[SOLVED] getting error You have an error in your SQL syntax; check the manual that corres

[sandbudd]

I am getting this error and seem to figure it out so here I am turning the pros

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.fortwayneanodizing.com/rfq/upload/download.php?f=Hawaii2008_004634787' at line 1

 

This is to upload images...

 

<?php

$db_host = 'localhost'; // don't forget to change 
$db_user = ''; 
$db_pwd = '';

$database = '';
$table = ;






if (!mysql_connect($db_host, $db_user, $db_pwd))
    die("Can't connect to database");

if (!mysql_select_db($database))
    die("Can't select database");

$Domain="http://".$_SERVER['HTTP_HOST'];

/////////
$save_path="upload/";

/////////
$file = $_FILES['userfile'];
$k = count($file['name']);
for($i=0;$i< $k ;$i++)
{
if(isset($save_path) && $save_path!="")
{
  $random_digit=rand(0000,9999999);



	$name = split('/',$file['name'][$i]);


	$name = str_replace("\\","",$name);


	$name = str_replace("'","",$name);


	$name = str_replace("","_",$name);


	$name = str_replace(" ","_",$name);


	$name = str_replace(".",$random_digit.".",$name);

  $name = str_replace(".",$random_digit.".",$name);
  if(move_uploaded_file($file['tmp_name'][$i], $save_path .
$name[count($name)-1]))
  {
  
  //// download the file/////
  $finalfile.="<li><a
href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>";
  $list_files.="<li>".$name[count($name)-1]."</li>";
}
}
}


?>
<?php
$f_1 = $_FILES['userfile[0]']['name'] ;
$f_2 = $_FILES['file2']['name'] ;
$f_3 = $_FILES['file3']['name'] ;
$f_4 = $_FILES['file4']['name'] ;
$f_5 = $_FILES['file5']['name'] ;
$f_6 = $_FILES['file6']['name'] ;
$f_7 = $_FILES['file7']['name'] ;
$f_8 = $_FILES['file8']['name'] ;
$f_9 = $_FILES['file9']['name'] ;
$f_10 = $_FILES['file10']['name'] ;
$f_11 = $_FILES['file11']['name'] ;
$f_12 = $_FILES['file12']['name'] ;
$f_13 = $_FILES['file13']['name'] ;
$f_14 = $_FILES['file14']['name'] ;
$f_15 = $_FILES['file15']['name'] ;
$f_16 = $_FILES['file16']['name'] ;
$f_17 = $_FILES['file17']['name'] ;
$f_18 = $_FILES['file18']['name'] ;
$f_19 = $_FILES['file19']['name'] ;
$f_20 = $_FILES['file20']['name'] ;
$customer = $_POST['customer'];
$company = $_POST['company'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip_code = $_POST['zip_code'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$type2 = $_POST['type2'];
$type3 = $_POST['type3'];
$burnish = $_POST['burnish'];
$chromate = $_POST['chromate'];
$hex = $_POST['hex'];
$impregnation = $_POST['impregnation'];
$strip = $_POST['strip'];
$part = $_POST['part'];
$description = $_POST['description'];
$alloy = $_POST['alloy'];
$quantity = $_POST['quantity'];
$spec = $_POST['spec'];
$color = $_POST['color'];
$repeat_customer = $_POST['repeat_customer'];
$isearch = $_POST['isearch'];
$internet_directory = $_POST['internet_directory'];
$referral = $_POST['referral'];
$yellow_pages = $_POST['yellow_pages'];
$trade = $_POST['trade'];
$other = $_POST['other'];
$notes = $_POST['notes'];
mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes,finalfile) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes','$finalfile')") or die(mysql_error());
?>

 

[lemmin]

You most likely have a character like a quote breaking the syntax. Run mysql_real_escape_string() on all of your variables that you put in the query. Also, you might want to consider normalizing your database, it would make it a lot easier to catch errors like this.

