Justafriend Posted September 9, 2017 Share Posted September 9, 2017 I have a code that takes multiple text fields and 2 file uploads. First before people say i need to limit file types and images that i am working on once i get the problems i have now fixed My issues 1. I am getting an undefined variable on line 31 even though all the names match with my db 2. The files arent uploading to server which i am testing on a private pc 3 I think this has to do with issue of the undefined variable problem but I want the image links to go into the db under chat log and screenshot headings the php code <!DOCTYPE html> <html> <body> <form action="" method="POST" enctype="multipart/form-data"> Your SHG Player Name(required):<input type="text" name="commentfrom" required="required" /></br> Your Email Address(required): <input type="text" name="email" required="required" /></br> Player Or Host this is about: <input type="text" name="about" /></br> Do you Require a Director to contact you?:<p> <input type="radio" name="reply" value="yes">Yes <br/> <input type="radio" name="reply" value="no">No <br/> </p> Please include your comments here:</br><textarea name="comments" rows="10" cols="25"></textarea></br> Select Chatlog to upload:<input type="file" name="chatlog" id="chatlog"></br> Select Screenshot to upload:<input type="file" name="screenShot" id="screenShot"></br> <input type="submit" value="Submit" name="submit"> </form> </body> </html> <?php if(isset($_POST["submit"])){ $hostname='localhost'; $username='root'; $password=''; try { $dbh = new PDO("mysql:host=$hostname;dbname=Directors",$username,$password); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line $folder = "upload/"; $chatlog = $folder . basename($_FILES["chatlog"]["name"]); $screenShot = $folder . basename($_FILES["screenShot"]["name"]); $sql = "INSERT INTO comments (commentfrom, email, about, reply, comments, chatlog, screenShot ) VALUES ('".$_POST["commentfrom"]."','".$_POST["email"]."','".$_POST["about"]."','".$_POST["reply"]."','".$_POST["comments"]."','".$_POST["chatlog"]."','".$_POST["screenShot"]."')"; if ($dbh->query($sql)) { echo "New Record Inserted Successfully'"; } else{ echo "Data not successfully Inserted."; } $dbh = null; } catch(PDOException $e) { echo $e->getMessage(); } } ?> </body> </html> Here is the table structure ID commentfrom email about Reply Date Submitted comments chatlog screenshot NNN read Habs Read Directors comments ID commentfrom email about Reply Date Submitted comments chatlog screenshot NNN read Habs Read Directors comments Link to comment Share on other sites More sharing options...
requinix Posted September 9, 2017 Share Posted September 9, 2017 You're right: both #1 and #2 are because of the same problem. That problem is that you aren't handling file uploads correctly. Link to comment Share on other sites More sharing options...
Justafriend Posted September 9, 2017 Author Share Posted September 9, 2017 i have read through the page where you pointed me but am still it is about arrays which wont work as these are 2 diff file types and going into one entry into db or am i missing something i appreciate all your help Link to comment Share on other sites More sharing options...
requinix Posted September 9, 2017 Share Posted September 9, 2017 Your problem isn't arrays. Your problem is that you missed out on, like, most of what the documentation is telling you to do: - You aren't validating the upload, though you say you'll do that eventually (if I had a nickel...) - You aren't moving the temporary file to a new location - You are still using $_POST for, presumably, the file name And you've got a big SQL injection problem. Link to comment Share on other sites More sharing options...
Justafriend Posted September 9, 2017 Author Share Posted September 9, 2017 - You aren't validating the upload, though you say you'll do that eventually (if I had a nickel... ok i am still working on adding a file upload size limit but have added an extension check - You are still using $_POST for, presumably, the file name yes I am trying to use that to post the file name to later link it back in a comments section I am now having an issue with an error replying Notice: Undefined index: TR-2_Wham_Bam_-09042017_190057.rtf in C:\xampp\htdocs\form.php on line 51 where TR-2_Wham_Bam_-09042017_190057.rtf is the file name and its still not uploading here is the updated code <!DOCTYPE html> <html> <body> <form action="" method="POST" enctype="multipart/form-data"> Your SHG Player Name(required):<input type="text" name="commentfrom" required="required" /></br> Your Email Address(required): <input type="text" name="email" required="required" /></br> Player Or Host this is about: <input type="text" name="about" /></br> Do you Require a Director to contact you?:<p> <input type="radio" name="reply" value="yes">Yes <br/> <input type="radio" name="reply" value="no">No <br/> </p> Please include your comments here:</br><textarea name="comments" rows="10" cols="25"></textarea></br> Select Chatlog to upload:<input type="file" name="chatlog" id="chatlog"></br> Select Screenshot to upload:<input type="file" name="screenshot" id="screenshot"></br> <input type="submit" value="Submit" name="submit"> </form> </body> </html> <?php if(isset($_POST["submit"])){ $hostname='localhost'; $username='root'; $password=''; $dbh = new PDO("mysql:host=$hostname;dbname=Directors",$username,$password); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line $chatlog= $_FILES['chatlog']['name']; $target_dir = "upload/"; $target_file = $target_dir . basename($_FILES["chatlog"]["name"]); // Select file type $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION)); // Valid file extensions $extensions_arr = array("rtf","doc","docx","txt"); // Check extension if( in_array($imageFileType,$extensions_arr) ) $screenshot= $_FILES['screenshot']['name']; $target_dir = "upload/"; $target_file = $target_dir . basename($_FILES["screenshot"]["name"]); // Select file type $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION)); // Valid file extensions $extensions_arr = array("jpg","jpeg","png","gif"); // Check extension $sql = "INSERT INTO comments (commentfrom, email, about, reply, comments, chatlog, screenshot ) VALUES ('".$_POST["commentfrom"]."','".$_POST["email"]."','".$_POST["about"]."','".$_POST["reply"]."','".$_POST["comments"]."','".$_POST["$chatlog"]."','".$_POST["$screenshot"]."')"; } $dbh = null; ?> </body> </html> Link to comment Share on other sites More sharing options...
requinix Posted September 9, 2017 Share Posted September 9, 2017 > yes I am trying to use that Well you can't. There is nothing in $_POST that can help you with file uploads. Everything is in $_FILES. Link to comment Share on other sites More sharing options...
Justafriend Posted September 10, 2017 Author Share Posted September 10, 2017 thank you for your general pointing out where to look I have it solved Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.