Uploading image and saving file to mysql.

[btr4]

So, I'm trying to get a file to upload to a location, and then put the file name into a corresponding table in mysql.

 

Code is as follows:

<?php

/* Where the file is going to be placed */
$target_path = "../images/";

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['staffpic']['name']); 

$target_path = "../images/";

$target_path = $target_path . basename( $_FILES['staffpic']['name']); 

if(move_uploaded_file($_FILES['staffpic']['tmp_name'], $target_path)) {


require_once('../Connections/hcc.php');
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE cms_staff SET staffname=%s, staffbio=%s, staffpos=%s WHERE staffid=%s",
                       GetSQLValueString($_FILES['staffpic']['name'], "text"),
                       GetSQLValueString($_POST['staffid'], "int"));

  mysql_select_db($database_hcc, $hcc);
  $Result1 = mysql_query($updateSQL, $hcc) or die(mysql_error());

  $updateGoTo = "staff_cp.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: staff_cp.php", $updateGoTo));
}

$colname_rsStaff = "-1";
if (isset($_GET['id'])) {
  $colname_rsStaff = $_GET['id'];
}
mysql_select_db($database_hcc, $hcc);
$query_rsStaff = sprintf("SELECT * FROM cms_staff WHERE staffid = %s", GetSQLValueString($colname_rsStaff, "int"));
$rsStaff = mysql_query($query_rsStaff, $hcc) or die(mysql_error());
$row_rsStaff = mysql_fetch_assoc($rsStaff);
$totalRows_rsStaff = mysql_num_rows($rsStaff);
} else{
    echo "There was an error uploading the file, please try again!";
}

?>

 

This will upload the file, and place it into the proper folder. After that, I get a blank screen, and the file name will not be put into the table.

 

Any help?

[btr4]

Update:

 

I changed the code, and the file still uploads to the right location, though the filename is still not put into the database. This time, however, I do receive the error : "There was an error uploading the file, please try again!", which is defined by the final else statement.

 

Code:

<?php

/* Where the file is going to be placed */
$target_path = "../images/";

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['staffpic']['name']); 

$target_path = "../images/";

$target_path = $target_path . basename( $_FILES['staffpic']['name']); 

$filename = $_FILES['staffpic']['name'];

move_uploaded_file($_FILES['staffpic']['tmp_name'], $target_path) ;

require_once('../Connections/hcc.php');
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_rsStaff = "-1";
if (isset($_GET['id'])) {
  $colname_rsStaff = $_GET['id'];
}
mysql_select_db($database_hcc, $hcc);
$query_rsStaff = sprintf("SELECT * FROM cms_staff WHERE staffid = %s", GetSQLValueString($colname_rsStaff, "int"));
$rsStaff = mysql_query($query_rsStaff, $hcc) or die(mysql_error());
$row_rsStaff = mysql_fetch_assoc($rsStaff);
$totalRows_rsStaff = mysql_num_rows($rsStaff);

if ((isset($_POST["submit"])) && ($_POST["submit"] == "form1")) {
  $updateSQL = sprintf("UPDATE cms_staff SET staffpic='$filename' WHERE staffid=%s",
                       GetSQLValueString($_POST['staffid'], "int"));

  mysql_select_db($database_hcc, $hcc);
  $Result1 = mysql_query($updateSQL, $hcc) or die(mysql_error());

  $updateGoTo = "staff_cp.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: staff_cp.php", $updateGoTo));
} else{
    echo "There was an error uploading the file, please try again!";
}

?>

 

I would appreciate any and all help. I feel like this script is very close to completion.

[btr4]

Solved it, thanks for the help.