[sandbudd]

lemmin I ran it and get this error

 

Parse error: syntax error, unexpected T_VARIABLE in /home/anodizi/public_html/rfq/include2.php on line 60

 

here is line 60 and 61

 

$finalfile.="<li><a href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>";
  $list_files.="<li>".$name[count($name)-1]."</li>";

[lemmin]

I think the error is actually going to be in the command that comes immediately before the one on like 60.

[sandbudd]

lemmin I dont think that I am putting this mysql_real_escape_string() in the right place...where do I put that in the code please?

[BlueSkyIS]

around every variable that needs the function performed on it. probably every variable you use in the SQL.

 

$customer = mysql_real_escape_string($_POST['customer']);
$company = mysql_real_escape_string($_POST['company']);
$address =mysql_real_escape_string( $_POST['address']);
// etc.

[sandbudd]

If this helps the actual name of the file that uploaded to the server was

 

Hawaii2008_00463478766347876.jpg

 

don't know if it is not showing the entire file because the file was uploaded?

 

and it wont display

 

http://www.fortwayneanodizing.com/rfq/upload/download.php?f=Hawaii2008_00463478766347876.jpg

 

but I can download off the server and the image is there?

[sandbudd]

http://www.fortwayneanodizing.com/rfq/upload/download.php?f=Hawaii2008_00463478766347876.jpg

 

http://www.fortwayneanodizing.com/rfq/upload/Hawaii2008_00463478766347876.jpg  this does work and can view if this helps

[sandbudd]

friendly bump...does anyone have any suggestions?

[lemmin]

Are you still getting the error on line 60? If so, can you post more code from above it? Otherwise, did you escape all of your variables? Can you post the code where you did that?

[sandbudd]

here is what I did to the code and I get this error....

 

Fatal error: Cannot use string offset as an array in /home/anodizi/public_html/rfq/test.php on line 37

 

this is line 37

$name = mysql_real_escape_string(split('/',$file['name'][$i]));

 

<?php

$db_host = ''; 
$db_user = ''; 
$db_pwd = '';

$database = 'anodizi_pass';
$table = 'ae_gallery';






if (!mysql_connect($db_host, $db_user, $db_pwd))
    die("Can't connect to database");

if (!mysql_select_db($database))
    die("Can't select database");

$Domain="http://".$_SERVER['HTTP_HOST'];

/////////
$save_path=mysql_real_escape_string("upload/");

/////////
$file = mysql_real_escape_string($_FILES['userfile']);
$k = mysql_real_escape_string(count($file['name']));
for($i=0;$i< $k ;$i++)
{
if(isset($save_path) && $save_path!="")
{
  $random_digit=mysql_real_escape_string(rand(0000,9999999));



	$name = mysql_real_escape_string(split('/',$file['name'][$i]));


	$name = mysql_real_escape_string(str_replace("\\","",$name));


	$name = mysql_real_escape_string(str_replace("'","",$name));


	$name = mysql_real_escape_string(str_replace("","_",$name));


	$name = mysql_real_escape_string(str_replace(" ","_",$name));


	$name = mysql_real_escape_string(str_replace(".",$random_digit.".",$name));

  $name = mysql_real_escape_string(str_replace(".",$random_digit.".",$name));
  if(move_uploaded_file($file['tmp_name'][$i], $save_path .
$name[count($name)-1]))
  {
  
  //// download the file/////
  $finalfile.="<li><a
href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>";
  $list_files.="<li>".$name[count($name)-1]."</li>";
}
}
}


