0

Could you please help me to adjust the file upload function in this form.

I don't know any of PHP or how to work with DB, however thanks to some of the tutorials I found on the net, managed to make my form half-working. For now all the info except file uploading are working and being recorded to DB.

HTML:

<input id="firstname" type="text" placeholder="First name *" name="firstname" required>
<input id="lastname" type="text" placeholder="Last name *" name="lastname" required>
<input id="tel" type="tel" placeholder="Telephone nr *" name="tel" required>
<input id="email" type="email" placeholder="Email *" name="email" required>
<input id="file" type="file" name="file">
<input id="submit" type="submit" value="Submit">

<p id="yes">Success!</p>
<p id="no">Fail!</p>

PROCESSOR:

$connection = mysql_connect("localhost", "root", ""); // Establishing Connection with Server..
$db = mysql_select_db("reg", $connection);  // Selecting Database

// Fetching Values from URL

$first_name=$_POST['firstname'];
$last_name=$_POST['lastname'];
$tel=$_POST['tel'];
$email=$_POST['email'];
$file=$_POST['file'];

// Insert query
$query = mysql_query("INSERT INTO vart(firstname, lastname, tel, email, file) values ('$first_name', '$last_name', '$tel', '$email', '$file')");

mysql_close($connection); // Connection Closed

.JS:

$(document).ready(function(){
$("#submit").click(function(){
var name = $("#firstname").val();
var lastName = $("#lastname").val();
var tel = $("#tel").val();
var email = $("#email").val();
var file = $("#file").val();

// Returns successful data submission message when the entered information is stored in database.

var dataString = 'firstname='+ name + '&lastname='+ lastName + '&tel='+ tel + '&email='+ email + '&file='+ file;
if(name=='' || lastName=='' || tel=='' || email=='')
{
document.getElementById("no").style.display ='block';
document.getElementById("yes").style.display ='none';
}
else
{
// AJAX Code To Submit Form.
$.ajax({
type: "POST",
url: "process.php",
data: dataString,
cache: false,
success: function(result){
document.getElementById("yes").style.display ='block';
document.getElementById("no").style.display ='none';
}
});
}
return false;
});
});

Somehow foggy I understand that my form lacking some of these attributes:

enctype="multipart/form-data"
$_FILES['file']['name']
fuji
  • 317
  • 2
  • 19
  • Your code is vulnerable to SQL injection attacks. You should use [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](http://php.net/manual/en/pdo.prepared-statements.php) prepared statements as described in [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 12 '17 at 19:26
  • The `mysql_*` functions are deprecated as of PHP v5.5 and have been removed as of v7.0. They should not be used for new code and should be swapped out for [mysqli](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) equivalents as soon as possible. – Alex Howansky Apr 12 '17 at 19:26
  • Oh, thanks! Will take a look – fuji Apr 12 '17 at 19:28

0 Answers0