0

I am trying to do a upload button which able to upload a pdf file to database but it faced some problems. database i used mySQL.

pop out window for user to key in document

<form method="POST" action="upload.php" enctype="multipart/form-data">
    <div>
        <label for="citation">Citation</label>
        <textarea name="citation" id="citation" placeholder="Enter text here..."></textarea>
    </div>
    <div>
        <label for="abstract">Abstract</label>
        <textarea name="abstract" id="abstract" placeholder="Enter text here..."></textarea>
    </div>
        <p>Upload your file here</p>
        <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
        <input name="userfile" type="file" id="userfile">&nbsp;
        <br/> 
        <input name="submit" type="submit" value="Upload" style="width: 150px">
                <a class="close" href="#close"></a>
    </form>

this is upload.php

<?php
        // Connect to the database
        $host="localhost"; // Host name 
        $username="root"; // Mysql username 
        $password=""; // Mysql password 
        $db_name="is"; // Database name 
        $tbl_name="publication"; // Table name 

        $conn = mysql_connect("$host", "$username", "$password"); 
        if(! $conn )
        {
          die('Could not connect: ' . mysql_error());
        }

        mysql_select_db($db_name);

        $cit=mysql_real_escape_string($_POST['citation']);
        $abs=mysql_real_escape_string($_POST['abstract']);

        if(isset($_POST['submit']) && $_FILES['userfile']['size'] > 0)
        {
        $fileName = $_FILES['userfile']['name'];
        $tmpName  = $_FILES['userfile']['tmp_name'];
        $fileSize = $_FILES['userfile']['size'];
        $fileType = $_FILES['userfile']['type'];

        $fp      = fopen($tmpName, 'r');
        $content = fread($fp, filesize($tmpName));
        $content = addslashes($content);
        fclose($fp);

        if(!get_magic_quotes_gpc())
        {
            $fileName = addslashes($fileName);
        }

        $query = "INSERT INTO publication ('citation','abstract','file_name', 'file_size', 'file_type', 'file_content' ) VALUES ('$cit','$abs','$fileName', '$fileSize', '$fileType', '$content')";

        mysql_query($query) or die('Error, query failed'); 


        echo "<script type='text/javascript'>alert('File $fileName uploaded!');
                window.location.href='home_unlogin.php';
            </script>";
        } 
        mysql_close($conn);
?>

at the next it show error, query failed and i have no idea whats wrong with it.

ZKT
  • 37
  • 1
  • 12
  • little basic error checking please –  Mar 20 '14 at 02:15
  • Single quotes around The field names in your query. – smozgur Mar 20 '14 at 02:16
  • @smozgur, i should use double quotes? – ZKT Mar 20 '14 at 02:21
  • Backticks: ` or nothing in your query since it doesn't contain any reserved word. – smozgur Mar 20 '14 at 02:24
  • $query = "INSERT INTO publication (`citation`,`abstract`,`file_name`, `file_size`, `file_type`, `file_content` ) VALUES (`$cit`,`$abs`,`$fileName`, `$fileSize`, `$fileType`, `$content`)"; @smozgur , like this ? – ZKT Mar 20 '14 at 02:27
  • No, values need single quotes. Field names needs backticks or nothing. See http://stackoverflow.com/questions/261455/using-backticks-around-field-names, it explains it when and why. – smozgur Mar 20 '14 at 02:30
  • $query = "INSERT INTO $tbl_name (`citation`,`abstract`,`file_name`, `file_size`, `file_type`, `file_content` ) VALUES ('$cit','$abs','$fileName', '$fileSize', '$fileType', '$content')"; i still faced query failed – ZKT Mar 20 '14 at 02:37

2 Answers2

0
    $query = "INSERT INTO publication (`citation`,`abstract`,`file_name`, `file_size`, `file_type`, `file_content`) VALUES ('$cit','$abs','$fileName', '$fileSize', '$fileType', '$content')";

or you can use without wrapping field names

    $query = "INSERT INTO publication (citation, abstract, file_name, file_size, file_type, file_content) VALUES ('$cit','$abs','$fileName', '$fileSize', '$fileType', '$content')";

Because your field names are standard names which are not reserved word or contains special chars.

smozgur
  • 1,772
  • 1
  • 15
  • 23
  • i did exactly the same ... yet i still get error query failed.. i have no idea why ? please help ... n thanks... – ZKT Mar 20 '14 at 02:42
  • Execute your query with this: mysql_query($query) or die(mysql_error()); and see the exact error. The one I fixed was about single quotes around the fields. So you will see what's wrong now with mysql_error() instead printing out query failed string. – smozgur Mar 20 '14 at 02:48
0

For the fields in SQL you can leave it without quotations but for the values it should be inside a quotations whether it is variable or static.

$select = "INSERT INTO tbl_table (tbl_field1,tbl_field2) VALUES ('$value1','Test')";
nami
  • 1