?>
<?php
$f_1 = mysql_real_escape_string($_FILES['userfile[0]']['name']) ;
$f_2 = mysql_real_escape_string($_FILES['file2']['name']) ;
$f_3 = mysql_real_escape_string($_FILES['file3']['name']) ;
$f_4 = mysql_real_escape_string($_FILES['file4']['name']) ;
$f_5 = mysql_real_escape_string($_FILES['file5']['name']) ;
$f_6 = mysql_real_escape_string($_FILES['file6']['name']) ;
$f_7 = mysql_real_escape_string($_FILES['file7']['name']) ;
$f_8 = mysql_real_escape_string($_FILES['file8']['name']) ;
$f_9 = mysql_real_escape_string($_FILES['file9']['name']) ;
$f_10 = mysql_real_escape_string($_FILES['file10']['name']) ;
$f_11 = mysql_real_escape_string($_FILES['file11']['name']) ;
$f_12 = mysql_real_escape_string($_FILES['file12']['name']) ;
$f_13 = mysql_real_escape_string($_FILES['file13']['name']) ;
$f_14 = mysql_real_escape_string($_FILES['file14']['name']) ;
$f_15 = mysql_real_escape_string($_FILES['file15']['name']) ;
$f_16 = mysql_real_escape_string($_FILES['file16']['name']) ;
$f_17 = mysql_real_escape_string($_FILES['file17']['name']) ;
$f_18 = mysql_real_escape_string($_FILES['file18']['name']) ;
$f_19 = mysql_real_escape_string($_FILES['file19']['name']) ;
$f_20 = mysql_real_escape_string($_FILES['file20']['name']) ;
$customer = mysql_real_escape_string($_POST['customer']);
$company = mysql_real_escape_string($_POST['company']);
$address = mysql_real_escape_string($_POST['address']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip_code = mysql_real_escape_string($_POST['zip_code']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$fax = mysql_real_escape_string($_POST['fax']);
$type2 = mysql_real_escape_string($_POST['type2']);
$type3 = mysql_real_escape_string($_POST['type3']);
$burnish = mysql_real_escape_string($_POST['burnish']);
$chromate = mysql_real_escape_string($_POST['chromate']);
$hex = mysql_real_escape_string($_POST['hex']);
$impregnation = mysql_real_escape_string($_POST['impregnation']);
$strip = mysql_real_escape_string($_POST['strip']);
$part = mysql_real_escape_string($_POST['part']);
$description = mysql_real_escape_string($_POST['description']);
$alloy = mysql_real_escape_string($_POST['alloy']);
$quantity = mysql_real_escape_string($_POST['quantity']);
$spec = mysql_real_escape_string($_POST['spec']);
$color = mysql_real_escape_string($_POST['color']);
$repeat_customer = mysql_real_escape_string($_POST['repeat_customer']);
$isearch = mysql_real_escape_string($_POST['isearch']);
$internet_directory = mysql_real_escape_string($_POST['internet_directory']);
$referral = mysql_real_escape_string($_POST['referral']);
$yellow_pages = mysql_real_escape_string($_POST['yellow_pages']);
$trade = mysql_real_escape_string($_POST['trade']);
$other = mysql_real_escape_string($_POST['other']);
$notes = mysql_real_escape_string($_POST['notes']);
mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes,finalfile) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes','$finalfile')") or die(mysql_error());
?>

[trq]

Yeah, split returns an array, while mysql_real_esacpe_string() expects a string.

[sandbudd]

thanks thorpe I changed back to this and still get the same error?

Fatal error: Cannot use string offset as an array in /home/anodizi/public_html/rfq/test2.php on line 37

 

<?php

$db_host = ''; 
$db_user = ''; 
$db_pwd = '';

$database = '';
$table = '';






if (!mysql_connect($db_host, $db_user, $db_pwd))
    die("Can't connect to database");

if (!mysql_select_db($database))
    die("Can't select database");

$Domain="http://".$_SERVER['HTTP_HOST'];

/////////
$save_path=mysql_real_escape_string("upload/");

/////////
$file = mysql_real_escape_string($_FILES['userfile']);
$k = mysql_real_escape_string(count($file['name']));
for($i=0;$i< $k ;$i++)
{
if(isset($save_path) && $save_path!="")
{
  $random_digit=mysql_real_escape_string(rand(0000,9999999));



	$name = split('/',$file['name'][$i]);


	$name = str_replace("\\","",$name);


	$name = str_replace("'","",$name);


