0

So i wrote this script and i kept getting failed to upload message, please point out where i did wrong and please give a good example for the script. The image wasn't uploaded to database, but it was moved to the directory 'upload/'. And the $start & $stop variable was in date. I'd stuck in this one for several days. Here's the code. 

include "../config/database.php";

$title = $_POST['title'];
$id = $_POST['id'];
$genre = $_POST['genre'];
$start = $_POST['start'];
$stop = $_POST['stop'];
$description = $_POST['description'];

$target_dir = "upload/";
$target_file = $target_dir . basename($_FILES["image"]["name"]);

$uploadOK = 1;

$imagetype = pathinfo($target_file, PATHINFO_EXTENSION);

if (isset($_POST["submit"])) {
    $check = getimagesize($_FILES["image"]["tmp_name"]);
    if ($check !== false) {
        echo "File is an image -" . $check["mime"] . ".";
        $uploadOK = 1;
    } else{
        echo "File isn't an image.";
        $uploadOK = 0;
    }
}

if (file_exists($target_file)) {
    echo "Sorry, file is already exist.";
    $uploadOK = 0;
}
if ($_FILES["image"]["size"] > 5000000) {
    echo "Sorry, file is too large.";
    $uploadOK = 0;
}

if ($imagetype != "jpg" && $imagetype != "jpeg" && $imagetype != "png" && $imagetype != "gif") {
    echo "Sorry, only JPEG, JPG, PNG and GIF are allowed.";
    $uploadOK = 0;
}

if ($uploadOK == 0) {
    echo "Failed to upload.";
} else {
    if(move_uploaded_file($_FILES["image"]["tmp_name"] , $target_file)){

        $query = mysql_query("INSERT INTO anidata (id, title, image, genre, start, stop, description) VALUES ('$title', '$id', '$target_file', '$genre', '$start', '$stop', '$description') ");
        $uploadOK = 1;

        if ($query) {
            header("Location: view.php");
        }else{
            echo "<p>Failed to upload</p>";
        }
    }
}

I really appreciate any help, thank you :)

hjpotter92
  • 78,589
  • 36
  • 144
  • 183
andhikaribrahim
  • 341
  • 6
  • 24
  • [Please, don't use `mysql_*` functions](http://stackoverflow.com/q/12859942/1190388) in new code. They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about prepared statements instead, and use [tag:PDO] or [tag:MySQLi]. – hjpotter92 Nov 24 '14 at 01:33

1 Answers1

0

Your query's values look like they are not in the correct order ($id and $title should be the other way round). Change this;

$query = mysql_query("INSERT INTO anidata (id, title, image, genre, start, stop, description) VALUES ('$title', '$id', '$target_file', '$genre', '$start', '$stop', '$description') ");

to this;

$query = mysql_query("INSERT INTO anidata (id, title, image, genre, start, stop, description) VALUES ('$id', '$title', '$target_file', '$genre', '$start', '$stop', '$description') ");

Also make sure that your variables types are in accordance with your table's fields (e.g. you don't try to save a string where an integer should be).

tkounenis
  • 665
  • 4
  • 18