Moorcam Posted June 11, 2017 Share Posted June 11, 2017 Hi guys and Gals, This has my head wrecked to be honest. I am trying to upload an image to a directory, which is working. However, I also want to put the file name into MySQL. This will work if the image upload script is removed. With the script enabled, the file uploads but I get "Undefined index: userPic" from the following line: $userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']); Here is the complete code: if(isset($_POST['Submit'])){//if the submit button is clicked $company_name = mysqli_real_escape_string($mysqli, $_POST['company_name']); $company_abn = mysqli_real_escape_string($mysqli, $_POST['company_abn']); $company_email = mysqli_real_escape_string($mysqli, $_POST['company_email']); $address = mysqli_real_escape_string($mysqli, $_POST['address']); $company_phone = mysqli_real_escape_string($mysqli, $_POST['company_phone']); $company_slogan = mysqli_real_escape_string($mysqli, $_POST['company_slogan']); $userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']); // Upload Image if (isset($_FILES["userPic"]["name"])) { $name = $_FILES["userPic"]["name"]; $tmp_name = $_FILES['userPic']['tmp_name']; $error = $_FILES['userPic']['error']; if (!empty($name)) { $location = 'uploads/'; if (move_uploaded_file($tmp_name, $location.$name)){ echo 'Uploaded'; } } else { echo 'please choose a file'; } } $sql="UPDATE company_settings SET company_name='$company_name', company_slogan='$company_slogan', company_abn='$company_abn', company_email='$company_email', address='$address', company_phone='$company_phone', userPic='$userPic'"; $mysqli->query($sql) or die("Cannot update");//update or error } Has anyone got any ideas where I am going wrong (besides not using PDO) and how I can solve it? Thanks in advance. Link to comment Share on other sites More sharing options...
Jacques1 Posted June 11, 2017 Share Posted June 11, 2017 There is no $_POST['userPic']. The userPic is your uploaded file which you're processing just one line later. Also, if you cannot or don't want to switch to PDO, then at least learn mysqli properly (prepared statements, error handling etc.). Link to comment Share on other sites More sharing options...
Moorcam Posted June 11, 2017 Author Share Posted June 11, 2017 Thanks Jacques, I am trying to learn. I will be updating it all over time with prepared statements etc. At this moment I am in limbo as to where exactly I need to put the $_POST['userPic'] ? Link to comment Share on other sites More sharing options...
Jacques1 Posted June 11, 2017 Share Posted June 11, 2017 I don't think you understand what I'm saying. There is no $_POST['userPic']. It does not exist. You cannot put it anywhere. The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense. All upload-related data is in $_FILES. That's what you need to use. Link to comment Share on other sites More sharing options...
Moorcam Posted June 11, 2017 Author Share Posted June 11, 2017 I don't think you understand what I'm saying. There is no $_POST['userPic']. It does not exist. You cannot put it anywhere. The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense. All upload-related data is in $_FILES. That's what you need to use. I think I am getting you now. lol I have changed the errored line from $_POST['userPic'] to $_FILES['userPic'] and now getting the following for the same line: [11-Jun-2017 21:36:58 Australia/Melbourne] PHP Warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /home/danethic/public_html/cms/admin/settings.php on line 16 Link to comment Share on other sites More sharing options...
Jacques1 Posted June 11, 2017 Share Posted June 11, 2017 C'mon now. Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that. Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing. Link to comment Share on other sites More sharing options...
Moorcam Posted June 11, 2017 Author Share Posted June 11, 2017 C'mon now. Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that. Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing. LOL It's late mate. Changed the troubled line to: $userPic = $_FILES['userPic']['name']; It works now Thank you. Link to comment Share on other sites More sharing options...
Jacques1 Posted June 11, 2017 Share Posted June 11, 2017 The code allows anybody to upload and execute arbitrary malware on your server, so to avoid getting yourself into deep trouble, you should think about this again. Link to comment Share on other sites More sharing options...
Moorcam Posted June 11, 2017 Author Share Posted June 11, 2017 The code allows anybody to upload and execute arbitrary malware on your server, so to avoid getting yourself into deep trouble, you should think about this again. I will be. At the moment it is only for my use while learning. Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.