	$name = str_replace("","_",$name);


	$name = str_replace(" ","_",$name);


	$name = str_replace(".",$random_digit.".",$name);

  $name = str_replace(".",$random_digit.".",$name);
  if(move_uploaded_file($file['tmp_name'][$i], $save_path .
$name[count($name)-1]))
  {
  
  //// download the file/////
  $finalfile.="<li><a
href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>";
  $list_files.="<li>".$name[count($name)-1]."</li>";
}
}
}


?>
<?php
$f_1 = mysql_real_escape_string($_FILES['userfile[0]']['name']) ;
$f_2 = mysql_real_escape_string($_FILES['file2']['name']) ;
$f_3 = mysql_real_escape_string($_FILES['file3']['name']) ;
$f_4 = mysql_real_escape_string($_FILES['file4']['name']) ;
$f_5 = mysql_real_escape_string($_FILES['file5']['name']) ;
$f_6 = mysql_real_escape_string($_FILES['file6']['name']) ;
$f_7 = mysql_real_escape_string($_FILES['file7']['name']) ;
$f_8 = mysql_real_escape_string($_FILES['file8']['name']) ;
$f_9 = mysql_real_escape_string($_FILES['file9']['name']) ;
$f_10 = mysql_real_escape_string($_FILES['file10']['name']) ;
$f_11 = mysql_real_escape_string($_FILES['file11']['name']) ;
$f_12 = mysql_real_escape_string($_FILES['file12']['name']) ;
$f_13 = mysql_real_escape_string($_FILES['file13']['name']) ;
$f_14 = mysql_real_escape_string($_FILES['file14']['name']) ;
$f_15 = mysql_real_escape_string($_FILES['file15']['name']) ;
$f_16 = mysql_real_escape_string($_FILES['file16']['name']) ;
$f_17 = mysql_real_escape_string($_FILES['file17']['name']) ;
$f_18 = mysql_real_escape_string($_FILES['file18']['name']) ;
$f_19 = mysql_real_escape_string($_FILES['file19']['name']) ;
$f_20 = mysql_real_escape_string($_FILES['file20']['name']) ;
$customer = mysql_real_escape_string($_POST['customer']);
$company = mysql_real_escape_string($_POST['company']);
$address = mysql_real_escape_string($_POST['address']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip_code = mysql_real_escape_string($_POST['zip_code']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$fax = mysql_real_escape_string($_POST['fax']);
$type2 = mysql_real_escape_string($_POST['type2']);
$type3 = mysql_real_escape_string($_POST['type3']);
$burnish = mysql_real_escape_string($_POST['burnish']);
$chromate = mysql_real_escape_string($_POST['chromate']);
$hex = mysql_real_escape_string($_POST['hex']);
$impregnation = mysql_real_escape_string($_POST['impregnation']);
$strip = mysql_real_escape_string($_POST['strip']);
$part = mysql_real_escape_string($_POST['part']);
$description = mysql_real_escape_string($_POST['description']);
$alloy = mysql_real_escape_string($_POST['alloy']);
$quantity = mysql_real_escape_string($_POST['quantity']);
$spec = mysql_real_escape_string($_POST['spec']);
$color = mysql_real_escape_string($_POST['color']);
$repeat_customer = mysql_real_escape_string($_POST['repeat_customer']);
$isearch = mysql_real_escape_string($_POST['isearch']);
$internet_directory = mysql_real_escape_string($_POST['internet_directory']);
$referral = mysql_real_escape_string($_POST['referral']);
$yellow_pages = mysql_real_escape_string($_POST['yellow_pages']);
$trade = mysql_real_escape_string($_POST['trade']);
$other = mysql_real_escape_string($_POST['other']);
$notes = mysql_real_escape_string($_POST['notes']);
mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes,finalfile) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes','$finalfile')") or die(mysql_error());
?>

[sandbudd]

wow added error_reporting(E_ALL); and get all this now? 

