0

enter image description hereI am trying to upload a file to a directory and store its value in the database.I don't know what is wrong with this code.Thanks in advance for the help The pic displays variables whn echoed .

$con=connect();
    $file_name=$_FILES['file']['name'];
    $file_size=$_FILES['file']['size']/1024;
    $display_name=$_POST['display_name'];

    $upload_dir='../uploads/docs/';
    $file_temp=$_FILES['file']['tmp_name'];
    $file_path=$upload_dir.$file_name;
if(move_uploaded_file($file_temp,$file_path))
        {
            if($con)
            {
            $query=mysqli_query($con,"insert into dcument_upload 
            values(null,'$display_name','$file_path','$file_size')");
            $rr=mysqli_num_rows($query);
            if($rr)
                {
                    echo 'Uploaded';
                    echo $rr;
                }else
                {
                    echo "Upload failed";
                }
            }
            else
            {
                die("Cannot Connect");

            }
        }   
        else
        {
            echo "<br>Upload Failed<br>Try Again!";
        }
Improve this question
4
  • What is the output when this file is run? IE: Does it output one of your warnings/error messages, or is there any PHP errors? Commented Jul 5, 2016 at 9:45
  • Use mysqli_affected_rows() to check number of affected rows by insert query Commented Jul 5, 2016 at 9:46
  • Have you got any error???Explain what is not working ?? Commented Jul 5, 2016 at 9:47
  • File is getting uploaded to the server but i cannot insert file info into database Commented Jul 5, 2016 at 9:56

2 Answers 2

Reset to default
1

Try this. You were placing variables under single quotes.

<?php
    $con = connect();
    $file_name = $_FILES['file']['name'];
    $file_size = $_FILES['file']['size']/1024;
    $display_name = $_POST['display_name'];

    $upload_dir = '../uploads/docs/';
    $file_temp = $_FILES['file']['tmp_name'];
    $file_path = $upload_dir.$file_name;

    if(move_uploaded_file($file_temp,$file_path)) {
        if($con) {
            $query = mysqli_query($con,"insert into dcument_upload values(null, ".mysqli_real_escape_string($con, $display_name).", ".mysqli_real_escape_string($con, $file_path).", ".mysqli_real_escape_string($con, $file_size)".)");
            $rr = mysqli_num_rows($query);

            if($rr) {
                echo 'Uploaded';
                echo $rr;
            } else {
                echo "Upload failed";
            }
        } else {
            die("Cannot Connect");
        }

    } else {
        echo "<br>Upload Failed<br>Try Again!";
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You need to get the content of the file first:

$file_data = file_get_contents($file_path);
$query = mysqli_query($con, "INSERT INTO `dcument_upload ` VALUES (null, '". mysqli_real_escape_string($con, $display_name)."', '".mysqli_real_escape_string($con, $file_data). "', '".mysqli_real_escape_string($con, $file_size)."')");

Also, use mysqli_real_escape_string to escape special characters to help prevent against SQL injection.

Improve this answer

1 Comment

i have stored file info in separate variables.I am not inserting them directly

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.