how to upload a file,save file details to mysql database using dropzone in php

Question

Hello I am trying to implement a drag and drog upload functionality using dropzone js framework.

Already I get the files uploaded succesfully using the below snippet

<link rel="stylesheet" href="https://rawgit.com/enyo/dropzone/master/dist/dropzone.css">
<form action="upload.php" class="dropzone"></form>

<script src="https://rawgit.com/enyo/dropzone/master/dist/dropzone.js"> 
</script>
<script>
    //Disabling autoDiscover
    Dropzone.autoDiscover = false;

     $(function() {
        //Dropzone class
        var myDropzone = new Dropzone(".dropzone", {
            url: "upload.php",
            paramName: "file",
            maxFilesize: 2,
            maxFiles: 10,
            acceptedFiles: "image/*,application/pdf"
        });
     });
</script>

Now I am trying to save the details of the uploaded details using this below

<?php
    include_once("dbconf.php");
    if(!empty($_FILES)){
      $upload_dir = "media/";
      $fileName = $_FILES['file']['name'];
      $uploaded_file = $upload_dir.$fileName;
      if(move_uploaded_file($_FILES['file']['tmp_name'],$uploaded_file)){

         $mysql_insert = "INSERT INTO gallery (file)VALUES('".$fileName."')";
         mysqli_query($conn, $mysql_insert) or die("database error:". 
         mysqli_error($conn));
        }
      }
?>

But the file details are not saved in the database.

Please note i have checked quite a number of implementations online that have almost the same implementation. they also do not work.

Please help

many things can be wrong.. 1) PHP max execution time 2) Max file upload size.3) Missing directory privileges .. So you need to bedug better on the PHP side.. Also your code is prone to SQL injections.. — Raymond Nijland, Mar 11 '19 at 15:17
@RaymondNijland i am aware of this, i am just string to get the basics at least, e.g saving into the database. thanks — Lloyd, Mar 11 '19 at 15:25
@RaymondNijlandthe file gets uploaded, but details of the upload is not saved in the database — Lloyd, Mar 11 '19 at 15:26
Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and ideally should not be used in new code. — tadman, Mar 11 '19 at 16:42
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Mar 11 '19 at 16:42
Note: A lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so any mistakes made aren’t easily ignored. Many return values cannot be ignored, you must pay attention to each one. Exceptions don’t require individual checking, they can be caught at a higher level in the code. — tadman, Mar 11 '19 at 16:43

Vidal · Accepted Answer · 2019-03-11T15:57:20.350

0

On your query you have file, file is a reserved word on mysql, you should add quotes. 'files'.

$uploaded_file = $upload_dir.$fileName;
if(move_uploaded_file($_FILES['file']['tmp_name'], $uploaded_file)){
    $mysql_insert = "INSERT INTO gallery (`file`)VALUES('".$fileName."')";
    mysqli_query($conn, $mysql_insert) or die("database error:". 
    mysqli_error($conn));
}

Ref: https://dev.mysql.com/doc/refman/8.0/en/keywords.html#keywords-8-0-detailed-F

edited Mar 11 '19 at 15:57

answered Mar 11 '19 at 15:29

Vidal

2,605
2
16
32

it already saves, the prblem i have is the details of the file e.g name is not inserted to database – Lloyd Mar 11 '19 at 15:40
please see my updated answer, added `` to file column. file is a reserve work in mysql. – Vidal Mar 11 '19 at 15:43
using ur method neither the upload functionality or insert statement works. thanks – Lloyd Mar 11 '19 at 15:49
did you update your query as "INSERT INTO gallery ('file')VALUES('".$fileName."')"; ? if so, what error are you getting ? – Vidal Mar 11 '19 at 15:51
unable to move file into to upload directory, that was the error – Lloyd Mar 11 '19 at 15:54
now it works, i didnt make use of $_SERVER['DOCUMENT_ROOT'] and then i made use of the quotes like u said – Lloyd Mar 11 '19 at 15:57
can i ask one more question please, how can i get it to be uploaded only upon submit of button thanks – Lloyd Mar 11 '19 at 15:58
can you accept this answer and create a new one. I will help you with the next one. – Vidal Mar 11 '19 at 16:02
done why dont you just adjusted the code to show what am askin – Lloyd Mar 11 '19 at 16:04
Is a different problem is js related. – Vidal Mar 11 '19 at 16:06
@Lloyd did you post the js question ? – Vidal Mar 11 '19 at 17:09

how to upload a file,save file details to mysql database using dropzone in php

1 Answers1