kelechi Posted March 17, 2015 Share Posted March 17, 2015 <?php error_reporting(E_ERROR | E_WARNING | E_PARSE); include("../Connections/Connect.php"); // this function is used to sanitize code against sql injection attack. function ms_escape_string($data) { if ( !isset($data) or empty($data) ) return ''; if ( is_numeric($data) ) return $data; $non_displayables = array( '/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15 '/%1[0-9a-f]/', // url encoded 16-31 '/[\x00-\x08]/', // 00-08 '/\x0b/', // 11 '/\x0c/', // 12 '/[\x0e-\x1f]/' // 14-31 ); foreach ( $non_displayables as $regex ) $data = preg_replace( $regex, '', $data ); $data = str_replace("'", "''", $data ); return $data; } // You may want to add document root $target = $_SERVER['DOCUMENT_ROOT']."/uploads"; // I am filtering the files incase there are empty uploads // You need to have the proper file input name (item) $_FILES['item']['tmp_name'] = array_filter($_FILES['item']['tmp_name']); $_FILES['item']['name'] = array_filter($_FILES['item']['name']); $_FILES['item']['type'] = array_filter($_FILES['item']['type']); $_FILES['item']['size'] = array_filter($_FILES['item']['size']); foreach($_FILES['item']['name'] as $i => $value ) { $file_name = $_FILES['item']['name'][$i]; $file_size = $_FILES['item']['size'][$i]; $file_tmp = $_FILES['item']['tmp_name'][$i]; $file_type = $_FILES['item']['type'][$i]; $bidDate = ms_escape_string($_POST['txtBidDate']); $dueDate = ms_escape_string($_POST['txtDueDate']); $dueTime = ms_escape_string($_POST['txtDueTime']); $bidTitle = ms_escape_string($_POST['BidTitle']); $bidId = ms_escape_string($_POST['BidID']); $desc = ms_escape_string($_POST['Description']); $dept = ms_escape_string($_POST['Department']); $bidContact = ms_escape_string($_POST['BidContact']); $contactEmail = ms_escape_string($_POST['ContactEmail']); $contactPhone = ms_escape_string($_POST['ContactPhone']); $numBids = ms_escape_string($_POST['NumofBids']); $awardDate = ms_escape_string($_POST['txtAwardDate']); $awardrecip1 = ms_escape_string($_POST['AwardRecip']); $bidType = ms_escape_string($_POST['BidType']); $lastUpdate = ms_escape_string($_POST['txtLastUpdate']); $notes = ms_escape_string($_POST['Notes']); $status = ms_escape_string($_POST['Status']); $sqlArr['values'][$i] = "'".ms_escape_string($_FILES['item']['name'][$i])."'"; $sqlArr['columns'][$i] = "Addend".$i; $sqlArr['columns'] = "SignInSheet"; $sqlArr['columns'] = "TabSheet"; $sqlArr['columns'] = "BidFile"; // At this point you are only notifying user. // You have no code to prevent this limitation. if ($file_type!="application/pdf" || $file_type!="image/gif" || $file_type!="image/jpeg") $echo = 'You can only upload PDFs, JPEGs or GIF files.<br>'; // So far, this is just for notification, you haven't // actually done anything about this limitation if($file_size > (8 * 1024 * 1024)) $echo='File size must be less than 8 MB'; // Makes the folder if not already made. if(!is_dir($target)) mkdir($target,0755,true); //Writes the files to the server if(move_uploaded_file($_FILES['item']['tmp_name'][$i], $target."/".$file_name)) { //If all is ok echo "The file ". $file_name. " has been uploaded to the directory and records saved to the database"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } } if(isset($sqlArr['columns'])) { $sql="INSERT INTO bids (BidDate,DueDate,DueTime,BidTitle,BidID,Description,,'".implode("','",$sqlArr['columns'])."',Department,Xcontract,ContactEmail,ContactPhone,NumofBids,AwardDate,AwardRecip1,BidType,LastUpdate,Notes,BidStatus) VALUES ('$bidDate', '$dueDate','$dueTime',$bidTitle','$bidId','$desc',".implode(",",$sqlArr['values']).", '$dept','$bidContact','$contactEmail','$contactPhone','$numBids','$awardDate','$awardrecip1','$bidType','$lastUpdate','$notes',$status')" ; $objQuery = sqlsrv_query($conn, $sql); sqlsrv_close($conn); } ?> php Hi again, The following code is supposed to upload atleast one file or as many as 9 files to the upload folder called uploads and then save the rest of the data to the database. When I run the code, I get my custom message that file(s) successfully uploaded to the folder and records successfully saved to the database. When I check the db, no records. When I check the folder, no files. I have verified that folder has proper permission and that form has POST method with encype attributes. When I debugged the insert code, I see one major problem. Addend should be Addend1 through Addend6. Then three others called SignInSheet, TabSheet and BidFile. Instead, the INSERT statement shows Addend0 as well as Addend8. I a .net guy and got over my head unfortunately by accepting to do php project and this part is a bit over my head. Your kind help is greatly appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/295305-code-uploads-to-the-folder-but-no-file-in-folder/ Share on other sites More sharing options...
