Transfer of form inputs by POST method

Question

I am trying to make a form and retrieve the values of the form on another PHP file by POST method.

but Unfortunately it doesn't seem to work.

below is the form input file

<form action="uploadimage.php" method="POST" enctype="multipart/form-data">
<div align="center"><table border=0>';
echo"<tr><td>Caption: </td><td><input type='text' name='caption'></td></tr>
<tr><td>Album</td><td>";                    
$Query='SELECT * FROM  `gallery`';
$result=mysqli_query($connection,$Query);
echo'<select name="albums">';
$count=0;
$previous=-1;
while($data=mysqli_fetch_array($result))
{
    if($previous<$data['album'])
    {
    echo "<option value=".$data['album'].">".$data['album']."</option>";
    $previous=$data['album'];
    }
    if($count<=$data['album'])
    {
        $count=$data['album']+1;
    }
}
echo "<option value='.$count.'>New Album</option>";
echo"</select></td></tr>
<tr><td>Picture: </td><td><input type='file' name='photo'></td></tr>
<tr><td></td><td><input type='submit' name='upload_btn' value='upload'></td></tr>
</table></div>
</form>

Don't mind the other codes, I am just worried about the transfer of the input values of the form.

Here is the code to receive the values of the form in another PHP file

require_once"connection.php";
$target_Path='img/displays/';
$caption=$_POST['caption'];
$albums=$_POST['albums'];
$target_Path = $target_Path.basename($_FILES['photo']['name'] );
move_uploaded_file( $_FILES['photo']['tmp_name'], $target_Path);
$withoutExt = preg_replace("/\\.[^.\\s]{3,4}$/", "", $target_Path);
mysqli_query($connection,"INSERT INTO `ett`.`gallery` (`id` ,`album`,`name`,`path`)VALUES (NULL,'".$albums."','".$caption."','".$withoutExt."')");

and the error which I receive is as follows

Notice: Undefined index: caption in C:\wamp\www\ETT Logo\Controlpanel\uploadimage.php on line 12

I receive the above error for all of the inputs in the form. and the values are not being transmitted.

I also dont see any error checking related to the file upload [See the manual](http://php.net/manual/en/features.file-upload.php) — RiggsFolly, Nov 28 '16 at 09:28
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Nov 28 '16 at 09:29
Thank you Riggs, I will look into those, I am still a newbie when it comes to scripts so I am still working on my skills — Mustafa Azad, Nov 28 '16 at 09:49

score 1 · Answer 1 · edited Nov 28 '16 at 09:30

Use tag to submit the form. e.g Then your code will be like this:-

<form method="POST">
<table border=0>';
echo"<tr><td>Caption: </td><td><input type='text' name='caption'></td></tr>
<tr><td>Album</td><td>";                    
$Query='SELECT * FROM  `gallery`';
$result=mysqli_query($connection,$Query);
echo'<select name="albums">';
$count=0;
$previous=-1;
while($data=mysqli_fetch_array($result))
{
    if($previous<$data['album'])
    {
    echo "<option value=".$data['album'].">".$data['album']."</option>";
    $previous=$data['album'];
    }
    if($count<=$data['album'])
    {
        $count=$data['album']+1;
    }
}
echo "<option value='.$count.'>New Album</option>";
echo"</select></td></tr>
<tr><td>Picture: </td><td><input type='file' name='photo'></td></tr>
<tr><td></td><td><input type='submit' name='upload_btn' value='upload'></td></tr>
</table>
</form>

Guys, I have edited the code, I haven't forgot the form tag, I just updated it, I didn't copy paste all of the code on the first time because the code is a bit too long — Mustafa Azad, Nov 28 '16 at 09:48

Transfer of form inputs by POST method

1 Answers1