Small Uploading Script, Help Please

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
MoFish
Forum Newbie
Posts: 1
Joined: Mon Mar 27, 2006 8:18 am

Small Uploading Script, Help Please

Post by MoFish »

Hello everyone.

I'm trying to create a little upload script, nothing fancy for my little personal website. I'm having problems getting it working, and am proberly way off track, but hoped that maybe someone could shine some light on where im going wrong.

here is what im trying to achieve..

1) upload a file to a folder on the server called uploads.
2) add the file name (example: mofish.jpg) to a database called 'gallery' in the field 'image'
3) add the '$_SESSION['member'];' name for each file (so i can identify who uploaded it) to a database field called 'author'

any help would be greatly appreciated.

MoFish

Here is my attempt. It currently uploads the file to the folder specified, and adds the session member name to the database, but does not add the image name :roll: go easy on me.. i'm in the learning PHP cycle and trying to battle my way out.

Code: Select all

<?php

// I keep getting a warning, this prevents it, although is problerly not a good idea.

error_reporting(0);

// set variables to be used.

 $userfile = $_POST['userfile'];
 $member = $_SESSION['member'];
 
// set the SQL query i want to perform to a variable

 $query = "insert into `gallery` (`image`, `author`) values ($userfile', '$member')";
 
// set the directory in which i want to upload too.

 $uploaddir = '/home/mo/public_html/upload/';

// build up the variable upload file, from upload directory etc ..

 $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

// if uploaded, then

	if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   		
// perform query for adding to database

			if (mysql_query($query)){
			      echo "Successfully added to database.\n";
			} else {
			      echo "not added to database.\n";
		        }

                echo "Successfully uploaded.\n";
	} else {
   		echo "An Error Occoured, Please Try Again\n";
	}
?> 

<form enctype="multipart/form-data" action="index.php?page=upload" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="5242880" />
    Send this file: <input name="userfile" type="file" class="loginbox" />
    <input type="submit" value="Send File" class="loginbox" />

</form>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$_POST['userfile'] won't exist. The data is found in $_FILES. Specifically, $userfile should be set to the result of your basename() call.

As for some bits in the code: setting error_reporting to zero is indeed REALLY bad. Add some detection of the submission using $_SERVER['REQUEST_METHOD'] with a flow control construct such as if()
Post Reply