file upload to server folder path saved in database.

[Irvine263]

Hie Guys. Greetings to you all. I have managed to download a script from this site which uploads a file to server folder but don't save path to database. here is my script. All i want is a script which upload file server folder and save path to database. Dreamweaver script will be fine, since am using Dreamweaver.

 

thanx

 

---------------------insert code------------------------------------

<?php

$con = mysql_connect("localhost","root","");

if (!$con)

{

die('Could not connect: ' . mysql_error());

}

mysql_select_db("@@@@", $con);

$file=($_FILES['file']['name']);

$sql="INSERT INTO carsale (companyname, productname, price, file, )

VALUES

('('$_POST($file)','$_POST[companyname]','$_POST[productname],',$_POST[price]')";

if (!mysql_query($sql,$con))

{

die('Error: ' . mysql_error());

}

echo "Your information was added successfully. THANK YOU";

mysql_close($con);

?>

-------------- upload code-----------------------------

<?php

$allowedExts = array("jpg", "jpeg", "gif", "png");

$extension = end(explode(".", $_FILES["file"]["name"]));

if ((($_FILES["file"]["type"] == "image/gif")

|| ($_FILES["file"]["type"] == "image/jpeg")

|| ($_FILES["file"]["type"] == "image/png")

|| ($_FILES["file"]["type"] == "image/pjpeg"))

&& ($_FILES["file"]["size"] < 2000)

&& in_array($extension, $allowedExts))

{

if ($_FILES["file"]["error"] > 0)

{

echo "Return Code: " . $_FILES["file"]["error"] . "<br>";

}

else

{

echo "Upload: " . $_FILES["file"]["name"] . "<br>";

echo "Type: " . $_FILES["file"]["type"] . "<br>";

echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";

echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";

if (file_exists("upload/" . $_FILES["file"]["name"]))

{

echo $_FILES["file"]["name"] . " already exists. ";

}

else

{

move_uploaded_file($_FILES["file"]["tmp_name"],

"upload/" . $_FILES["file"]["name"]);

echo "Stored in: " . "upload/" . $_FILES["file"]["name"];

}

}

}

else

{

echo "invalid file";

}

?>

[justsomeguy]

This is wrong:

$sql="INSERT INTO carsale (companyname, productname, price, file, )VALUES('('$_POST($file)','$_POST[companyname]','$_POST[productname],',$_POST[price]')";

Writing $_POST($file) means you're trying to use $_POST as a function. It's not a function, it's an array. Also, I seriously doubt there is an item in $_POST with the same name as the value of $file. $file is the uploaded filename. There's not going to be an item in $_POST with that name. That query also has syntax errors, that comma after "file" is an error. Also, your fields are listed in the order companyname, productname, price, and file, but the values are file, companyname, productname, and price. You also have an extra comma after the value for productname.Your code is also not protecting against SQL injection vulnerabilities, you're using the outdated mysql extension and you're not sanitizing the data. You should be using prepared statements with either the mysqli extension or PDO.As far as the second code goes, at the end you use move_uploaded_file to move the file. The path to the file on the server is passed to that function, you can save that path in the database if you want.

[Irvine263]

thanx justsomeguy

well i have corrected the syntax, but it's working. may u please supply me with an alternative code.

[thescientist]

please present your updated code with details of what is "not working". Please be specific.

[Irvine263]

Since the code is an outdated mysql extension. i have managed to download another code but the problem is how do i insert other details on this code and save data to database. and path name.

companyname

productname

price

 

 

 

----------------------------------------new code----------------------------------------------------------------------------------

<form enctype="multipart/form-data" method="post" action="uploader.php">Choose your file here:<input name="namea" type="file"/><br /><br /><input type="submit" value="Upload"/></form>

<!-- -------------------------------------------- --><!-- "image_upload_script.php" --><!-- -------------------------------------------- -->

<?php// Access the $_FILES global variable for this specific file being uploaded// and create local PHP variables from the $_FILES array of information$fileName = $_FILES["namea"]["name"]; // The file name$fileTmpLoc = $_FILES["namea"]["tmp_name"]; // File in the PHP tmp folder$fileType = $_FILES["namea"]["type"]; // The type of file it is$fileSize = $_FILES["namea"]["size"]; // File size in bytes$fileErrorMsg = $_FILES["namea"]["error"]; // 0 = false | 1 = true$kaboom = explode(".", $fileName); // Split file name into an array using the dot$fileExt = end($kaboom); // Now target the last array element to get the file extension// START PHP Image Upload Error Handling --------------------------------------------------if (!$fileTmpLoc) { // if file not chosen echo "ERROR: Please browse for a file before clicking the upload button."; exit();} else if($fileSize > 5242880) { // if file size is larger than 5 Megabytes echo "ERROR: Your file was larger than 5 Megabytes in size."; unlink($fileTmpLoc); // Remove the uploaded file from the PHP temp folder exit();} else if (!preg_match("/.(gif|jpg|png)$/i", $fileName) ) { // This condition is only if you wish to allow uploading of specific file types echo "ERROR: Your image was not .gif, .jpg, or .png."; unlink($fileTmpLoc); // Remove the uploaded file from the PHP temp folder exit();} else if ($fileErrorMsg == 1) { // if file upload error key is equal to 1 echo "ERROR: An error occured while processing the file. Try again."; exit();}// END PHP Image Upload Error Handling ----------------------------------------------------// Place it into your "uploads" folder mow using the move_uploaded_file() function$moveResult = move_uploaded_file($fileTmpLoc, "upload/$fileName");// Check to make sure the move result is true before continuingif ($moveResult != true) { echo "ERROR: File not uploaded. Try again."; unlink($fileTmpLoc); // Remove the uploaded file from the PHP temp folder exit();}//unlink($fileTmpLoc); // Remove the uploaded file from the PHP temp folder// Display things to the page so you can see what is happening for testing purposesecho "The file named <strong>$fileName</strong> uploaded successfuly.<br /><br />";echo "It is <strong>$fileSize</strong> bytes in size.<br /><br />";echo "It is an <strong>$fileType</strong> type of file.<br /><br />";echo "The file extension is <strong>$fileExt</strong><br /><br />";echo "The Error Message output for this upload is: $fileErrorMsg";?>

[thescientist]

Just add the form input elements you need and look for them in POST and integrate them into the rest of the script.

 

However, If you didn't understand how your first script was working, I guarantee copy / pasting someone else's code is not going to help you to understand the fundamentals either.

 

You should really just start with the basics, like simple input elements, and make sure you can send those across the wire and get them in $_POST and assign them to variables in your script and correctly insert those into your database.

 

_Then_ add a file upload component. Doing everything at once is destined to lead to trouble an headache. Even experienced developers approach problems one set of functionality at a time. Get one piece working, verify it test, then move on to the next. List it out in steps, that's how i usually break down large tasks.

[Irvine263]

thanx