) – Matheno Nov 24 '14 at 08:29 — Matheno, Nov 24 '14 at 08:29

score 0 · Answer 1 · answered Nov 24 '14 at 08:28

0

First thing that I notice is to use double =

if($photo == ""){
 //...
}

answered Nov 24 '14 at 08:28

repincln

2,029
5
24
34

Same thing but less neat ;) – Matheno Nov 24 '14 at 08:33
so my code is somewhat there just that i did some minor errors? Let me try and get back to u – Devon Nov 24 '14 at 08:35
haha yah, i was just lacking the double ==, anyway i can improve it to check more precise that you can recommend? – Devon Nov 24 '14 at 08:38
@repincln hope to check for if my value in $photo consist of .jpg or .png, if not do something – Devon Nov 24 '14 at 08:42
@Devon: check this answer http://stackoverflow.com/questions/7563658/php-check-file-extension. You can use pathinfo() to find file extension. – repincln Nov 24 '14 at 09:09

Epodax · Accepted Answer · 2014-11-24T09:12:02.683

0

A very simple way with default values could be:

$photo = isset($photo) ? $photo : 'images/avatarDefault.png' ;

How it works is that it first it asks if the photo is set, if it is, use all ready inserted value, otherwise insert your default value,

Another (very alike) method to use:

$photo = !empty($photo) ? $photo : 'images/avatarDefault.png' ;

UPDATE

To check if it contains a certain "extension" would be a simple rewrite

$photo = preg_match('#\b(.jpg|.png)\b#', $photo ) ? $photo : "images/avatarDefault.png" ;

This way it checks wether the text / image link in $photo contains the .png file type, if it doesn't it inserts your default image

edited Nov 24 '14 at 09:12

answered Nov 24 '14 at 08:50

Epodax

1,828
4
27
32

hi Rasmus, how does it determine it is set? Does 'asd' consider as set as well? I want it to check if there are a valid format like .png or .jpg in the last 4 letter of the inserted value, because if asd is valid then i don't want it to be valid because it is not right – Devon Nov 24 '14 at 08:54
@Devon Changed my updated answer a teeny bit to better fit your needs (so that you can match multiple image types) – Epodax Nov 24 '14 at 09:12
but i have no idea where to place this line, should i remove the if statement and paste your code? "images/avatarDefault.png" is dynamic, it won't always be this – Devon Nov 24 '14 at 12:23
Yes, you place it instead of the "if" sentence, and just can just replace the "image/avatarDefault.png" with a php variable ( $photo = preg_match('#\b(.jpg|.png)\b#', $photo ) ? $photo : $defaultPhoto ; ) – Epodax Nov 24 '14 at 16:14
I can't tell you what it does 100% since I am not entirely sure myself, but, my guess is that it tells the system /server that there are a "if" sentence in place (Since the code I provided is kinda a IF sentence in one line with a default value). Otherwise you can try and google it :) – Epodax Nov 25 '14 at 07:58

need help inserting a default text value into mysql

2 Answers2