0

Here i'm going to do a insert to the MySQL.but here i'm getting error.I saw there's a duplicated for the same but in those answers they asked to add ISSET.In my coding i added that also but still i'm getting this error.

Error 1 : Notice: Undefined index: Description in ....... add.php on line 8
Error 2 : Notice: Undefined variable: _FILE in ..........\add.php on line 9
Error 3 : Fatal error: Call to undefined function NOW() in ....add.php on line 12

Here i added my Coding below

<html>
<body>
<?php
include('config.php');
if(isset($_POST['submit']))
 { 
$Title=$_POST['Title'];
$Description=$_POST['Description'];
$Image = addslashes(file_get_contents($_FILE['Image']));
$Categories  = $_POST['category']; 
$ModifiedBy = 1;
$ModifiedDate = NOW(); 
$query1=mysql_query("insert into testdb      values('','$Title','$Description','$Image','$Categories','$ModifiedBy',$ModifiedDate,1)");
  if($query1)
  {
  header("location:list.php");
  }
  }
  ?>
  <fieldset style="width:300px;">
  <form method="post" action="" enctype="multipart/form-data">
  Title: <input type="text" name="Title"><br>
  Description: <input type="text" name="description"><br>
  Image : <input type="file" name="Image" /><br>
  <select name="category" id="category">
  <option>Choose</option>
  <option value="1">new</option>
  <option value="2">info</option>
  <option value="2">Event</option>

  <br>
  <input type="submit" name="submit">
  </form>
  </fieldset>
  </body>
  </html>
TechGuy
  • 4,298
  • 15
  • 56
  • 87
  • These are php errors. When the form is filled in there is no value in Description (partly because the field name is description with a lower case d) or Image (probably the same reason) - however you should check that values exist anyway. NOW() is a MySQL function. You probably want the PHP date() function. – Kickstart Jan 29 '14 at 17:38
  • You have a letter-case issue. `A != a` < example - as for `_FILE` - `S` perhaps? ;-) and don't use `NOW()` as a variable. – Funk Forty Niner Jan 29 '14 at 17:38
  • **By building SQL statements with outside variables, you are leaving yourself open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. My site http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. – Andy Lester Jan 29 '14 at 17:41
  • Plus, I suggest you use **actuals** instead of `hopefuls` - Doing `insert into testdb` is like hitting a dozen golf balls at night, hoping they'll land in the right hole. – Funk Forty Niner Jan 29 '14 at 17:42

3 Answers3

1

You have grammar issues in your code. It should be this:

$Title=$_POST['Title'];
$Description=$_POST['description'];
$Image = addslashes(file_get_contents($_FILES['Image']));
$Categories  = $_POST['category']; 
$ModifiedBy = 1;
$ModifiedDate = 'NOW()'; 
$query1=mysql_query("insert into testdb values('','$Title','$Description','$Image','$Categories','$ModifiedBy',$ModifiedDate,1)");
SameOldNick
  • 2,397
  • 24
  • 33
0
Error 1: Case of "description" is wrong!

Error 2: it should be $_FILES (add an S). Also that is not how you handle file uploads -  
[read more here][1]

Error 3: NOW() is a mysql tag. not php. you can use date() if you want this in php.
Mihir Chhatre
  • 443
  • 5
  • 14
0

$_FILE should probably be $_FILES, just a typo there. The linked page will give you a bit more information about how to post files using PHP.

The NOW() function is for mysql, not PHP. You can use php's date format to emulate the way MySQL saves dates instead:

date("Y-m-d H:i:s")

For the Description error, that's to do with casing. Description != description. Try and be consistent with casing where you can, that often helps when looking for errors. Also, space your code out a little and make use of indentation.

When in doubt over an error, I usually check what line I get the error on. If it's one I've not encountered before, try a search and see if something similar comes up. @John Conde's link in his comment is a great place to start

stckrboy
  • 379
  • 10
  • 16