1

I'm attempting to upload an image as well as add details such as; title, description and filepath into a database table.

I'm using the following code, but it isn't adding any data to the database;

(The session.php include contains the database connectivity.)

<?php include('includes/session.php');

$uploadDir = 'submitted/pictures/';

if(isset($_POST['submit']))
{
$fileName = $_FILES['file']['name'];
$tmpName  = $_FILES['file']['tmp_name'];
$fileSize = $_FILES['file']['size'];
$fileType = $_FILES['file']['type'];

$filePath = $uploadDir . $fileName;

$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading <strong>file</strong>";
exit;
}

if(!get_magic_quotes_gpc())
{
    $fileName = addslashes($fileName);
    $filePath = addslashes($filePath);
}

$title = $_POST['title'];
$description = $_POST['description'];

$query = "INSERT INTO $user_pictures (file, title, description) VALUES ('$filePath', '$title', '$description')";

mssql_query($query); 

}

?>

The form code;

<form name="Image" enctype="multipart/form-data" action="upload-pics2.php" method="POST">
 Title <input type="text" name="title" maxlength="100" class="textbox" value="<?php echo $form->value("title"); ?>" />
 Description <textarea name="description" rows="8" cols="40" class="textbox" value="<?php echo $form->value("description"); ?>"></textarea>
 File <input type="file" name="file" accept="image/gif, image/jpeg, image/x-ms-bmp, image/x-png" size="26" class="textbox" />
 <input type="submit" name="submit" value="Upload" class="button" />
</form>

I was wondering if someone could tell me what might be going wrong?

Thank you.

Improve this question
1
  • are you trying to store the file in the db or just the path? your question suggests you want to store the data inside the db, but your code says you're just storing the path Commented Oct 11, 2009 at 9:41

3 Answers 3

Reset to default
1

This code do not work because of several problems.

First, you should rename one of html fields or change field name when you are checking for upload:

<input type="submit" name="Upload" value="Upload" class="button" />

or

if(isset($_POST['submit']))

Second one, this script will not store any data into DB. You should get, sanitize and write data into according fields, for example:

$title = mysql_real_escape_string($_POST['title']);
$description = mysql_real_escape_string($_POST['description']);
$query = "INSERT INTO $user_pictures (file, title, description) VALUES ('$filePath', '$title', '$description')";

You should make sure these fields present in DB, if not - you should create them:

ALTER table user_pictures ADD column description text, add column title varchar(255);
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Hey Max, is there an MSSQL equivalent to mysql_real_escape_string ?
Now seem to be getting this error; Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near '('. (severity 15) in upload-pics2.php on line 31
no, there is no equivalent to escape mssql, but you can use simple escaping function: function mssql_escape_string($string_to_escape) { $replaced_string = str_replace("'","''",$string_to_escape); return $replaced_string; } and then call $title = mssql_escape_string($_POST['title']); $description = mssql_escape_string($_POST['description']);
I have no ideas on that warning, sorry. :( Only can recommend to check syntax of the query.
No worries Max. Got it working now, just need to put some validation in to check for correct file type, file size and to display a success/error messages.
1

You has an error at this line if(isset($_POST['Upload']))

Change this to the if(isset($_POST['submit']))

Improve this answer

Comments

1

is the 'submitted/pictures/' writable? also you might want to run is_uploaded_file() for an extra layer of security.

Also your query seems to be wrong

"INSERT INTO $user_pictures ( file ) VALUES ('$filePath')"

$user_pictures needs to be a table

try 

"INSERT INTO `user_pictures` ( `file` ) VALUES ('$filePath')"
Improve this answer

1 Comment

@dotty Thanks for that. Apparently file is a keyword, so i will have to change that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.