-2

I'm trying to write a MySQL statement to insert information to a table:

 $insert = "INSERT INTO `vle`.`files`
               (`id`, `time`, `fileLocation`, `title`, `user`)

               VALUES (
                   NULL,
                   UNIX_TIMESTAMP(),

                   '".mysql_real_escape_string($putFile)."',
                   '".mysql_real_escape_string($_POST['title'])."',
                   '".$user."'
               )";

Everything inserts correctly except for the $user variable which echos out but doesn't get inserted and the same goes for $putFile. Is there anything in this MySQL statement that I am doing wrong?

Thanks

full code here

    <?php require_once('Connections/localhost.php');
    include('pageCheck.php');
    include('adminCheck.php');

    function saveFile(){
        global $_FILES, $_POST;

        $insert = "INSERT INTO `vle`.`files` 
(`id`, `time`, `fileLocation`, `title`, `user`) 
VALUES (NULL, UNIX_TIMESTAMP(), '".mysql_real_escape_string($putFile)."', '".mysql_real_escape_string($_POST['title'])."', '".$user."')";

        mysql_query($insert);

        var_dump($insert);
    }

    $putFile = "files/".basename($_FILES['uploadedFile']['name']);

    if(move_uploaded_file($_FILES['uploadedFile']['tmp_name'], $putFile)){
        saveFile();
        echo"File has been uploaded, Redirecting to file list now...";
        //echo"<meta http-equiv='refresh' content='3;url=dashboard.php'>";

        }else{

        echo"Unable to upload file, Returning to dashboard...";
        //echo"<meta http-equiv='refresh' content='3;url=dashboard.php'>";  

        }


     ?>

$user us defined in pageCheck.php

Improve this question
13
  • 3
    var_dump($insert); and show here (and since now always check the real sql generated, not the source php code) Commented Apr 18, 2012 at 3:41
  • string(122) "INSERT INTO vle.files (id, time, fileLocation, title, user) VALUES (NULL, UNIX_TIMESTAMP(), '', 'blah3', '')" Commented Apr 18, 2012 at 3:45
  • 1
    Do you have a mysql connection open before calling mysql_real_escape_string()? Docs: Note: A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used. Commented Apr 18, 2012 at 3:46
  • 1
    Can you show a more complete sample of your code, preferably where you set $user and actually run the query? Commented Apr 18, 2012 at 3:47
  • 1
    Add $putFile & $user to the globals Commented Apr 18, 2012 at 3:55

1 Answer 1

Reset to default
3

Your issue is a scoping one. Within your saveFile() function, $user and $putFile are not in scope.

See http://php.net/manual/en/language.variables.scope.php

You should consider passing them as arguments, eg

function saveFile($user, $file, $title) {
    // etc
}

saveFile($user, $putFile, $_POST['title']);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.