Error sending data to bank with DropzoneJS

Question

I'm having a big problem trying to send data with DropzoneJS. I need to send the data to the database in JSON format but when I can do that I can't upload files, when I can save the data in the database I can't upload I get the error: Array to string conversion in. I tried to use a foreach but I didn't get exist.

This is the dropzone code:

Dropzone.autoDiscover = false;
        var myDropzone = new Dropzone("#kt_dropzonejs_example_1", {
            url: "upload.php", // Set the url for your upload script location
            paramName: "files[]",
            autoDiscover: false,
            maxFiles: 10,
            dictRemoveFile: 'Remover Arquivo',
            acceptedFiles: ".png,.jpg,.pdf,.jpeg",
            uploadMultiple: true,
            parallelUploads: 10,
            maxFilesize: 10, // MB
            addRemoveLinks: true,
            init: function() {
                this.on("removedfile", function(file) {
                    alert("Deletar esse arquivo?");
                    $.ajax({
                        url: 'delete.php?filetodelete=' + file.name,
                        type: "POST",
                        data: {
                            'filetodelete': file.name
                        }
                    });
                });

            }

        });

My PHP code for submission looks like this:

<?php
include("conexao.php");

define('DEST_DIR', __DIR__ . '/files');

if (isset($_FILES['files']) && !empty($_FILES['files']['name'])) {

    $files = $_FILES['files'];

    $total = count($files['name']);

  
    for ($i = 0; $i < $total; $i++) {
    
         $nomeArquivo = $_FILES["files"]["name"][$i];
        $tamanhoArquivo = $_FILES["files"]["size"][$i];
        $nomeTemporario = $_FILES["files"]["tmp_name"][$i];
        
        // Verifica se o arquivo foi colocado no campo
        if (!empty($nomeArquivo)) {
        
        
            // Se não houver erro
            if (!move_uploaded_file($nomeTemporario, DEST_DIR .'/'. $nomeArquivo)) {
                echo "Erro ao enviar";
            } 
            // Se houver erro
            else {
                
                echo "Deu certo";
            }
        }
    }

    //Here I am send the data to the bank in json format
    $sql_code = "INSERT INTO photos (photo) VALUES ('" . $json . "')";

    if ($mysqli->query($sql_code)) {
        echo "Success!";
    } else {
        echo  "Error";
    
    }
}

**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Feb 18 '22 at 22:21
Hi, thanks for the comment, but this is just a test model. The actual project follows all the recommendations. I like to do tests before integrating the final code into the project. — Sapinn, Feb 18 '22 at 22:31
Please show us the real code in the question. We are not interested in seeing fake code that nobody will every use. — Dharman, Feb 18 '22 at 22:32
Agreed with @Sapinn. Question is still valid to ask even if there is SQL injection. Check sql query generated. .as error is at database insertion. — devilpreet, Feb 23 '22 at 10:39

Error sending data to bank with DropzoneJS

0 Answers0