 

Notice: Undefined index: userfile in /home/anodizi/public_html/rfq/test2.php on line 29

 

Notice: Undefined index: userfile[0] in /home/anodizi/public_html/rfq/test2.php on line 72

 

Notice: Undefined index: type2 in /home/anodizi/public_html/rfq/test2.php on line 101

 

Notice: Undefined index: type3 in /home/anodizi/public_html/rfq/test2.php on line 102

 

Notice: Undefined index: burnish in /home/anodizi/public_html/rfq/test2.php on line 103

 

Notice: Undefined index: chromate in /home/anodizi/public_html/rfq/test2.php on line 104

 

Notice: Undefined index: hex in /home/anodizi/public_html/rfq/test2.php on line 105

 

Notice: Undefined index: impregnation in /home/anodizi/public_html/rfq/test2.php on line 106

 

Notice: Undefined index: strip in /home/anodizi/public_html/rfq/test2.php on line 107

 

Notice: Undefined index: repeat_customer in /home/anodizi/public_html/rfq/test2.php on line 114

 

Notice: Undefined index: isearch in /home/anodizi/public_html/rfq/test2.php on line 115

 

Notice: Undefined index: yellow_pages in /home/anodizi/public_html/rfq/test2.php on line 118

 

Notice: Undefined variable: finalfile in /home/anodizi/public_html/rfq/test2.php on line 122

 

 

 

<?php
error_reporting(E_ALL);
?>
<?php
$db_host = '';
$db_user = ''; 
$db_pwd = '';

$database = '';
$table = '';






if (!mysql_connect($db_host, $db_user, $db_pwd))
    die("Can't connect to database");

if (!mysql_select_db($database))
    die("Can't select database");

$Domain="http://".$_SERVER['HTTP_HOST'];

/////////
$save_path="upload/";

/////////
$file = $_FILES['userfile'];
$k = count($file['name']);
for($i=0;$i< $k ;$i++)
{
if(isset($save_path) && $save_path!="")
{
  $random_digit=rand(0000,9999999);



	$name = split('/',$file['name'][$i]);


	$name = str_replace("\\","",$name);


	$name = str_replace("'","",$name);


	$name = str_replace("","_",$name);


	$name = str_replace(" ","_",$name);


	$name = str_replace(".",$random_digit.".",$name);

  $name = str_replace(".",$random_digit.".",$name);
  if(move_uploaded_file($file['tmp_name'][$i], $save_path .
$name[count($name)-1]))
  {
  
  //// download the file/////
  $finalfile.="<li><a
href='".$Domain."/rfq/upload/"."download.php?f=".$name[count($name)-1]."'>".$name[count($name)-1]."</a></li>";
  $list_files.="<li>".$name[count($name)-1]."</li>";
}
}
}


