update an existing file in mysql database with new file

Question

<form  action="insertresubmittedpaper.php" autocomplete="on" enctype="multipart/form-data" method="post"> 
                               <h1>Re-Submit Paper</h1>
                                 
         
        
        
        
        <p>
        
        
        
       
        <input type="file" name="uploaded_file"><br>
                               
       
        </p>
        
        
        
        
        <br>
         
      <br>
                                <center> 
        <p class="submit button"> 
                                <input type="submit" value="Submit"> 
        </p>
        </center>
        
                            </form>

Hello I'm working on a project where I need to insert a file into database, and after that I have an option where the user can update the existing file in database using a form and when once updated it will be redirected to another page. I'm using PHP , mysql.

The Problem is a new file is not being updated into the database, but it is redirecting to another page. Here i'm posting my code. Please suggest me necessary changes.

<?php
session_start(); 
if(isset($_SESSION['username']))  
  { 
  echo "<div id='User'>Welcome: " . $_SESSION['username'] . "</div>"; 
  }  
else 
   { 
     echo "<div id='Guest'>Welcome: Guest </div>"; 
     } 



/*
Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password)
*/

if(isset($_FILES['uploaded_file'])) {
    // Make sure the file was sent without errors
    if($_FILES['uploaded_file']['error'] == 0) {



$link = mysqli_connect("localhost", "kuda", "secret", "researchcloud");

// Check connection
if($link === false)
{
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

$UserName=$_SESSION['username'];
$Subject = mysqli_real_escape_string($link, $_POST['subject']);
$Category = mysqli_real_escape_string($link, $_POST['category']);
$Journal = mysqli_real_escape_string($link, $_POST['journal']);



$mime = mysqli_real_escape_string($link, $_FILES['uploaded_file']['type']);
$data = mysqli_real_escape_string($link, file_get_contents($_FILES  ['uploaded_file'] ['tmp_name'] ));


// attempt insert query execution
$sql = "UPDATE rc_ijai set FullPaper='$data', mime='$mime' where A1Email='$UserName' and Journal='$Journal'";



 if(mysqli_query($link, $sql))
 {
 header('Location:authorprofile.php');

} 
else{
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}

mysqli_close($link);
}
}

else {
        echo 'An error occurred while the file was being uploaded. '
           . 'Error code: '. intval($_FILES['uploaded_file']['error']);
    }


?>

Add error reporting to the top of your file(s) right after your opening PHP tag for example ` — Funk Forty Niner, Mar 30 '15 at 15:50
I'm surprised the redirect works as you are outputting html at the top of your script... — jeroen, Mar 30 '15 at 15:51
*Plus,* since you didn't post your form, I'm taking a *wild and blind stab* at this: Your form isn't using a POST method, and/or you're not using a valid enctype, and/or your input element is not named and/or it has a typo. *Take your pick.* Error reporting above will tell you. *A lot of AND/OR's eh?* — Funk Forty Niner, Mar 30 '15 at 15:53
After trying above code, I'm getting this error: Notice: Undefined index: uploaded_file in line 65 Line 65: echo 'An error occurred while the file was being uploaded. ' . 'Error code: '. intval($_FILES['uploaded_file']['error']); But we have properly defined it. — Atchyut Nagabhairava, Mar 30 '15 at 15:57
Well there you go. I knew it. 2 points for me. That's what you get for not posting your HTML form; wasting time. — Funk Forty Niner, Mar 30 '15 at 15:58
**WARNING**: When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). **NEVER** put `$_POST` data directly into a query. Calling the escape functions manually is usually a sign you're doing this incorrectly. — tadman, Mar 30 '15 at 16:00
You're behind your computer, we're not. When you post questions; post relevant code next time. Almost 20 minutes of wasted time. — Funk Forty Niner, Mar 30 '15 at 16:06
Can you `var_dump($_FILES)` ? you say : 'But we have properly defined it' Can you show html form ? In you
did you define `enctype="multipart/form-data"` ? Input type file name is uploaded_file ? — Benjamin Poignant, Mar 31 '15 at 14:17

score 0 · Answer 1 · answered Mar 30 '15 at 16:40

Don't use mysqli_query() to check that query has been executed or not. specially for insert and update queries. Because for update query some times a query will get executed and non of the row will get updated. So for insert and update check the number of rows affected after the query execution. After checking this You can easily solve it.

update an existing file in mysql database with new file

1 Answers1