QuickOldCar Posted March 17, 2015 Share Posted March 17, 2015 Tried the upload portion on 2 different servers, it made the directory and also uploaded 2 different files. Double check permissions. check that file uploads is enabled in php.ini file_uploads = On Quote Link to comment https://forums.phpfreaks.com/topic/295305-code-uploads-to-the-folder-but-no-file-in-folder/#findComment-1508281 Share on other sites More sharing options...
kelechi Posted March 17, 2015 Author Share Posted March 17, 2015 (edited) $file_name = $_FILES['item']['name'][$i]; $file_size = $_FILES['item']['size'][$i]; $file_tmp = $_FILES['item']['tmp_name'][$i]; $file_type = $_FILES['item']['type'][$i]; $sqlArr['values'][$i] = "'".ms_escape_string($_FILES['item']['name'][$i])."'"; $sqlArr['columns'][$i] = "Addend".$i; $sqlArr['columns'][] = "SignInSheet"; $sqlArr['columns'][] = "TabSheet"; $sqlArr['columns'][] = "BidFile"; Ok, good to know this. Thanks very much. However, I still need help figuring out this last part. Please bolded lines: When I debug the INSERT statement, I see that the code is trying to insert Addend to the database incorrectly. For instance, Here are the following file names on the database: BidFile, Addend has Addend1, Addend2, Addend3, Addend4, Addend5, Addend6, SignInSheet, and TabSheet. These are files that need to be uploaded to the server and their filenames saved to the database. When I debug the INSERT statement, it treats BidFile, which is the first one, as Addend0 and treats TabSheet which is the last file to be uploaded as Addend8. That's wrong and because of this nothing is getting inserted into the database. Can anyone please help? Edited March 17, 2015 by kelechi Quote Link to comment https://forums.phpfreaks.com/topic/295305-code-uploads-to-the-folder-but-no-file-in-folder/#findComment-1508304 Share on other sites More sharing options...
kelechi Posted March 17, 2015 Author Share Posted March 17, 2015 $sql="INSERT INTO mytable(BidFile,'".implode("','",$sqlArr['columns'])."',SignInSheet,TabSheet) VALUES('$bidFile',".implode(",",$sqlArr['values']).",'$signSheet','$tabSheet') and rest of the fields. //Then declaration: $bidFile = "'".ms_escape_string($_FILES['BidFile']['name'])."'"; $sqlArr['values'][$i] = "'".ms_escape_string($_FILES['item']['name'][$i])."'"; $sqlArr['columns'][$i] = "Addend".$i; $signSheet = "'".ms_escape_string($_FILES['SignInSheet']['name'])."'"; $tabSheet = "'".ms_escape_string($_FILES['TabSheet']['name'])."'"; UPDATE: I was able to separate the files and everything seems to be in sync. For instance, now, I have the following insert statement above. Now, the files being uploaded match up with files saved to the database. *ONLY* thing left now is to get Addend to start at position 1 as opposed to 0. So, I know php like most scripting languages have array start at index 0 but how can I get Addend to start at 1 instead of 0? For instance, instead of Addend0, it starts at Addend1. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/295305-code-uploads-to-the-folder-but-no-file-in-folder/#findComment-1508313 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.