?>
<?php
$f_1 = mysql_real_escape_string($_FILES['userfile[0]']['name']) ;
$f_2 = mysql_real_escape_string($_FILES['file2']['name']) ;
$f_3 = mysql_real_escape_string($_FILES['file3']['name']) ;
$f_4 = mysql_real_escape_string($_FILES['file4']['name']) ;
$f_5 = mysql_real_escape_string($_FILES['file5']['name']) ;
$f_6 = mysql_real_escape_string($_FILES['file6']['name']) ;
$f_7 = mysql_real_escape_string($_FILES['file7']['name']) ;
$f_8 = mysql_real_escape_string($_FILES['file8']['name']) ;
$f_9 = mysql_real_escape_string($_FILES['file9']['name']) ;
$f_10 = mysql_real_escape_string($_FILES['file10']['name']) ;
$f_11 = mysql_real_escape_string($_FILES['file11']['name']) ;
$f_12 = mysql_real_escape_string($_FILES['file12']['name']) ;
$f_13 = mysql_real_escape_string($_FILES['file13']['name']) ;
$f_14 = mysql_real_escape_string($_FILES['file14']['name']) ;
$f_15 = mysql_real_escape_string($_FILES['file15']['name']) ;
$f_16 = mysql_real_escape_string($_FILES['file16']['name']) ;
$f_17 = mysql_real_escape_string($_FILES['file17']['name']) ;
$f_18 = mysql_real_escape_string($_FILES['file18']['name']) ;
$f_19 = mysql_real_escape_string($_FILES['file19']['name']) ;
$f_20 = mysql_real_escape_string($_FILES['file20']['name']) ;
$customer = mysql_real_escape_string($_POST['customer']);
$company = mysql_real_escape_string($_POST['company']);
$address = mysql_real_escape_string($_POST['address']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip_code = mysql_real_escape_string($_POST['zip_code']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
$fax = mysql_real_escape_string($_POST['fax']);
$type2 = mysql_real_escape_string($_POST['type2']);
$type3 = mysql_real_escape_string($_POST['type3']);
$burnish = mysql_real_escape_string($_POST['burnish']);
$chromate = mysql_real_escape_string($_POST['chromate']);
$hex = mysql_real_escape_string($_POST['hex']);
$impregnation = mysql_real_escape_string($_POST['impregnation']);
$strip = mysql_real_escape_string($_POST['strip']);
$part = mysql_real_escape_string($_POST['part']);
$description = mysql_real_escape_string($_POST['description']);
$alloy = mysql_real_escape_string($_POST['alloy']);
$quantity = mysql_real_escape_string($_POST['quantity']);
$spec = mysql_real_escape_string($_POST['spec']);
$color = mysql_real_escape_string($_POST['color']);
$repeat_customer = mysql_real_escape_string($_POST['repeat_customer']);
$isearch = mysql_real_escape_string($_POST['isearch']);
$internet_directory = mysql_real_escape_string($_POST['internet_directory']);
$referral = mysql_real_escape_string($_POST['referral']);
$yellow_pages = mysql_real_escape_string($_POST['yellow_pages']);
$trade = mysql_real_escape_string($_POST['trade']);
$other = mysql_real_escape_string($_POST['other']);
$notes = mysql_real_escape_string($_POST['notes']);
mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes,finalfile) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes','$finalfile')") or die(mysql_error());
?>

[sandbudd]

hey guys got this working it uploads the file and displays it in the database...here is the problem I know that I need to put in some thing like this

 

	$name = split('/',$file['name'][$i]);


	$name = str_replace("\\","",$name);


	$name = str_replace("'","",$name);


	$name = str_replace("","_",$name);


	$name = str_replace(" ","_",$name);


	$name = str_replace(".",$random_digit.".",$name);

  $name = str_replace(".",$random_digit.".",$name);
  if(move_uploaded_file($file['tmp_name'][$i], $save_path .
$name[count($name)-1]))

 

Here is the complete code that is working...

 

I hope someone can help me please.

 

<?php

$db_host = ''; 
$db_user = '; 
$db_pwd = '';

$database = '';
$table = '';

if (!mysql_connect($db_host, $db_user, $db_pwd))
    die("Can't connect to database");

if (!mysql_select_db($database))
    die("Can't select database");

$dest = 'upload/';

if(isset($_FILES) && !empty($_FILES) && is_array($_FILES))
{
    foreach($_FILES as $file)
    {
        $upload_msg[$file['name']] = move_upload($file, $dest);
    }
}
function move_upload( $file, $dest, $overwrite = false )
    {
        $upload_feedback = '';
        if ($file["error"] == UPLOAD_ERR_OK)
       
