Member Avatar for roxanne.martos

i dont know why but somehow my files are being upload to the server folder but not stored within db

<?php
include_once("conninfo2.php");
error_reporting(E_ALL); 

$usid = 1;   

if(isset($_FILES['files'])){ 
    $query = "INSERT into files(`filename`,`fsize`,`ftype`,`uploadtimest`, `usid`) 
             VALUES(:filename,:fsize,:ftype,now(), :usid)"; 
    $stmt  = $db->prepare($query); 
    $errors= array(); 
    foreach($_FILES['files']['tmp_name'] as $key => $error ){ 
        if ($error != UPLOAD_ERR_OK) { 
            $errors[] = $_FILES['files']['name'][$key] . ' was not uploaded.'; 
            continue; 
        } 
        $filename = $key.$_FILES['files']['name'][$key]; 
        $fsize = $_FILES['files']['size'][$key]; 
        $file_tmp  = $_FILES['files']['tmp_name'][$key]; 
        $ftype = $_FILES['files']['type'][$key]; 


    if($fsize > 5120){ 
        $errors[] = 'File size must be less than 5 GB'; 
        continue; 
    } 
    try{        
        $stmt->bindParam(':filename', $filename , PDO::PARAM_STR ); 
        $stmt->bindParam(':fsize', $fsize, PDO::PARAM_STR ); 
        $stmt->bindParam(':ftype', $ftype, PDO::PARAM_STR ); 
        $stmt->bindParam( ":usid", $_POST['usid']);
        $stmt->execute(); 

        $desired_dir="fileupload/"; 

        if(is_dir($desired_dir)==false){ 
            mkdir($desired_dir, 0700);// Create directory if it does not exist 
        } 
        if(is_file($desired_dir.'/'.$filename)==false){ 
            move_uploaded_file($file_tmp,$desired_dir.'/'.$filename); 
        }else{    //rename the file if another one exist 
            $new_file=$desired_dir.'/'.$filename.time(); 
            move_uploaded_file($file_tmp,$new_file) ;                
        } 
    }catch(PDOException $e){ 
        $errors[] = $filename . 'not saved in db.'; 
        echo $e->getMessage(); 
    }    
} 
if(empty($error)){ 
    echo "Success"; 
} 

} 
?>
Member Avatar for iamthwee

Try replacing : with $ in your insert query?

Member Avatar for roxanne.martos

still brings up a blank page, and it didnt seem to like $

Member Avatar for iamthwee

:filename,:fsize,:ftype,now(), :usid

Echo out these values... see what they contain.

Member Avatar for roxanne.martos

it just echoes out the names of the values and not the document
:filename:fsize:ftypenow():usid

Member Avatar for diafol

With regard to usid - I assume this is the id of the logged in user - if so use the session user id value. Don't use a post var as an id - even as a hidden field since it may be possible to spoof post headers and send loads of porn to your site giving somebody else's user id.

Member Avatar for roxanne.martos

its working now, i took out the user id for the moment although it doesnt let me redirect once the process has been carried

`if(isset($_FILES['files'])){

        $query = "INSERT into files(`filename`,`fsize`,`ftype`,`uploadtimest`)
                 VALUES(:filename,:fsize,:ftype,now())";
        $stmt  = $db->prepare($query);
        $errors= array();
        foreach($_FILES['files']['tmp_name'] as $key => $error ){
            if ($error != UPLOAD_ERR_OK) {
                $errors[] = $_FILES['files']['name'][$key] . ' was not uploaded.';
                continue;
            }
            $filename = $key.$_FILES['files']['name'][$key];
            $fsize = $_FILES['files']['size'][$key];
            $file_tmp  = $_FILES['files']['tmp_name'][$key];
            $ftype = $_FILES['files']['type'][$key];  
            if($fsize > 2097152){
                $errors[] = 'File size must be less than 2 MB';
                continue;
            }
            try{       
                $stmt->bindParam( ':filename', $filename , PDO::PARAM_STR );
                $stmt->bindParam( ':fsize', $fsize, PDO::PARAM_STR );
                $stmt->bindParam( ':ftype', $ftype, PDO::PARAM_STR );
                $stmt->execute();


            $desired_dir="fileupload";

            if(is_dir($desired_dir)==false){
                            mkdir($desired_dir, 0700);// Create directory if it does not exist
            }
            if(is_file($desired_dir.'/'.$filename)==false){
                                     move_uploaded_file($file_tmp,$desired_dir.'/'.$filename);
            }
            else
            {    //rename the file if another one exist
                $new_file=$desired_dir.'/'.$filename.time();
                move_uploaded_file($file_tmp,$new_file) ;   

            }
        }
        catch(PDOException $e){
            $errors[] = $filename . 'not saved in db.';
            echo $e->getMessage();
        }   
    }
    if(empty($error)){
        echo "Success";  
    }

    }
    ?>`
Member Avatar for diafol
echo "Success";  

Any output like this may stop you redirecting. So check carefully at every point.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.