Problem with upload file into database

[nicedad]

Hello folks,

I want to upload a file into DB unfortunately, my code writes only the name of the file and dose not submit the file itself into the DB (see attached image)
I changed the field type to INT as well as VARCHAR but the same problem occurred.
is there any preferred data type for files data type, what the cause of this problem?
thanks,

 

here are the files,

 

 

insert.php

<table width="300" border="0" align="left" cellpadding="0" cellspacing="1">
	<br></br>
<tr>
<td><form name="form1" method="post" action="insert_ac.php">
<table width="100%" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Insert Data Into mySQL Database </strong></td>
</tr>

<tr>
<td width="71">Name</td>
<td width="6">:</td>
<td width="301"><input name="name" type="text" id="name"></td>
</tr>

<tr>
<td width="71">Geburtstag</td>
<td width="6">:</td>
<td width="301"><input name="geburtstag" type="text" id="Geburtstag"></td>
</tr>


<tr>
<td width="71">Staat</td>
<td width="6">:</td>
<td width="301"><input name="staat" type="text" id="staat"></td>
</tr>

<tr>
<td width="71">Permit</td>
<td width="6">:</td>
<td width="301"><input name="permit" type="text" id="permit"></td>
</tr>

<tr>
<td width="71">Kontaktdatils</td>
<td width="6">:</td>
<td width="301"><input name="contact" type="text" id="contact"></td>
</tr>

<tr>
<td width="71">Gemeinde</td>
<td width="6">:</td>
<td width="301"><input name="gemeinde" type="text" id="gemeinde"></td>
</tr>

<tr>
<td width="71">Beruf</td>
<td width="6">:</td>
<td width="301"><input name="beruf" type="text" id="beruf"></td>
</tr>


<tr>
<!--<td width="71">Erfahrung</td>
<td width="6">:</td>
<td width="301"><input name="erfahrung" type="text" id="erfahrung"></td>
</tr>

<tr>
<td colspan="3" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
 !-->
</table> 
<br>

<div id="body">
	<form action="upload.php" method="post" enctype="multipart/form-data">
	<input type="file" name="file" />
	<button type="submit" name="btn-upload">upload</button>
	</form>
    <br /><br />
    <?php
	if(isset($_GET['success']))
	{
		?>
        <label>File Uploaded Successfully...  <a href="view.php">click here to view file.</a></label>
        <?php
	}
	else if(isset($_GET['fail']))
	{
		?>
        <label>Problem While File Uploading !</label>
        <?php
	}
	else
	{
		?>
        <label>Try to upload any files(PDF, DOC, EXE, VIDEO, MP3, ZIP,etc...)</label>
        <?php
	}
	?>
</div>

</div>

</form>
</td>
</tr>
</table>

insert_ac.php

<?php
error_reporting(0);
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="work"; // Database name
$tbl_name="worker3"; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$name=$_POST['name'];
$geburtstag=$_POST['geburtstag'];
$staat=$_POST['staat'];
$permit=$_POST['permit'];
$contact=$_POST['contact'];
$gemeinde=$_POST['gemeinde'];
$beruf=$_POST['beruf'];
$erfahrung=$_POST['file'];



$sql="INSERT INTO $tbl_name(name, Geburtstag, Staat, Permit, Kontaktdetails, Gemeinde, Beruf, Erfahrung) 
VALUES('$name', '$geburtstag', '$staat', '$permit', '$contact', '$gemeinde', '$beruf', '$erfahrung')";
$result=mysql_query($sql);

if($result){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
}
else {
//echo "ERROR";
die (mysql_error());
}
?>
<?php
mysql_close();
?>

upload.php

<?php
error_reporting(0);
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="home_work"; // Database name
$tbl_name="worker3"; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
if(isset($_POST['btn-upload']))
{    
     
	$file = rand(1000,100000)."-".$_FILES['file']['name'];
    //$file_loc = $_FILES['file']['tmp_name'];
	//$file_type = $_FILES['file']['type'];
	$folder="uploads/";
	
	// new file size in KB
	$new_size = $file_size/1024;  
	// new file size in KB
	
	// make file name in lower case
	$new_file_name = strtolower($file);
	// make file name in lower case
	
	$final_file=str_replace(' ','-',$new_file_name);
	
	if(move_uploaded_file($file_loc,$folder.$final_file))
	{
		$sql="INSERT INTO worker3(Erfahrung) VALUES('$final_file')";
		mysql_query($sql);
		?>
		<script>
		alert('successfully uploaded');
        window.location.href='index.php?success';
        </script>
		<?php
	}
	else
	{
		?>
		<script>
		alert('error while uploading file');
        window.location.href='index.php?fail';
        </script>
		<?php
	}
}
?>

[QuickOldCar]

You commented out $file_loc

 

//$file_loc = $_FILES['file']['tmp_name'];

if(move_uploaded_file($file_loc,$folder.$final_file))

Edited September 15, 2015 by QuickOldCar

[nicedad]

Hi QuickOldCar,

thanks for the reply. I de-commented the variable unfortunately, still the same problem.

 

cheers,

[Ch0cu3r]

Why do you have a separate forms for the file upload? The file upload field should be in the same <form> as your other fields, making sure to still apply  enctype="multipart/form-data"  attribute to the form.

 

You will need to move the code that processes the upload into insert_ac.php

[hansford]

In my opinion, storing files in a database is not a good idea. Store the file location in the database and the file in the file system. If you do have to store a file in the database, then you need to be storing it as type BLOB.

[boompa]

Please move your code to use something other than the deprecated mysql_ functions (mysqli or PDO) and use prepared statements. You are totally open to SQL injection attacks.

[nicedad]

@Ch0cu3r, I know that the code seems unstable, but I'm just trying to do something for me and learn by doing at the same time.

@boompa, I know there some functions have been deprecated I'll change them later on. I don't want it to be complicated for me right now as I'm a nowbie.

 

@hansford, I changed the data type to BLOB, however, it stores the file as kind of binary file (see attached image please).

 

best,

[hansford]

 

@hansford, I changed the data type to BLOB, however, it stores the file as kind of binary file (see attached image please).

 

That is what it's suppose to do. It's a database, not a file system. In order to convert it back into a file, you need to write that data to a file with the proper file extension of whatever it used to be before you placed it in the database.

[QuickOldCar]

Need to follow some of the suggestions posted and post back the new code

 

Some things to look at

$erfahrung=$_POST['file'];//yeah that's the file upload

 

$sql="INSERT INTO $tbl_name(name, Geburtstag, Staat, Permit, Kontaktdetails, Gemeinde, Beruf, Erfahrung)
VALUES('$name', '$geburtstag', '$staat', '$permit', '$contact', '$gemeinde', '$beruf', '$erfahrung')";

 

OK, so $erfahrung must be set to NULL in mysql if inserts go through

 

 

later on other script (which as mentioned should all be same page or pass the values with get or something)

 

$sql="INSERT INTO worker3(Erfahrung) VALUES('$final_file')";

 

This is trying to insert new one and missing other values most likely needed, if now want to add that image an additional query would need to use UPDATE and set the value a specific column WHERE id='mysql_id'

You need to know where to insert it such as it's id in mysql, something unique.

 

The best thing you can do is insert to mysql at the end after everything is checked and is no errors.

And it's better to save the location of the file and not as a blob.

 

If you still want to update that image into the same as above query use mysql_insert_id() to get that AUTO_INCREMENT id from mysql

Edited September 15, 2015 by QuickOldCar