Jump to content

Form Fun!

daebat

By daebat
in PHP Coding Help

 Share

Recommended Posts

daebat Member

daebat

Posted
Posted

Ok, I'm pretty new to php and I'm surprised I've made it this far...  what I have is a login system set up for the backend of a public website.  The person who logs in should be able to upload in the following manner:

 

Title: (text box)

Thumb: (image upload)

PDF: (file upload)

ZIP: (file upload)

SIT: (file upload)

 

Once this person submits, the files should upload to an uploads folder, the names should be stored in the database, and then the website should automatically pull the reference data from the database and display. 

 

At the moment I have successfully created an upload form that throws files into the upload directory.  What do I need to do to store the file names in the database?

 

(note: the current system only allows for one upload at a time)

 

<?php
$message = "";
$file_path = "path/upload/";

if($_SERVER["REQUEST_METHOD"] == "POST")
{
    $target_path = $file_path.basename($_FILES['uploadedfile']['name']); 

    if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) 
       $message = "The file ".  basename( $_FILES['uploadedfile']['name']). " has been uploaded";
    else
       $message =  "There was an error uploading the file, please try again!";
}
echo $message;
?>

<form enctype="multipart/form-data" action="<?= $_SERVER['PHP_SELF']?>" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: 
<input name="uploadedfile" type="file" />
<br />
<input type="submit" value="Upload File" />
</form>

 

Thanks for any help you can provide.

Link to comment
Share on other sites
RaythMistwalker Regular Member

RaythMistwalker

Posted
Posted 

<?php
$message = "";
$file_path = "path/upload/";
mysql_connect(localhost,username,password);
@mysql_select_db(DatabaseName) or die( "Unable to select database");

if($_SERVER["REQUEST_METHOD"] == "POST")
{
    $target_path = $file_path.basename($_FILES['uploadedfile']['name']); 

    if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) 
       $message = "The file ".  basename( $_FILES['uploadedfile']['name']). " has been uploaded";
    else
       $message =  "There was an error uploading the file, please try again!";
}
echo $message;
?>
$qry = "INSERT INTO tablename(filename) VALUES('$_FILES['uploadedfile']['name']')";
        $result = mysql_query($qry);
<form enctype="multipart/form-data" action="<?= $_SERVER['PHP_SELF']?>" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload:
<input name="uploadedfile" type="file" />
<br />
<input type="submit" value="Upload File" />
</form>

 

This should do it. just change database connect details and table name.

Link to comment
Share on other sites
RaythMistwalker Regular Member

RaythMistwalker

Posted
Posted

i just found an error in my code

<?php
$message = "";
$file_path = "path/upload/";
mysql_connect(localhost,username,password);
@mysql_select_db(DatabaseName) or die( "Unable to select database");

if($_SERVER["REQUEST_METHOD"] == "POST")
{
    $target_path = $file_path.basename($_FILES['uploadedfile']['name']); 

    if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) 
       $message = "The file ".  basename( $_FILES['uploadedfile']['name']). " has been uploaded";
    else
       $message =  "There was an error uploading the file, please try again!";
}
echo $message;

$qry = "INSERT INTO tablename(filename) VALUES('$_FILES['uploadedfile']['name']')";
        $result = mysql_query($qry);

?>

<form enctype="multipart/form-data" action="<?= $_SERVER['PHP_SELF']?>" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload:
<input name="uploadedfile" type="file" />
<br />
<input type="submit" value="Upload File" />
</form>

 

What do you mean by if statement? as long as i have the variable $_FILES['uploadedfile']['name'] as the filename you want to save in database then it should technically work. if you mean by checking if the name saved then you could do

 

if (!$result) { 
$message="Sorry filename not saved in database.";
}

Link to comment
Share on other sites
daebat Member

daebat

Posted
  • Author
Posted

It doesn't seem to recognize I'm getting a syntax error in Zend Development because my password has a '>' to connect to the db.  Like I said, I am new to php but I thought that to declare a connection to the database you had to say something like this:

 

$con = mysql_connect(localhost,username,password);
@mysql_select_db(DatabaseName) or die( "Unable to select database");

if ($con...

 

I've attached a screen shot of the code giving me an error.

 

[attachment deleted by admin]

Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted

@Rayth If you are to post code make sure it's correct:

 

}
echo $message;

$qry = "INSERT INTO tablename(filename) VALUES('$_FILES['uploadedfile']['name']')";
        $result = mysql_query($qry);

 

Insert empty records in the database on each request + yield warnings because it can not find offset 'uploadedfile' in the $_FILES array. The correct complete code should be:

 

<?php
$message = '';
$file_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'path' . DIRECTORY_SEPARATOR . 'upload'; // ../path/upload on linux, ..\path\upload on windows

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    $basename = basename($_FILES['uploadedfile']['name']);
    $extension = pathinfo($basename, PATHINFO_EXTENSION);
    $filename = md5($basename); // security measure
    $target_path = $file_path . DIRECTORY_SEPARATOR . $filename . '.' . $extension;
        
    if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
        $connection = mysql_connect('server', 'username', 'password') or trigger_error('Connection to the database server failed on \'server\' using \'username\'');
        mysql_select_db('mydatabase', $connection) or trigger_error('Failed to select database \'mydatabase\' on server \'server\'');
        
        $sql = "INSERT INTO table (name, uri, ..) VALUES ('$basename', '$target_path', ..)";
        mysql_query($sql, $connection) or trigger_error('Query execution failed: ' . PHP_EOL . $sql . PHP_EOL . 'MySQL Info: ' . PHP_EOL . mysql_error());
        
        $message = "The file $basename has been uploaded.";
    } else {
        $message =  'There was an error uploading the file, please try again!';
    }
}
echo $message;
?>

<form enctype="multipart/form-data" action="<?= $_SERVER['PHP_SELF']?>" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
<label for="uploadedfile">Choose a file to upload:</label>
<input name="uploadedfile" id="uploadedfile" type="file" />
<br />
<input type="submit" value="Upload File" />
</form>

 

Tips:

- Don't run the same operation over and over (eg basename($_FILES['uploadedfile']['name']))

- Use resources only when absolutly required (lazy)

- Use " only when you require the extra functionality (eg "\$variable value: $variable") use ' otherwise

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.