File uploading to server PHP

Question

First of all I want to say that I'm not a technical guy and that the scripts I use are scripts that I found online. With the scripts that I found I than play around with them until it does what I want it to do.

So I hope for kindness in the answers on my question.

I've made a registration form where I want the user to fil in their details, attache a file and sent it to my database.

I've managed to tweak the forms so that at this moment I'm getting everything nicely into my database.

But, and this is my question. I want the file that the user attached stored on my webserver so when I perform a search I can view the file.

Here I go with my files. I hope anyone is willing to help me out what I'm doing wrong.

Index.php

<?PHP
require_once("./include/membersite_config.php");

if(isset($_POST['submitted']))
{
   if($fgmembersite->RegisterUser())
   {
        $fgmembersite->RedirectToURL("thank-you.html");
   }
}
?>

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="HandheldFriendly" content="True"><meta name="MobileOptimized" content="320"><meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0" templatewidth="940">
<link href="//fonts.googleapis.com/css?family=Arimo%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%2Citalic%2Cregular&amp;subset=all" rel="stylesheet" type="text/css">

<link rel="stylesheet" href="//ajrecruit.be/onewebstatic/e252b917fa.css">
<script type='text/javascript' src='scripts/gen_validatorv31.js'></script>
<link rel="STYLESHEET" type="text/css" href="style/pwdwidget.css" />
<script src="scripts/pwdwidget.js" type="text/javascript"></script>
</head>
<body>
<div class="row" style="min-height:586px;width:940px;margin:auto;">
<div class="extra" style="margin:86px 320px 0px 220px;">
<div class="component  block idDD64D2318FF04CF59133D806E6A0D267" style="width:400px;">
<div class="self mobile-leaf contactFormContainer" style="width:400px;min-height:500px;" onclick="if(event.target ===  this) {event.stopPropagation();}">
<div id='fg_membersite'>



<form id='register' action='<?php echo $fgmembersite->GetSelfScript(); ?>' method='post' accept-charset='UTF-8'>

<input type='hidden' name='submitted' id='submitted' value='1'/>

<div><span class='error'><?php echo $fgmembersite->GetErrorMessage(); ?></span></div>

    <div class='container'>
    <label for='voornaam' >Voornaam*: </label><br/>
    <input type='text' name='voornaam' />
    </div>
    <div class='container'>
    <label for='familienaam' >Familienaam*: </label><br/>
    <input type='text' name='familienaam' />
    </div>
    <div class='container'>
    <label for='adres' >Adres*: </label><br/>
    <input type='text' name='adres' />
    </div>
    <div class='container'>
    <label for='postcode' >Postcode*: </label><br/>
    <input type='text' name='postcode' />
    </div>
    <div class='container'>
    <label for='gemeente' >Gemeente*: </label><br/>
    <input type='text' name='gemeente' />
    </div>
    <div class='container'>
    <label for='email' >Email*: </label><br/>
    <input type='text' name='email' />
    </div>
    <div class='container'>
    <label for='tele' >Telefoon*: </label><br/>
    <input type='text' name='tele' />
    </div>
    <div class='container'>
    <label for='username' >Username*: </label><br/>
    <input type='text' name='username' />
    </div>
    <div class='container'>
    <label for='password' >Wachtwoord*: </label><br/>
    <div class='pwdwidgetdiv' id='thepwddiv' ></div>
    <noscript>
    <input type='password' name='password' />
    </noscript>
    </div>
    <input type="file" name="file" />
    <button type="submit" name="btn-upload">upload</button>
    </form>
    <br /><br />

<script type='text/javascript'>
// <![CDATA[
    var pwdwidget = new PasswordWidget('thepwddiv','password');
    pwdwidget.MakePWDWidget();
// ]]>
</script>

</div>
</body>
</html>

fg_membersite.php I know it's a very long script but I does a bunch of other things, like mailing registration confirmation. I've tried to make a function that uploads the attached file to my server folder "uploads", but don't seem to get it.

collection function

function CollectRegistrationSubmission(&$formvars)
    {
        $formvars['voornaam'] = $this->Sanitize($_POST['voornaam']);
        $formvars['familienaam'] = $this->Sanitize($_POST['familienaam']);
        $formvars['adres'] = $this->Sanitize($_POST['adres']);
        $formvars['postcode'] = $this->Sanitize($_POST['postcode']);
        $formvars['gemeente'] = $this->Sanitize($_POST['gemeente']);
        $formvars['email'] = $this->Sanitize($_POST['email']);
        $formvars['tele'] = $this->Sanitize($_POST['tele']);
        $formvars['file'] = $this->Sanitize($_POST['file']);
        $formvars['username'] = $this->Sanitize($_POST['username']);
        $formvars['password'] = $this->Sanitize($_POST['password']);

}

> Insert into database function

function InsertIntoDB(&$formvars)
    {

        $confirmcode = $this->MakeConfirmationMd5($formvars['email']);

        $formvars['confirmcode'] = $confirmcode;

        $insert_query = 'insert into '.$this->tablename.'(
                voornaam,
                familienaam,
                adres,
                postcode,
                gemeente,
                email,
                tele,
                file,
                username,
                password,
                confirmcode
                )
                values
                (
                "' . $this->SanitizeForSQL($formvars['voornaam']) . '",
                "' . $this->SanitizeForSQL($formvars['familienaam']) . '",
                "' . $this->SanitizeForSQL($formvars['adres']) . '",
                "' . $this->SanitizeForSQL($formvars['postcode']) . '",
                "' . $this->SanitizeForSQL($formvars['gemeente']) . '",
                "' . $this->SanitizeForSQL($formvars['email']) . '",
                "' . $this->SanitizeForSQL($formvars['tele']) . '",
                "' . $this->SanitizeForSQL($formvars['file']) . '",
                "' . $this->SanitizeForSQL($formvars['username']) . '",
                "' . md5($formvars['password']) . '",
                "' . $confirmcode . '"
                )';      
        if(!mysql_query( $insert_query ,$this->connection))
        {
            $this->HandleDBError("Error inserting data to the table\nquery:$insert_query");
            return false;
        }        
        return true;
    }

So if anybody is willing to tell me how I need to do it to get a function that uploads the attached file into my folder 'uploads', that would be much appriciated.

Answer 1

first of all add attribute enctype="multipart/form-data" to your form

then

instead of

$formvars['file'] = $this->Sanitize($_POST['file']);

use

$formvars['file'] = $this->Sanitize($_FILES['file']['name']);

for getting file name which will be stored in database

There are other files array which may be useful to you

$_FILES['file']['name']; //contain name of file
$_FILES['file']['type'];//contain type (mime type) of file
$_FILES['file']['tmp_name'];//contain temporary path of file
$_FILES['file']['size'];//contain sizeof file

after successfull inserting in database

copy file to your directory (may be custom)

move_uploaded_file($_FILES['file']['tmp_name'],"MY_PATH/".$_FILES['file']['name']);

Answer 2

you have to add the attribute enctype="multipart/form-data" to your form. when the user submits the form the file will be uploaded to a tmp file on your server. you can then use move_uploaded_file() to move the file wherever you want. hope this helps

p.s. docs: http://php.net/manual/en/features.file-upload.post-method.php