0

Uploading the file is okay, but storing the path and the name of the file into my database is not.

This is my form html.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">


<form action="../model/uploadcredentials.php" method="POST" enctype="multipart/form-data">
    <input type="file" name="fileToUpload" placeholder="Upload your credentials">
    <button type="submit" name="submit">Upload</button>
</form>

And here is my action file

<?php
if(isset($_FILES["fileToUpload"]["name"]))
{
    $target_dir = "../assets/credentials/";
    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
    // Check if image file is a actual image or fake image
    if(isset($_POST["submit"])) {
        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
        if($check !== false) {
            echo "File is an image - " . $check["mime"] . ".";
            $uploadOk = 1;

        } else {
            echo "File is not an image.";
            $uploadOk = 0;
        }
    }
    // Allow certain file formats
    if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
    && $imageFileType != "gif" ) {
        echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
        $uploadOk = 0;
    }
    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.";
    // if everything is ok, try to upload file
    } else {
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) 
        {
            echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";

            $file = stripcslashes($_FILES["fileToUpload"]["name"]);
            $file = mysqli_real_escape_string($con,$file);
            $query = $con->query("INSERT INTO `portfolio`(p.desc) VALUES('$file')");
        } else {
            echo "Sorry, there was an error uploading your file.";
        }
    }
}
?>

I`am trying to get the filename and the path to store it in my database

Raghbendra Nayak
  • 1,606
  • 3
  • 22
  • 47
Harly Dakay
  • 67
  • 1
  • 6
  • What problem do you exactly encounter? I don't see where `$con` is coming from? – KIKO Software Jul 22 '18 at 06:17
  • $con is for the connection. – Harly Dakay Jul 22 '18 at 06:24
  • It's always worth checking for and reporting errors, it might be that in your INSERT, `(p.desc)` is trying to find a table called `p` (usually an alias) which isn't defined. Try `(desc)`. – Nigel Ren Jul 22 '18 at 06:25
  • You should also look into prepared statements as this has loads of benefits. – Nigel Ren Jul 22 '18 at 06:25
  • the problem is im having trouble storing the filename and the path into my database. – Harly Dakay Jul 22 '18 at 06:26
  • @HarlyDakay I know `$con` is for the connection, and we know what you try to achieve. We need details. Which errors do you get? What goes wrong? What have you tried to solve this problem? Why can't you work it out? Etc. Remember that we cannot run your code. It's incomplete, and we don't know your database structure. – KIKO Software Jul 22 '18 at 06:28

1 Answers1

0

It's always worth checking for and reporting errors.

In your INSERT, (p.desc) is trying to find a table called p (usually an alias) which isn't defined. Try...

$query = $con->query("INSERT INTO portfolio(desc) VALUES('$file')");

(Without the p.).

BUT I still recommend using prepared statements, have a read of How to create a secure mysql prepared statement in php?

Nigel Ren
  • 56,122
  • 11
  • 43
  • 55