0

I have a webpage intended to allow users to upload a file and submit a comment. The file and respective comment should then be input into a MySQL database. Currently, if someone tries to do this, the file is uploaded and the link is inserted into the database as it should be. However, the comment never gets entered into the database. The webpage has the following code:

<div style="padding-left: 225px; padding-top: 15px; padding-bottom: 15px; background-color: #754f00; border-style: solid; border-weight: 4px; border-color: black;">

<div class="uploadbox"  style='margin-left: 100px'>

<? include('uploadform.php') ?>
<? include('uploader.php'); ?>


</div>

<center>
<? include('testpost.php'); ?>
</center>

</div>


<br>
<hr>
<br>


<center>

<? include('feed.php'); ?>

</center>

Where the file uploadform.php is given by

<form enctype="multipart/form-data" method="POST">

    Comment:<br />
    <textarea name='comment' id='comment'></textarea><br />

    <input type="hidden" name="MAX_FILE_SIZE" value="10000000" />

    Choose a file to upload: <input name="uploadedfile" type="file" /><br />

    <input type="submit" value="Submit" />


</form>

The file uploader.php contains the following:

<?php

if( $_POST ){
// Where the file is going to be placed 
$target_path = "uploads/";

/* Add the original filename to our target path.  
Result is "uploads/filename.extension" */
$target_path = $target_path .time() .basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The  <a href=" . $target_path . ">file</a> has been uploaded! <br /> LINK: " . $target_path;

  $con = mysql_connect("localhost","theshitp_user","password");

  if (!$con)
  {
    die('Could not connect: ' . mysql_error());
  }

  mysql_select_db("theshitp_posts", $con);

  $query = "
  INSERT INTO `theshitp_posts`.`test2` (`file`) VALUES ( '$target_path' );";

  mysql_query($query);

  echo "<p style='color: grey;'><b>Thank you for your Comment!</b></p>";

  mysql_close($con);


} else{
    echo "There was an error uploading the file, please try again!";
}

}

?>

And the file testpost.php contains

<?
if( $_POST )
{
  $con = mysql_connect("localhost","theshitp_user","password");

  if (!$con)
  {
    die('Could not connect: ' . mysql_error());
  }

  mysql_select_db("theshitp_posts", $con);

  $users_comment = $_POST['comment'];

  $users_comment = mysql_real_escape_string($users_comment);

  $query = "
  INSERT INTO `theshitp_posts`.`test2` (`id`, `comment`, `timestamp`) VALUES (NULL, '$users_comment', CURRENT_TIMESTAMP() );";

  mysql_query($query);

  echo "<p style='color: grey;'><b>Thank you for your Comment!</b></p>";

  mysql_close($con);
}
?>

Can anyone see why file links are being entered into the database as they should, but comments are not? The id and timestamp fields are also being entered correctly into the database.

M Smith
  • 430
  • 1
  • 7
  • 19

2 Answers2

3

Look at your query parameter in testpost.php file-->

$query = "
  INSERT INTO `theshitp_posts`.`test2` (`id`, `comment`, `timestamp`) VALUES (NULL, '$users_comment', CURRENT_TIMESTAMP() );";

First thing semi-colon in the query parameter remove this inner ';' first $query=";"; <-- in the query and

Second id = NULL <-- which is not allowed in case of primary key, it could be blank for auto-increment but not NULL

so the new query 

$query = " INSERT INTO `theshitp_posts`.`test2` (`id`, `comment`, `timestamp`) VALUES ('', '$users_comment', CURRENT_TIMESTAMP() )";
Jaydeep Goswami
  • 132
  • 1
  • 9
  • I'll try replacing NULL with a blank entry. Where do you see a ; in the query? At the very end? – M Smith Apr 27 '16 at 10:39
  • yes, at the end in testpost.php inside $query=" ; " <<-- here – Jaydeep Goswami Apr 27 '16 at 10:42
  • Thanks, that worked. The only issue left is that it creates 2 seperate database entries: one with the file link and a blank entry for the comment, and another with a NULL entry for the file link and a correct entry for the comment. Any idea how I can get all of this data in one row of the database, rather than 2? – M Smith Apr 27 '16 at 10:50
  • so for this you have to do the update operation instead of insert into table for the second time, this second time insert creates the new row in the table.. are you getting me? so keep your ID handy when you insert the row for file name by using mysql_insert_id() ... and use that ID to update the row.. – Jaydeep Goswami Apr 27 '16 at 10:54
  • Thanks for all your help. Hopefully I'll be able to take it from here! – M Smith Apr 27 '16 at 11:02
  • 1
    change $query in testpost.php to this` $query=" Update theshitp_posts.test2 SET comment=$comment, timestamp=CURRENT_TIMESTAMP() where id=".$id;` – Jaydeep Goswami Apr 27 '16 at 11:02
  • $id needs to be defined though. How can I do this so that the correct id is assigned to this variable? Maybe I could use d $id = max('id'); ? – M Smith Apr 27 '16 at 12:58
  • you could use $id = max('id') also otherwise the simple way could be as i said before, add this line in uploader.php after you have fired the query $id = mysql_insert_id(); and use the same $id in testpost.php file.. . Try this if this works.. – Jaydeep Goswami Apr 27 '16 at 17:51
0

You are trying to insert Null in 'id' that must be primary key, so this query is not working,You need to correct it. see -SQL Server, can't insert null into primary key field?

Community
  • 1
  • 1
Afshan Shujat
  • 541
  • 4
  • 9