What's wrong with this upload script?

[rawky1976]

<?php

$uploadDir = '/upload/';

 

if(isset($_POST['uploadform']))

{

$fileName = $_FILES['userfile']['name'];

$tmpName = $_FILES['userfile']['tmp_name'];

$fileSize = $_FILES['userfile']['size'];

$fileType = $_FILES['userfile']['type'];

$filePath = $uploadDir . $fileName;

$result = move_uploaded_file($tmpName, $filePath);

if (!$result) {

echo "Error uploading file";

exit;

}

 

include '../library/config.php';

include '../library/opendb.php';

if(!get_magic_quotes_gpc())

{

$fileName = addslashes($fileName);

$filePath = addslashes($filePath);

}

$query = "INSERT INTO document (name, size, type, path, keywords, about) ".

"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath', '$_POST[keyWords]', '$_POST[about]')";

mysql_query($query) or die('Error, query failed : ' . mysql_error());

include '../library/closedb.php';

 

echo "<br>Files uploaded<br>";

}

?>

 

Nothing in the upload folder and nothing in the DB?

[Lumio]

put

error_reporting(E_ALL);

after <?php and post all errors and notices you'll get

[rawky1976]

So the beginning of it now reads: -

 

<?php

error_reporting(E_ALL);

$uploadDir = '/upload/';

 

I don't get any errors though? Should they display on the webpage?

[DeathStar]

just me or should there always be session_start(); first?

[rawky1976]

Sorry, this is above it: -

 

<?php

session_start();

 

if (!isset($_SESSION['db_is_logged_in'])

  || $_SESSION['db_is_logged_in'] !== true) {

 

      header('Location: loginFailure.php');

  exit;

}

?>

 

That checks the user is logged in, do I need it again in the next block of code?

[rawky1976]

Im testing it locally on another PC (on my LAN) the DB is on there too. The conn string is still set to localhost. That's where the DB will be right?