PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
phelpsa
Forum Commoner
Posts: 48 Joined: Thu Feb 17, 2005 1:05 pm
Post
by phelpsa » Sun Apr 02, 2006 2:30 pm
I'm getting the error....
Parse error: syntax error, unexpected T_STRING in C:\wamp\www\xmb-src\galleryform.php on line 18
....in my script....
Code: Select all
<form action="page.php" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="file" size="30"> Description: <input type="text" name="description" size="30"> <input type="submit" value="Upload!">
</form>
<?php
include('config.php');
$uploaddir = "gallery"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!
if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}
$description=$_POST['description'];
$query = INSERT INTO gallery VALUES ('gallery/$_FILES['file']['name']','$_FILES['file']['name']','$description');
?>
I know its a common error but I'm quite new to PHP.
Adam
Last edited by
phelpsa on Sun Apr 02, 2006 2:41 pm, edited 1 time in total.
phelpsa
Forum Commoner
Posts: 48 Joined: Thu Feb 17, 2005 1:05 pm
Post
by phelpsa » Sun Apr 02, 2006 2:42 pm
Sorry but I'm not really understanding what the tutorial is telling me. Could you point out to me the part of the line that is wrong?
Adam
Ambush Commander
DevNet Master
Posts: 3698 Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US
Post
by Ambush Commander » Sun Apr 02, 2006 2:43 pm
You're using mysql, right? Try...
Code: Select all
$description = isset($_POST['description']) ? $_POST['description'] : '';
$sql_filename = mysql_real_escape_string(basename($_FILES['file']['name']));
$sql_description = mysql_real_escape_string($description);
$query = "INSERT INTO `gallery` VALUES ('gallery/$sql_filename','$sql_filename','$sql_description')";
Edit - adjust according Feyd's comment. I'm not well versed in file uploads.
Last edited by
Ambush Commander on Sun Apr 02, 2006 2:48 pm, edited 1 time in total.
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Apr 02, 2006 2:47 pm
You're attempting to use a multidimensional array inside a string. You need to use the complex variables in strings method of inserting them into the string.
Also, use
basename() against the filename submitted as some browsers pass the full path to the file instead of just a filename. It should be noted that
mysql_real_escape_string() or whatever database injection protection you're using should be run on each of the values you're inserting.
phelpsa
Forum Commoner
Posts: 48 Joined: Thu Feb 17, 2005 1:05 pm
Post
by phelpsa » Sun Apr 02, 2006 2:49 pm
Thanks
I no longer get the error but it doesnt appear to submit anything to the database
Any other tips?
Adam
Ambush Commander
DevNet Master
Posts: 3698 Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US
Post
by Ambush Commander » Sun Apr 02, 2006 2:52 pm
Well... are you actually executing the query? (mysql_query) (if so, submit more code)
phelpsa
Forum Commoner
Posts: 48 Joined: Thu Feb 17, 2005 1:05 pm
Post
by phelpsa » Sun Apr 02, 2006 3:19 pm
Okay,
It's coming up with this error....
Notice: Undefined index: file in C:\wamp\www\xmb-src\page2.php on line 94
Notice: Undefined index: file in C:\wamp\www\xmb-src\page2.php on line 104
....in this script (modified / added to version of the last)....
Code: Select all
<?php
if (X_ADMIN) {
echo '<form action="page2.php" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="file" size="30"> Description: <input type="text" name="description" size="30"> <input type="submit" value="Upload!">
</form>';
include('config.php');
$uploaddir = "gallery"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!
if(is_uploaded_file($_FILES['file']['tmp_name'])) (LINE 94)
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}
mysql_connect($dbhost,$dbuser,$dbpw);
@mysql_select_db($database) or die( "Unable to select database");
$description = isset($_POST['description']) ? $_POST['description'] : '';
$sql_filename = mysql_real_escape_string($_FILES['file']['name']); (LINE 104)
$sql_description = mysql_real_escape_string($description);
$query = "INSERT INTO `gallery` VALUES ('gallery/$sql_filename','$sql_filename','$sql_description')";
mysql_query($query);
mysql_close();
}
?>
Any more suggestions?
Thanks for all the help
Adam