upload process uploading files but not printing in db

Question

roxanne.martos

10 Years Ago

i dont know why but somehow my files are being upload to the server folder but not stored within db

<?php
include_once("conninfo2.php");
error_reporting(E_ALL); 

$usid = 1;   

if(isset($_FILES['files'])){ 
    $query = "INSERT into files(`filename`,`fsize`,`ftype`,`uploadtimest`, `usid`) 
             VALUES(:filename,:fsize,:ftype,now(), :usid)"; 
    $stmt  = $db->prepare($query); 
    $errors= array(); 
    foreach($_FILES['files']['tmp_name'] as $key => $error ){ 
        if ($error != UPLOAD_ERR_OK) { 
            $errors[] = $_FILES['files']['name'][$key] . ' was not uploaded.'; 
            continue; 
        } 
        $filename = $key.$_FILES['files']['name'][$key]; 
        $fsize = $_FILES['files']['size'][$key]; 
        $file_tmp  = $_FILES['files']['tmp_name'][$key]; 
        $ftype = $_FILES['files']['type'][$key]; 


    if($fsize > 5120){ 
        $errors[] = 'File size must be less than 5 GB'; 
        continue; 
    } 
    try{        
        $stmt->bindParam(':filename', $filename , PDO::PARAM_STR ); 
        $stmt->bindParam(':fsize', $fsize, PDO::PARAM_STR ); 
        $stmt->bindParam(':ftype', $ftype, PDO::PARAM_STR ); 
        $stmt->bindParam( ":usid", $_POST['usid']);
        $stmt->execute(); 

        $desired_dir="fileupload/"; 

        if(is_dir($desired_dir)==false){ 
            mkdir($desired_dir, 0700);// Create directory if it does not exist 
        } 
        if(is_file($desired_dir.'/'.$filename)==false){ 
            move_uploaded_file($file_tmp,$desired_dir.'/'.$filename); 
        }else{    //rename the file if another one exist 
            $new_file=$desired_dir.'/'.$filename.time(); 
            move_uploaded_file($file_tmp,$new_file) ;                
        } 
    }catch(PDOException $e){ 
        $errors[] = $filename . 'not saved in db.'; 
        echo $e->getMessage(); 
    }    
} 
if(empty($error)){ 
    echo "Success"; 
} 

} 
?>

file-system php

3 Contributors
7 Replies
223 Views
18 Hours Discussion Span
Latest Post 10 Years Ago Latest Post by diafol

iamthwee

10 Years Ago

Try replacing : with $ in your insert query?

iamthwee

10 Years Ago

:filename,:fsize,:ftype,now(), :usid

Echo out these values... see what they contain.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

roxanne.martos · Answer 1 · 2014-05-18T21:37:03+00:00

still brings up a blank page, and it didnt seem to like $

roxanne.martos · Answer 2 · 2014-05-18T22:27:58+00:00

it just echoes out the names of the values and not the document
:filename:fsize:ftypenow():usid

diafol · Answer 3 · 2014-05-18T23:32:49+00:00

With regard to usid - I assume this is the id of the logged in user - if so use the session user id value. Don't use a post var as an id - even as a hidden field since it may be possible to spoof post headers and send loads of porn to your site giving somebody else's user id.

roxanne.martos · Answer 4 · 2014-05-19T05:06:34+00:00

its working now, i took out the user id for the moment although it doesnt let me redirect once the process has been carried

`if(isset($_FILES['files'])){

        $query = "INSERT into files(`filename`,`fsize`,`ftype`,`uploadtimest`)
                 VALUES(:filename,:fsize,:ftype,now())";
        $stmt  = $db->prepare($query);
        $errors= array();
        foreach($_FILES['files']['tmp_name'] as $key => $error ){
            if ($error != UPLOAD_ERR_OK) {
                $errors[] = $_FILES['files']['name'][$key] . ' was not uploaded.';
                continue;
            }
            $filename = $key.$_FILES['files']['name'][$key];
            $fsize = $_FILES['files']['size'][$key];
            $file_tmp  = $_FILES['files']['tmp_name'][$key];
            $ftype = $_FILES['files']['type'][$key];  
            if($fsize > 2097152){
                $errors[] = 'File size must be less than 2 MB';
                continue;
            }
            try{       
                $stmt->bindParam( ':filename', $filename , PDO::PARAM_STR );
                $stmt->bindParam( ':fsize', $fsize, PDO::PARAM_STR );
                $stmt->bindParam( ':ftype', $ftype, PDO::PARAM_STR );
                $stmt->execute();


            $desired_dir="fileupload";

            if(is_dir($desired_dir)==false){
                            mkdir($desired_dir, 0700);// Create directory if it does not exist
            }
            if(is_file($desired_dir.'/'.$filename)==false){
                                     move_uploaded_file($file_tmp,$desired_dir.'/'.$filename);
            }
            else
            {    //rename the file if another one exist
                $new_file=$desired_dir.'/'.$filename.time();
                move_uploaded_file($file_tmp,$new_file) ;   

            }
        }
        catch(PDOException $e){
            $errors[] = $filename . 'not saved in db.';
            echo $e->getMessage();
        }   
    }
    if(empty($error)){
        echo "Success";  
    }

    }
    ?>`

diafol · Answer 5 · 2014-05-19T06:41:42+00:00

echo "Success";

Any output like this may stop you redirecting. So check carefully at every point.