Jump to content

user being able to upload files


patelp7

Recommended Posts

I am having trouble in the user being able to upload files.  The file gets stored in the file which is suppose to, But the reference name of the file is not recorded in the database table.

 

Does any one have any suggestions?

 

function DisplayAddForm ($errorstring) {
print ('<html>
<head></head>
<body>

<H3>Create Bulletin</H3>
<P>Please enter Todays log</p>
');
echo $errorstring;
print('
<form  action="AddBulletin.php" method=post>
<label><br /><br />
Subject
<input name="Subject"  type="text" id="Subject" size="100" />
<br /><br />Description 
<textarea name="Description" cols="100" rows="8" id="Description"></textarea>
<br />
<br />Dr Comments 
<textarea name="Drcomments" cols="100" rows="2" id="Drcomments"></textarea>
</label>
<input type="hidden" name="fname" value="<?=$flname?>">
<p> </p>
<br><Input type =SUBMIT name ="SUBMIT" value="SUBMIT">
<Input type = Reset>
</form>

<form enctype="multipart/form-data" name="form3" method="post">
  	<input type="hidden" name="MAX_FILE_SIZE" value="300000" />
         <input name="userfile" type="file" class="inputbox-boder" size="20">
	<input name="subfile" type="submit" value="Upload">
</form>

</body>
</html>');
}

 

 

<?
session_start();

//lines 4 to 15 uploads a picture for the product.  this picture can be located from anywhere within the computers hard drive. 
$flname="";
if (isset($_POST['subfile'])){
$flname = basename($_FILES['userfile']['name']);
$flname = str_replace(" ","",$flname);
$uploaddir = "Pictures/";
$uploadfile = $uploaddir . $flname;
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
} 
else {
   		echo "Possible file upload attack!\n";
}
}

require ("db.php.inc");
require ("addBulletinfunc.inc");
require("authenticateadmin.inc");


$Userlevel=0;

if (isset($_POST['SUBMIT']) ){
extract($_POST);
$error=1;


//check to see variables are set
if ( (isset($Subject)) && (isset($Description)) && (isset($Drcomments)) ) {




//set error flag to 0
$error=0;


//Remove leading and trailing white spaces in input
$Subject=trim($Subject);
$Description=trim($Description);


//check to see if username and password contain sufficient characters

$Subjectlen = strlen($Subject);
$Desclen= strlen($Description);




If ( (($Subjectlen>2) && ($Desclen>2)) ){



//palis shit up to here.
$query = "insert into bulletin (Subject, Description, DrComments, Adminusername, Datecreated, Image) Values ('$Subject', '$Description',
'$Drcomments', '".$_SESSION['Username']."', NOW(), '$fname')";

$result=mysql_query($query);



if (mysql_errno()<>0) {
$error =1;
$errorstring = mysql_error() . "\n";
}
}else{
$error=1;
}
if(($Subjectlen<0)){
$errorstring.="<BR>Your name was $Subjectlen characters long it must be more than 1 character long.<BR>";
}

if (($Desclen<0)){
$errorstring .= "<BR> Your Supplier was $Descriptionlen characters long in must be above 0. <BR>";
}
}
if ($error<>0){
DisplayAddForm($errorstring);
}else{
$Username=$_session['Username'];
$Userlevel= $_session['Userlevel'];
DisplayMenu($Username, $Userlevel, "Bulletin added sucessfully");
}
}else{
DisplayAddForm($errorstring);
}
?>

Link to comment
https://forums.phpfreaks.com/topic/43880-user-being-able-to-upload-files/
Share on other sites

//palis shit up to here.
$query = "insert into bulletin (Subject, Description, DrComments, Adminusername, Datecreated, Image) Values ('$Subject', '$Description',
'$Drcomments', '".$_SESSION['Username']."', NOW(), '$fname')";

 

Should be:

 

//palis shit up to here.
$query = "insert into bulletin (Subject, Description, DrComments, Adminusername, Datecreated, Image) Values ('$Subject', '$Description',
'$Drcomments', '".$_SESSION['Username']."', NOW(), '$flname')";

 

changed $fname to $flname.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.