Page 1 of 1

Error in mysql/php

Posted: Sun Apr 02, 2006 2:30 pm
by phelpsa
I'm getting the error....
Parse error: syntax error, unexpected T_STRING in C:\wamp\www\xmb-src\galleryform.php on line 18
....in my script....

Code: Select all

<form action="page.php" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="file" size="30">    Description: <input type="text" name="description" size="30">    <input type="submit" value="Upload!">
</form>

<?php

include('config.php');

$uploaddir = "gallery"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!

if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}

$description=$_POST['description'];

$query = INSERT INTO gallery VALUES ('gallery/$_FILES['file']['name']','$_FILES['file']['name']','$description');
?>
I know its a common error but I'm quite new to PHP.

Adam

Posted: Sun Apr 02, 2006 2:37 pm
by feyd
It has to do with the string you're building. Have a read here: http://php.net/language.types.string#la ... ng.complex

Posted: Sun Apr 02, 2006 2:42 pm
by phelpsa
Sorry but I'm not really understanding what the tutorial is telling me. Could you point out to me the part of the line that is wrong?

Adam

Posted: Sun Apr 02, 2006 2:43 pm
by Ambush Commander
You're using mysql, right? Try...

Code: Select all

$description = isset($_POST['description']) ? $_POST['description'] : '';
$sql_filename = mysql_real_escape_string(basename($_FILES['file']['name']));
$sql_description = mysql_real_escape_string($description);
$query = "INSERT INTO `gallery` VALUES ('gallery/$sql_filename','$sql_filename','$sql_description')";
Edit - adjust according Feyd's comment. I'm not well versed in file uploads.

Posted: Sun Apr 02, 2006 2:47 pm
by feyd
You're attempting to use a multidimensional array inside a string. You need to use the complex variables in strings method of inserting them into the string.

Also, use basename() against the filename submitted as some browsers pass the full path to the file instead of just a filename. It should be noted that mysql_real_escape_string() or whatever database injection protection you're using should be run on each of the values you're inserting.

Posted: Sun Apr 02, 2006 2:49 pm
by phelpsa
Thanks :)

I no longer get the error but it doesnt appear to submit anything to the database :(

Any other tips?

Adam

Posted: Sun Apr 02, 2006 2:52 pm
by Ambush Commander
Well... are you actually executing the query? (mysql_query) (if so, submit more code)

Posted: Sun Apr 02, 2006 3:19 pm
by phelpsa
Okay,

It's coming up with this error....
Notice: Undefined index: file in C:\wamp\www\xmb-src\page2.php on line 94

Notice: Undefined index: file in C:\wamp\www\xmb-src\page2.php on line 104
....in this script (modified / added to version of the last)....

Code: Select all

<?php
if (X_ADMIN) {

echo '<form action="page2.php" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="file" size="30">    Description: <input type="text" name="description" size="30">    <input type="submit" value="Upload!">
</form>';

include('config.php');

$uploaddir = "gallery"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!

if(is_uploaded_file($_FILES['file']['tmp_name']))                          (LINE 94)
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}

mysql_connect($dbhost,$dbuser,$dbpw);
@mysql_select_db($database) or die( "Unable to select database");

$description = isset($_POST['description']) ? $_POST['description'] : '';
$sql_filename = mysql_real_escape_string($_FILES['file']['name']);                                                      (LINE 104)
$sql_description = mysql_real_escape_string($description);
$query = "INSERT INTO `gallery` VALUES ('gallery/$sql_filename','$sql_filename','$sql_description')";

mysql_query($query);

mysql_close();

}

?>
Any more suggestions?

Thanks for all the help

Adam