kamal213 Posted September 6, 2011 Share Posted September 6, 2011 Hi Guys I have this PHP Upload Scripts below which uploads file of customers into the customers folder and at the same time inserts the file path into the database. The problems is for name like O'hare or O'neil its uploads into the customers folder but does not insert the file path into the database - probably because of the " ' " apostrophe From the code below is there anyway I can deal with this issue? Thanks alot <?php //This php block of code will takecare of inserting the upload variables into the db if(isset($_POST['submitbutton'])) { $target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/'; $target_path = $target_path . basename( $_FILES['upload']['name']); $manager= mysql_real_escape_string($_POST['username']); $upload = $_FILES['upload']['name']; $check_id = mysql_real_escape_string($_POST['id']); $submitbutton= mysql_real_escape_string($_POST['submitbutton']); if($submitbutton) { if($manager&&$upload) { if (file_exists($target_path)) { echo $_FILES["upload"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path); echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"]; $insert=mysql_query("INSERT INTO img_up (username,upload,id,target_path,img_date) VALUES ('$manager','$upload','$check_id','$target_path', now()) "); // Where the file is going to be placed $target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/'; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['upload']['name']); $target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/'; $target_path = $target_path . basename( $_FILES['upload']['name']); if (file_exists($target_path)) { echo $_FILES["upload"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path); echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"]; } } } else { echo "There was an error uploading the file, please try again!"; } } header("location: mainupload_complete.php?id=$check_id"); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/ Share on other sites More sharing options...
AyKay47 Posted September 6, 2011 Share Posted September 6, 2011 yes it will cut the string prematurely.. I would use str_replace() to remove apostrophes from the file name.. Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265937 Share on other sites More sharing options...
kamal213 Posted September 6, 2011 Author Share Posted September 6, 2011 Thanks for getting back would it be $upload = str_replace(); and also would I have to set parameters for the str_replace() such as 'str_replace("'")' Thanks Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265940 Share on other sites More sharing options...
AyKay47 Posted September 6, 2011 Share Posted September 6, 2011 $upload = $_FILES['upload']['name']; $upload = str_replace("'","",$upload); Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265944 Share on other sites More sharing options...
kamal213 Posted September 6, 2011 Author Share Posted September 6, 2011 I have included it just as shown below but it doesnt seem to work am obviously doin something wrong. <?php //This php block of code will takecare of inserting the upload variables into the db if(isset($_POST['submitbutton'])) { $target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/'; $target_path = $target_path . basename( $_FILES['upload']['name']); $manager= mysql_real_escape_string($_POST['username']); $upload = $_FILES['upload']['name']; $upload = str_replace("'","",$upload); $check_id = mysql_real_escape_string($_POST['id']); $submitbutton= mysql_real_escape_string($_POST['submitbutton']); if($submitbutton) { if($manager&&$upload) { if (file_exists($target_path)) { echo $_FILES["upload"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path); echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"]; $insert=mysql_query("INSERT INTO img_up (username,upload,id,target_path,img_date) VALUES ('$manager','$upload','$check_id','$target_path', now()) "); // Where the file is going to be placed $target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/'; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['upload']['name']); $target_path = 'customerUploads/' . $check_id . ', ' . $c_name . '/'; $target_path = $target_path . basename( $_FILES['upload']['name']); if (file_exists($target_path)) { echo $_FILES["upload"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["upload"]["tmp_name"],$target_path); echo "Stored in: " . 'customerUploads/' . $check_id . ', ' . $c_name . '/' . $_FILES["upload"]["name"]; } } } else { echo "There was an error uploading the file, please try again!"; } } header("location: mainupload_complete.php?id=$check_id"); } ?>[/code[] Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265948 Share on other sites More sharing options...
AyKay47 Posted September 6, 2011 Share Posted September 6, 2011 what exactly is going wrong Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265952 Share on other sites More sharing options...
kamal213 Posted September 6, 2011 Author Share Posted September 6, 2011 It Works Now I had to do the same with the Target path.. i.e $target_path = str_replace("'","",$target_path); Thanks alot you saved da day Problem solved Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265953 Share on other sites More sharing options...
Pikachu2000 Posted September 6, 2011 Share Posted September 6, 2011 Post the markup for the form also. Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265956 Share on other sites More sharing options...
Pikachu2000 Posted September 6, 2011 Share Posted September 6, 2011 Never mind the form markup. You aren't escaping the file path variable before using it in the db query. You need to escape all form data before using it in a query string. Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265966 Share on other sites More sharing options...
kamal213 Posted September 6, 2011 Author Share Posted September 6, 2011 Why do I need2 do this? Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265971 Share on other sites More sharing options...
Pikachu2000 Posted September 6, 2011 Share Posted September 6, 2011 You mean besides the fact that not escaping strings leaves you open to SQL injection? Because obviously not doing so breaks the query when there's a quote in a string. Quote Link to comment https://forums.phpfreaks.com/topic/246540-php-upload-problem-apostrophe/#findComment-1265972 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.