1

I've used this code in another site I've made and it works absolutely fine so I'm really confused as to why this isn't working properly. The only things I have changed are the directories for the file to be moved to, but the files never get uploaded. I've triple checked everything and it all seems fine. The code all executes without errors and all of the info gets entered into the database correctly, the only problem is the file not uploading. I'm going mad trying to get this to work! please help!

HTML FORM:

<p>
<h2>Add News</h2><br />
REQUIRED *<br /><br />
<form enctype="multipart/form-data" action='addnews2.php' method='post' onsubmit="chose.value = uploadForm()" name="newsform">
<p>Headline:  *
<br>
<input name="title" type="text" size="75">
<br />
<br/>

  News: *<br>
<textarea name="text" cols="75" rows="10" width="200"></textarea><br /><br />
Image File:   
<br>
<input type="file" name="filetoupload" id="filetoupload"><br/><br />

  <input type="submit" name="choose" value="Submit" />
</p>
</form>
</p>

Processing Page:

$date=date("l F d, Y");

$title=stripslashes($_POST['title']);
$text=stripslashes($_POST['text']);

if (($_FILES["filetoupload"]["type"] == "image/gif")
|| ($_FILES["filetoupload"]["type"] == "image/jpeg")
|| ($_FILES["filetoupload"]["type"] == "image/pjpeg")
|| ($_FILES["filetoupload"]["type"] == "image/png")
|| ($_FILES["filetoupload"]["type"] == "image/jpg"))
  {
  if ($_FILES["filetoupload"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["filetoupload"]["error"] . "<br />";
    }
    else
      {
            if (file_exists("images/news/" . $_FILES["filetoupload"]["name"]))
      {
      echo $_FILES["filetoupload"]["name"] . " already exists. ";
      }
      move_uploaded_file($_FILES["filetoupload"]["tmp_name"],
      "images/news/" . $_FILES["filetoupload"]["name"]);
      }
    }



$image = "images/news/".$_FILES['filetoupload']['name'];


if($title==""||$text==""){
    die("You need to fill in all details");
}


connect_to_db();
$query="insert into news (date, title, text, image) values ('".$date."','".mysql_real_escape_string($title)."','".mysql_real_escape_string($text)."','".$image."')";
$result=mysql_query($query);

if(mysql_affected_rows()==1){
header("Location:index.php?page=Admin&news=added");
}
else{
    die("there was a problem");
}
mysql_close();
Improve this question
3
  • 2
    Have you checked the permissions on the directory you are uploading to? Commented May 31, 2011 at 14:52
  • your move_uploaded_file code is always executing you need to put that in the else part Commented May 31, 2011 at 14:57
  • In order to trace the problem, you should construct a new temp php file without the database info, and then gather and echo information on all the variables to ensure your locations, paths, and constructed data are valid. Also enable error reporting ( php.net/manual/en/function.error-reporting.php ). Also, as stated, the target location for the final copy may not have proper file permissions (write access). Commented May 31, 2011 at 15:05

1 Answer 1

Reset to default
1

Looks like you are missing an else statement possibly, the code formatting is off and causes confusion:

  if (file_exists("images/news/" . $_FILES["filetoupload"]["name"]))
  {
      echo $_FILES["filetoupload"]["name"] . " already exists. ";
  }else {
      move_uploaded_file($_FILES["filetoupload"]["tmp_name"],
  "images/news/" . $_FILES["filetoupload"]["name"]);
  }

Give that a shot. If not that, check your permissions etc. And make sure that the file isn't being uploaded, just not in the spot you expected it to be.

Just a bit of information, I would do the $title and $text check before you do the image check. As you probably do not want to upload the image to the site if both of those are null. You should also escape the file name in the image path prior to inserting:

$image = "images/news/".mysql_real_escape_string($_FILES['filetoupload']['name']);

As that could also be prone to injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for the speedy response. Unfortunately this did not solve the problem :/
I just realised what the problem was. I hadn't given the folder write permissions. Im such an eeeejot! But your response triggered the thought so much appreciated :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.