        {
            if(!file_exists( $dest.$file["name"] ) || $overwrite)
            {
                if(move_uploaded_file( $file["tmp_name"], $dest.$file["name"] ))
                {
                    $upload_feedback .= "The file " . $file["name"] . " was successfully uploaded";
                    $error            = FALSE;
                }
                else
                {
                    $upload_feedback .= "The file " . $file["name"] . " could not be moved";
                    $error            = TRUE;
                }
            }
            else
            {
                $upload_feedback .= "The file " . $file["name"] . " already exists, please check the overwrite option if you wish to replace it";
                $error            = TRUE;
            }
        }
        else
        {
            switch ($file["error"])
            {
                case UPLOAD_ERR_INI_SIZE:
                case UPLOAD_ERR_FORM_SIZE:
                    $upload_feedback .= "The file " . $file["name"] . " is to large to be uploaded<br />";
                    $error            = TRUE;
                break;

                case UPLOAD_ERR_PARTIAL:
                    $upload_feedback .= "The file" . $file["name"] . " was interrupted while uploading, please try again<br />";
                    $error            = TRUE;
                break;
            }
        }

        return array( "error" => $error, "feedback" => $upload_feedback ); //return message plus error status
    }


?>
<?php
$f_1 = $_FILES['file1']['name'] ;
$f_2 = $_FILES['file2']['name'] ;
$f_3 = $_FILES['file3']['name'] ;
$f_4 = $_FILES['file4']['name'] ;
$f_5 = $_FILES['file5']['name'] ;
$f_6 = $_FILES['file6']['name'] ;
$f_7 = $_FILES['file7']['name'] ;
$f_8 = $_FILES['file8']['name'] ;
$f_9 = $_FILES['file9']['name'] ;
$f_10 = $_FILES['file10']['name'] ;
$f_11 = $_FILES['file11']['name'] ;
$f_12 = $_FILES['file12']['name'] ;
$f_13 = $_FILES['file13']['name'] ;
$f_14 = $_FILES['file14']['name'] ;
$f_15 = $_FILES['file15']['name'] ;
$f_16 = $_FILES['file16']['name'] ;
$f_17 = $_FILES['file17']['name'] ;
$f_18 = $_FILES['file18']['name'] ;
$f_19 = $_FILES['file19']['name'] ;
$f_20 = $_FILES['file20']['name'] ;
$customer = $_POST['customer'];
$company = $_POST['company'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip_code = $_POST['zip_code'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$type2 = $_POST['type2'];
$type3 = $_POST['type3'];
$burnish = $_POST['burnish'];
$chromate = $_POST['chromate'];
$hex = $_POST['hex'];
$impregnation = $_POST['impregnation'];
$strip = $_POST['strip'];
$part = $_POST['part'];
$description = $_POST['description'];
$alloy = $_POST['alloy'];
$quantity = $_POST['quantity'];
$spec = $_POST['spec'];
$color = $_POST['color'];
$repeat_customer = $_POST['repeat_customer'];
$isearch = $_POST['isearch'];
$internet_directory = $_POST['internet_directory'];
$referral = $_POST['referral'];
$yellow_pages = $_POST['yellow_pages'];
$trade = $_POST['trade'];
$other = $_POST['other'];
$notes = $_POST['notes'];
mysql_query("INSERT INTO ae_gallery (image1,image2,image3,image4,image5,image6,image7,image8,image9,image10,image11,image12,image13,image14,image15,image16,image17,image18,image19,image20,customer,company,address,city,state,zip_code,email,phone,fax,type2,type3,burnish,chromate,hex,impregnation,strip,part,description,alloy,quantity,spec,color,repeat_customer,isearch,internet_directory,referral,yellow_pages,trade,other,notes) VALUES('$f_1','$f_2','$f_3','$f_4','$f_5','$f_6','$f_7','$f_8','$f_9','$f_10','$f_11','$f_12','$f_13','$f_14','$f_15','$f_16','$f_17','$f_18','$f_19','$f_20','$customer','$company','$address','$city','$state','$zip_code','$email','$phone','$fax','$type2','$type3','$burnish','$chromate','$hex','$impregnation','$strip','$part','$description','$alloy','$quantity','$spec','$color','$repeat_customer','$isearch','$internet_directory','$referral','$yellow_pages','$trade','$other','$notes')") or die(mysql_error());
?>

[sandbudd]

oops sorry when it displays the results in the database and if there is a space it does not thow the url complete?