Moorcam Posted June 11, 2017 Share Posted June 11, 2017 Hi guys and Gals, This has my head wrecked to be honest. I am trying to upload an image to a directory, which is working. However, I also want to put the file name into MySQL. This will work if the image upload script is removed. With the script enabled, the file uploads but I get "Undefined index: userPic" from the following line: $userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']); Here is the complete code: if(isset($_POST['Submit'])){//if the submit button is clicked $company_name = mysqli_real_escape_string($mysqli, $_POST['company_name']); $company_abn = mysqli_real_escape_string($mysqli, $_POST['company_abn']); $company_email = mysqli_real_escape_string($mysqli, $_POST['company_email']); $address = mysqli_real_escape_string($mysqli, $_POST['address']); $company_phone = mysqli_real_escape_string($mysqli, $_POST['company_phone']); $company_slogan = mysqli_real_escape_string($mysqli, $_POST['company_slogan']); $userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']); // Upload Image if (isset($_FILES["userPic"]["name"])) { $name = $_FILES["userPic"]["name"]; $tmp_name = $_FILES['userPic']['tmp_name']; $error = $_FILES['userPic']['error']; if (!empty($name)) { $location = 'uploads/'; if (move_uploaded_file($tmp_name, $location.$name)){ echo 'Uploaded'; } } else { echo 'please choose a file'; } } $sql="UPDATE company_settings SET company_name='$company_name', company_slogan='$company_slogan', company_abn='$company_abn', company_email='$company_email', address='$address', company_phone='$company_phone', userPic='$userPic'"; $mysqli->query($sql) or die("Cannot update");//update or error } Has anyone got any ideas where I am going wrong (besides not using PDO) and how I can solve it? Thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/ Share on other sites More sharing options...
Jacques1 Posted June 11, 2017 Share Posted June 11, 2017 There is no $_POST['userPic']. The userPic is your uploaded file which you're processing just one line later. Also, if you cannot or don't want to switch to PDO, then at least learn mysqli properly (prepared statements, error handling etc.). Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/#findComment-1547226 Share on other sites More sharing options...
Moorcam Posted June 11, 2017 Author Share Posted June 11, 2017 Thanks Jacques, I am trying to learn. I will be updating it all over time with prepared statements etc. At this moment I am in limbo as to where exactly I need to put the $_POST['userPic'] ? Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/#findComment-1547227 Share on other sites More sharing options...
Jacques1 Posted June 11, 2017 Share Posted June 11, 2017 I don't think you understand what I'm saying. There is no $_POST['userPic']. It does not exist. You cannot put it anywhere. The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense. All upload-related data is in $_FILES. That's what you need to use. Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/#findComment-1547228 Share on other sites More sharing options...
Moorcam Posted June 11, 2017 Author Share Posted June 11, 2017 I don't think you understand what I'm saying. There is no $_POST['userPic']. It does not exist. You cannot put it anywhere. The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense. All upload-related data is in $_FILES. That's what you need to use. I think I am getting you now. lol I have changed the errored line from $_POST['userPic'] to $_FILES['userPic'] and now getting the following for the same line: [11-Jun-2017 21:36:58 Australia/Melbourne] PHP Warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /home/danethic/public_html/cms/admin/settings.php on line 16 Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/#findComment-1547230 Share on other sites More sharing options...
Solution Jacques1 Posted June 11, 2017 Solution Share Posted June 11, 2017 C'mon now. Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that. Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing. Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/#findComment-1547231 Share on other sites More sharing options...
Moorcam Posted June 11, 2017 Author Share Posted June 11, 2017 C'mon now. Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that. Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing. LOL It's late mate. Changed the troubled line to: $userPic = $_FILES['userPic']['name']; It works now Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/#findComment-1547232 Share on other sites More sharing options...
Jacques1 Posted June 11, 2017 Share Posted June 11, 2017 The code allows anybody to upload and execute arbitrary malware on your server, so to avoid getting yourself into deep trouble, you should think about this again. Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/#findComment-1547235 Share on other sites More sharing options...
Moorcam Posted June 11, 2017 Author Share Posted June 11, 2017 The code allows anybody to upload and execute arbitrary malware on your server, so to avoid getting yourself into deep trouble, you should think about this again. I will be. At the moment it is only for my use while learning. Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/304110-uploading-image-and-inserting-to-database/#findComment-1547236 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.