1

Pls i'm having issues inserting my form into the database. Each time i run the code, the error i get is

Warning: Undefined array key "course_image" in C:\xampp\htdocs\netadem\admin\apps\insert.php on line 154

Warning: Trying to access array offset on value of type null in C:\xampp\htdocs\netadem\admin\apps\insert.php on line 154

Warning: Undefined array key "course_video" in C:\xampp\htdocs\netadem\admin\apps\insert.php on line 155

Warning: Trying to access array offset on value of type null in C:\xampp\htdocs\netadem\admin\apps\insert.php on line 155

Warning: Undefined array key "course_image" in C:\xampp\htdocs\netadem\admin\apps\insert.php on line 159

Warning: Trying to access array offset on value of type null in C:\xampp\htdocs\netadem\admin\apps\insert.php on line 159

Warning: Undefined array key "course_video" in C:\xampp\htdocs\netadem\admin\apps\insert.php on line 163

Warning: Trying to access array offset on value of type null in C:\xampp\htdocs\netadem\admin\apps\insert.php on line 163

this is my form

<input type="hidden" name="instructor_id" value="<?=$id?>">
          <div class="row mb-3">
            <label for="inputNanme4" class="form-label"><strong>Course Title</strong></label>
            <div class="col-sm-10">
              <input type="text" name="course_title" class="form-control" id="inputNanme4">
            </div>
          </div>

          <div class="row mb-3">
            <label for="floatingTextarea" class="col-sm-2 col-form-label"><strong>Short Description</strong></label>
              <div class="form-floating">
                <textarea class="form-control" name="course_description" placeholder="Address" id="floatingTextarea" style="height: 100px; padding: 10px;"></textarea>
              </div>
            </div><br>

            <div class="row mb-3">
              <label class="form-label"><strong>Course Image</strong></label>
              <div class="col-sm-10">
                <input type="file" name="course_image" class="form-control" id="formFile">
              </div>
            </div><br>

            <div class="row mb-3">
              <label class="form-label"><strong>Course Video</strong></label>
              <div class="col-sm-10">
                <input type="file" name="course_video" class="form-control" id="formFile">
              </div>
            </div><br>

            <!-- Quill Editor Full -->
          <p><strong>Course Details </strong>(As much as possible, describe what this course is all about.)</p>
          <div class="form-floating">
                <textarea class="form-control" name="course_details" id="floatingTextarea" style="height: 250px; padding: 10px;"></textarea>
          </div><br><br>
          <!-- End Quill Editor Full -->

          <a href="my-courses.php" class="btn btn-danger float-start m-2">Back</a>
          <button type="submit" name="create-course" class="btn btn-primary float-start m-2">Submit</button>

here's my php insert logic code

if (isset($_POST['create-course'])) 
{
    $img_folder = "../uploads/images/";
    $videos_folder = "../uploads/videos/";
    if(!file_exists($img_folder))
        {
            mkdir($img_folder,0777,true);
            file_put_contents($img_folder."index.php", "<?php //silence");
            file_put_contents("../uploads/index.php", "<?php //silence");
        }
    elseif(!file_exists($videos_folder))
        {
            mkdir($videos_folder,0777,true);
            file_put_contents($videos_folder."index.php", "<?php //silence");
        }

        $current_time = time();

        $instructor_id      = $_POST['instructor_id'];
        $course_title       = mysqli_real_escape_string($connect, htmlentities($_POST['course_title']));
        $course_description = mysqli_real_escape_string($connect, htmlentities($_POST['course_description']));
        $course_details     = mysqli_real_escape_string($connect, htmlentities($_POST['course_details']));
       $course_image        = $current_time.$_FILES['course_image']['name']; (Line 154)
        $course_video       = $current_time.$_FILES['course_video']['name']; (line 155)

        //validate image
        $image_allowed      = ['image/jpeg','image/jpg','image/png'];
        $img_type           = $_FILES['course_image']['type']; (Line 159)

        //validate video
        $video_allowed      = ['video/mp4','video/avi','video/3gp','video/mov','video/mpeg'];
        $video_type         = $_FILES['course_video']['type']; (Line 163)

        $check_image = in_array($img_type, $image_allowed);
        $check_video = in_array($video_type, $video_allowed);

        if($check_image) // check file extension
            {
                
                if ($check_video) 
                    {
                        $query = "INSERT INTO courses (user_id,course_title,course_description,course_details,course_image,course_video) VALUES ('$instructor_id','$course_title','$course_description','$course_details','$course_image','$course_video')";
                        $query_run = mysqli_query($connect, $query);

                        if ($query_run) 
                            {
                                $img_tmp = $_FILES['course_image']['tmp_name'];
                                $destination = $img_folder.$current_time.$_FILES['course_image']['name'];
                                move_uploaded_file($img_tmp, $destination);

                                $video_tmp = $_FILES['course_video']['tmp_name'];
                                $vid_dst = $videos_folder.$current_time.$_FILES['course_image']['name'];
                                move_uploaded_file($img_tmp, $vid_dst);

                                $_SESSION['success'] = "Data Inserted Successfully.";
                                redirect('../my-courses.php');
                            }
                        else 
                            {
                                $_SESSION['error'] = "Operation failed!";
                                redirect('../courses-add.php');
                            }
                    }
                elseif(!$check_video)
                    {
                        $_SESSION['vid_error'] = "Only videos of type .mp4, .avi, .3gp, .mov, .mpeg are allowed.";
                        redirect('../courses-add.php');
                    }

            }
        elseif(!$check_image)
            {
                $_SESSION['img_error'] = "Only images of type .jpg, .jpeg, .png are allowed.";
                redirect('../courses-add.php');
            }

}

I'll glad if anyone can tell me why, my code isn't running.

M. Eriksson
  • 13,450
  • 4
  • 29
  • 40
Sam Akins
  • 63
  • 6
  • 2
    A `var_dump($_FILES)` will show you that the $_FILES array is not structured the way you expect it to be. – Guido Faecke Jul 15 '22 at 05:17
  • 1
    There is not `
    `-tag in your HTML. Please edit the question and include the _full_ HTML form. _Side note:_ both your `course_image` and `course_video`-inputs have the same `id`, which is invalid in HTML. Id's _must_ be unique within the document.
     – M. Eriksson Jul 15 '22 at 06:24
  • Yikes... `htmlentities()` is not be called before entering data into your database -- it's the function that you call before printing to an HTML document. Another Yikes... you need to be using prepared statements when querying your database. – mickmackusa Jul 15 '22 at 07:45
  • Needs Debugging Details, but this answer on a canonical looks relevant: ["Notice: Undefined variable", "Notice: Undefined index", "Warning: Undefined array key", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/a/46620059/2943403) – mickmackusa Jul 15 '22 at 07:52
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Jul 15 '22 at 08:14

1 Answers1

1

Thanks everyone. I actually discovered that I forgot to add 'enctype="multipart/form-data" to the form tag. Thanks all for your assistance.

Sam Akins
  • 63
  • 6