atticus Posted November 2, 2007 Share Posted November 2, 2007 I am using this script to load a file into the webserver, and store the path in the database. That is working fine. However, when I try to upload other information from the same field I keep getting the field name in the data. <form method="post" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="2000000"> Title: <input type="text" name="title" id="title"> Description: <textarea name="description" id="description"></textarea><br /><br /> <input name="userfile" type="file" id="userfile"> <td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "> </form> Instead of posting the actual input field into the database, it is taking the name: Title: <input type="text" name="title" id="title"> This results in name. PHP: $uploadDir = 'upload/'; if(isset($_POST['upload'])) { $fileName = $_FILES['userfile']['name']; $tmpName = $_FILES['userfile']['tmp_name']; $fileSize = $_FILES['userfile']['size']; $fileType = $_FILES['userfile']['type']; $filePath = $uploadDir . $fileName; $result = move_uploaded_file($tmpName, $filePath); chmod($filePath, 0755); if (!$result) { echo "Error uploading file"; exit; } if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } mysql_connect($db_host, $db_user, $db_pwd); mysql_select_db($db_name); $query = "INSERT INTO upload2 (name, size, type, path, title, description) ". "VALUES ('$fileName', '$fileSize', '$fileType', '$filePath', 'title', 'description')"; mysql_query($query) or die('Error, query failed : ' . mysql_error()); Quote Link to comment https://forums.phpfreaks.com/topic/75774-solved-problem-with-mysql-data-insertion/ Share on other sites More sharing options...
zq29 Posted November 2, 2007 Share Posted November 2, 2007 Shouldn't this: $query = "INSERT INTO upload2 (name, size, type, path, title, description) ". "VALUES ('$fileName', '$fileSize', '$fileType', '$filePath', 'title', 'description')"; Be this: $query = "INSERT INTO upload2 (name, size, type, path, title, description) ". "VALUES ('$fileName', '$fileSize', '$fileType', '$filePath', '$_POST[title]', '$_POST[description]')"; Just pointing out the issue, you should sanitize the input too... Quote Link to comment https://forums.phpfreaks.com/topic/75774-solved-problem-with-mysql-data-insertion/#findComment-383485 Share on other sites More sharing options...
atticus Posted November 2, 2007 Author Share Posted November 2, 2007 wow...that was a rookie mistake...I don't know how I missed that. Clean up what? Quote Link to comment https://forums.phpfreaks.com/topic/75774-solved-problem-with-mysql-data-insertion/#findComment-383489 Share on other sites More sharing options...
revraz Posted November 2, 2007 Share Posted November 2, 2007 Sanitize the input, as in Validate it before you insert it into your DB or you could get unwanted entries. Clean up what? Quote Link to comment https://forums.phpfreaks.com/topic/75774-solved-problem-with-mysql-data-insertion/#findComment-383498 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.