patelp7 Posted March 22, 2007 Share Posted March 22, 2007 I am having trouble in the user being able to upload files. The file gets stored in the file which is suppose to, But the reference name of the file is not recorded in the database table. Does any one have any suggestions? function DisplayAddForm ($errorstring) { print ('<html> <head></head> <body> <H3>Create Bulletin</H3> <P>Please enter Todays log</p> '); echo $errorstring; print(' <form action="AddBulletin.php" method=post> <label><br /><br /> Subject <input name="Subject" type="text" id="Subject" size="100" /> <br /><br />Description <textarea name="Description" cols="100" rows="8" id="Description"></textarea> <br /> <br />Dr Comments <textarea name="Drcomments" cols="100" rows="2" id="Drcomments"></textarea> </label> <input type="hidden" name="fname" value="<?=$flname?>"> <p> </p> <br><Input type =SUBMIT name ="SUBMIT" value="SUBMIT"> <Input type = Reset> </form> <form enctype="multipart/form-data" name="form3" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="300000" /> <input name="userfile" type="file" class="inputbox-boder" size="20"> <input name="subfile" type="submit" value="Upload"> </form> </body> </html>'); } <? session_start(); //lines 4 to 15 uploads a picture for the product. this picture can be located from anywhere within the computers hard drive. $flname=""; if (isset($_POST['subfile'])){ $flname = basename($_FILES['userfile']['name']); $flname = str_replace(" ","",$flname); $uploaddir = "Pictures/"; $uploadfile = $uploaddir . $flname; if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { } else { echo "Possible file upload attack!\n"; } } require ("db.php.inc"); require ("addBulletinfunc.inc"); require("authenticateadmin.inc"); $Userlevel=0; if (isset($_POST['SUBMIT']) ){ extract($_POST); $error=1; //check to see variables are set if ( (isset($Subject)) && (isset($Description)) && (isset($Drcomments)) ) { //set error flag to 0 $error=0; //Remove leading and trailing white spaces in input $Subject=trim($Subject); $Description=trim($Description); //check to see if username and password contain sufficient characters $Subjectlen = strlen($Subject); $Desclen= strlen($Description); If ( (($Subjectlen>2) && ($Desclen>2)) ){ //palis shit up to here. $query = "insert into bulletin (Subject, Description, DrComments, Adminusername, Datecreated, Image) Values ('$Subject', '$Description', '$Drcomments', '".$_SESSION['Username']."', NOW(), '$fname')"; $result=mysql_query($query); if (mysql_errno()<>0) { $error =1; $errorstring = mysql_error() . "\n"; } }else{ $error=1; } if(($Subjectlen<0)){ $errorstring.="<BR>Your name was $Subjectlen characters long it must be more than 1 character long.<BR>"; } if (($Desclen<0)){ $errorstring .= "<BR> Your Supplier was $Descriptionlen characters long in must be above 0. <BR>"; } } if ($error<>0){ DisplayAddForm($errorstring); }else{ $Username=$_session['Username']; $Userlevel= $_session['Userlevel']; DisplayMenu($Username, $Userlevel, "Bulletin added sucessfully"); } }else{ DisplayAddForm($errorstring); } ?> Link to comment https://forums.phpfreaks.com/topic/43880-user-being-able-to-upload-files/ Share on other sites More sharing options...
per1os Posted March 23, 2007 Share Posted March 23, 2007 //palis shit up to here. $query = "insert into bulletin (Subject, Description, DrComments, Adminusername, Datecreated, Image) Values ('$Subject', '$Description', '$Drcomments', '".$_SESSION['Username']."', NOW(), '$fname')"; Should be: //palis shit up to here. $query = "insert into bulletin (Subject, Description, DrComments, Adminusername, Datecreated, Image) Values ('$Subject', '$Description', '$Drcomments', '".$_SESSION['Username']."', NOW(), '$flname')"; changed $fname to $flname. Link to comment https://forums.phpfreaks.com/topic/43880-user-being-able-to-upload-files/#findComment-213204 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.