Page 1 of 1

Small Uploading Script, Help Please

Posted: Mon Mar 27, 2006 8:31 am
by MoFish
Hello everyone.

I'm trying to create a little upload script, nothing fancy for my little personal website. I'm having problems getting it working, and am proberly way off track, but hoped that maybe someone could shine some light on where im going wrong.

here is what im trying to achieve..

1) upload a file to a folder on the server called uploads.
2) add the file name (example: mofish.jpg) to a database called 'gallery' in the field 'image'
3) add the '$_SESSION['member'];' name for each file (so i can identify who uploaded it) to a database field called 'author'

any help would be greatly appreciated.

MoFish

Here is my attempt. It currently uploads the file to the folder specified, and adds the session member name to the database, but does not add the image name :roll: go easy on me.. i'm in the learning PHP cycle and trying to battle my way out.

Code: Select all

<?php

// I keep getting a warning, this prevents it, although is problerly not a good idea.

error_reporting(0);

// set variables to be used.

 $userfile = $_POST['userfile'];
 $member = $_SESSION['member'];
 
// set the SQL query i want to perform to a variable

 $query = "insert into `gallery` (`image`, `author`) values ($userfile', '$member')";
 
// set the directory in which i want to upload too.

 $uploaddir = '/home/mo/public_html/upload/';

// build up the variable upload file, from upload directory etc ..

 $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

// if uploaded, then

	if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   		
// perform query for adding to database

			if (mysql_query($query)){
			      echo "Successfully added to database.\n";
			} else {
			      echo "not added to database.\n";
		        }

                echo "Successfully uploaded.\n";
	} else {
   		echo "An Error Occoured, Please Try Again\n";
	}
?> 

<form enctype="multipart/form-data" action="index.php?page=upload" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="5242880" />
    Send this file: <input name="userfile" type="file" class="loginbox" />
    <input type="submit" value="Send File" class="loginbox" />

</form>

Posted: Mon Mar 27, 2006 11:57 am
by feyd
$_POST['userfile'] won't exist. The data is found in $_FILES. Specifically, $userfile should be set to the result of your basename() call.

As for some bits in the code: setting error_reporting to zero is indeed REALLY bad. Add some detection of the submission using $_SERVER['REQUEST_METHOD'] with a flow control construct such as if()