PHP Upload file field insert question

[adrianle]

I've got the standard PHP file up load functionality working properly. The problem is that while the other fields contained in the same upload form get INSERTed into mySQL properly as expected, the filename field does not.  everything LOOKS fine to me.. and all I can think of is that for some reason, the field TYPE (which is to say:  type="file") is the roadblock. Is there something in PHP that says "yes, I know you're a file to be uploaded, but I won't actually recognize the value in this field as something I can insert into the filename column".  ???? Help!

[Pikachu2000]

The problem is obviously on line 49.

[adrianle]

Hi.. sorry, not following. Are you making an obtuse comment suggesting that you would have preferred to see code of some sort? I really wasn't looking for something that in-depth, it was just a general question about the "file" field types...  I didn't want to load up a ton of code if this was a known "issue"..  Some guidance is appreciated.

[Pikachu2000]

It wasn't obtuse by any definition of the word. If you want help with your code, post the code within

 . . . 

tags. "The file name won't insert" could have many causes, and there's no point making it a guessing game for those who would try to help you.

[adrianle]

So here's the form field in question: 

 <form action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data" name="form1">
  <table width="500" border="0" cellspacing="0" cellpadding="4">
    <tr>
      <td>Choose Tag Image: </td>
      <td><input name="uploadedfile" type="file" /></td>
    </tr>
    <tr>...and the rest of the form code continues as normal

 

and here's the insert... the behavior is that the column that's supposed to take the value from "uploadedfile" is NULL after insert:

<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
		$theValue = ($theValue != "") ? "'" . date("Y-m-d",strtotime($theValue)) . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if (!isset($mm_abort_edit) || !$mm_abort_edit) {
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO TAGS (ImageName, `Description`, Difficulty, LM, BU, BM, MT, VPLUS, Short, Voice, Favorite, Added) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['uploadedfile'], "text"),
                       GetSQLValueString($_POST['Desc'], "text"),
                       GetSQLValueString($_POST['Difficulty'], "int"),
                       GetSQLValueString($_POST['LM'], "text"),
                       GetSQLValueString($_POST['BU'], "text"),
                       GetSQLValueString($_POST['BM'], "text"),
                       GetSQLValueString($_POST['MT'], "text"),
                       GetSQLValueString($_POST['VPLUS'], "text"),
                       GetSQLValueString($_POST['Short'], "text"),
                       GetSQLValueString($_POST['Voice'], "text"),
                       GetSQLValueString(isset($_POST['Favorite']) ? "true" : "", "defined","1","0"),
                       GetSQLValueString($_POST['Added'], "date"));

  mysql_select_db($database_DNSTags, $DNSTags);
  $Result1 = mysql_query($insertSQL, $DNSTags) or die(mysql_error());

  $insertGoTo = "list_tags_new.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}}
?>

[Pikachu2000]

The file name won't be in the $_POST array, it will be in the $_FILES array. You should also consider adding logic that checks whether $_FILES['uploadedfile']['error'] is anything other than 0 (zero) as that would indicate there was an error with the actual upload, and give you some insight as to what happened. More on file upload error codes here: http://www.php.net/manual/en/features.file-upload.errors.php

[adrianle]

Yes, I'm primarily just focusing on the INSERT right now and will deal with the actual UPLOAD portion once I get this fixed. So what changes to this INSERT would you recommend to be sure that filename gets inserted?

[Pikachu2000]

Did you make the change from $_POST to $_FILES for the filename?

[adrianle]

Yes, but then all that got inserted into the column was the word "Array"...

[Pikachu2000]

You're using $_FILES['uploadedfile']['name'] and 'Array' is being inserted?

[adrianle]

So the code $_FILES['uploadedfile']['name'] you mentioned isn't IN my INSERT code.. so I'm unsure where you're getting this from. It does exist in the upload portion of the code but i'm not there yet. I'm just trying to get the insert working.

[Pikachu2000]

I know it isn't there. What I am telling you is It needs to be, because that's the only place the file name will be found.

[adrianle]

Well I tried having the upload chunk in with the insert, and it DOES upload the file, but the filename is still null in the table.. 

 
$target_path = "tagImages/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}

 

...is what I'm using...

[Pikachu2000]

OK, what's the current code that handles the DB insert?

[adrianle]

Here's the entire chunk currently ... 

<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
		$theValue = ($theValue != "") ? "'" . date("Y-m-d",strtotime($theValue)) . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if (!isset($mm_abort_edit) || !$mm_abort_edit) {
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

  
  
$target_path = "tagImages/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded"; $uploaded_file = $target_path; // or $_FILES['uploadedfile']['name']


  $insertSQL = sprintf("INSERT INTO TAGS (ImageName, TagTitle, Difficulty, LM, BU, BM, MT, VPLUS, Short, Voice, Favorite, Added) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['uploadedfile'], "text"),
                       GetSQLValueString($_POST['TagTitle'], "text"),
                       GetSQLValueString($_POST['Difficulty'], "int"),
                       GetSQLValueString($_POST['LM'], "text"),
                       GetSQLValueString($_POST['BU'], "text"),
                       GetSQLValueString($_POST['BM'], "text"),
                       GetSQLValueString($_POST['MT'], "text"),
                       GetSQLValueString($_POST['VPLUS'], "text"),
                       GetSQLValueString($_POST['Short'], "text"),
                       GetSQLValueString($_POST['Voice'], "text"),
                       GetSQLValueString(isset($_POST['Favorite']) ? "true" : "", "defined","1","0"),
                       GetSQLValueString($_POST['Added'], "date"));

  mysql_select_db($database_DNSTags, $DNSTags);
  $Result1 = mysql_query($insertSQL, $DNSTags) or die(mysql_error());

} else{
    echo "There was an error uploading the file, please try again!";
}
  $insertGoTo = "list_tags_new.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}}
?>

[Pikachu2000]

You're still trying to get the file name for the DB insert from $_POST['uploadedfile'] here:

GetSQLValueString($_POST['uploadedfile'], "text"),

[adrianle]

Yup, just changed it to:

GetSQLValueString($_FILES['uploadedfile']['name'], "text"), 

and things are much happier now. THanks for the pointers..

[Pikachu2000]

Sure thing. Glad you got it worked out.