0

I need to submit ( insert into one table ) multiple text inputs with a file upload input via one php form but the whole operation failes and I got an error ( failed to add ) and after checking the error I found that this happens because of an empty input ( the upload file input ) because of the feilds validation, actually that happens ( the empty field ) because of the error ( undefined index ( the input file upload value ).

So I need help to get rid of this to complete sending the data.

and here is the upload.php code and the html form.

<form enctype="multipart/form-data" name="add_book" action="upload.php" method="post">

       <input type="text" name="book_title" placeholder="Book Title .." required="required">

       <input type="file" name="file_up" accept="image/*" required="required"/>

       <input type="submit" name="add_book" value="Submit">

</form>

<?php

if (isset($_POST['add_book'])) {
    $req_fields = array('book_title','file_up');
          validate_fields($req_fields);
  if(empty($errors)){

    $book_title = (isset($_POST['book_title ']) ? $_POST['book_title '] : null);
    $file_up = (isset($_POST['file_up']) ? $_POST['file_up'] : null);

    $query = "SELECT `id` FROM `books` WHERE `book_title ` = '$book_title ' OR `file_up` = '$file_up' LIMIT 1";
    $result = $db->query($query);
    if ($result && $db->num_rows($result) > 0) {
    //failed because the entered one of the two values is already exists in the db
    echo "error already exists";
    return ('page.php');
    }

    // upload file
    if (!empty($_FILES['file_up'])) {
      if(move_uploaded_file($_FILES["file_up"]["tmp_name"], "files/" . $_FILES["file_up"]["name"]))
      $file_up = "files/" . $_FILES["file_up"]["name"];
      echo "successfully added";
      return ('page.php');
    }
    else
      $file_up='';
      echo "failed to add";
      return ('page.php');

    // insert data to db
    $query = "INSERT INTO `books` (`book_title`, `file_up`) VALUES ('$book_title', '$file_up')";

          if($db->query($query)) {
             echo "successfully added";
             return ('page.php');
          } else {
             echo "failed to add";
             return ('page.php');
                 }
  } 
            else {
            echo $errors;
            return ('page.php');
                 }
}
?>
Nader Hussein
  • 1
  • 3
  • "failed to add" appears twice in your code. Which one are you seeing? Make the messages unique then you'll have a better idea of where things went wrong. And/or use a debugger or some extra logging to help you. – ADyson May 01 '23 at 00:43
  • P.s. `(isset($_POST['file_up'])` will never be true. `file_up` will be in $_FILES not $_POST (which you've used correctly elsewhere in the script). – ADyson May 01 '23 at 00:45
  • This code is vulnerable to SQL injection and also SQL syntax issues. Please urgently read [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) … and fix your code. I don't know where you learned to write PHP/SQL code in the insecure, error-prone way you've done it above, but please don't learn anything else from that source in future, because it is clearly teaching you bad things. – ADyson May 01 '23 at 00:47
  • `I need to submit ( insert into one table ) multiple text inputs with a file upload input via one php form`...but the form you've shown us only has 1 text input. So it's unclear why you mentioned this, or how it would relate to the problem you're reporting – ADyson May 01 '23 at 00:49
  • @ADyson , I made the code shorter in that question instead of writing the whole code ( there was 8 text inputs), and "failed to add" is the first one which is under $file_in=''; that was the one that I see, I checked it by making it in a different text msg. – Nader Hussein May 01 '23 at 19:46
  • @ADyson , and the reason to fail is because it sends empty field because it gives me an error undefined index in the validation functions in the functions.php file, so the whole operation stops but ( if I removed enctype="multipart/form-data" from the html form or the validation from the upload.php file ) it sends the data with an empty file field. – Nader Hussein May 01 '23 at 19:50
  • @ADyson , that is a messed up code I know I am still a beginner, I need to keep the enctype="multipart/form-data" from the html form and the validation from the upload.php file to make sure that every thing is good and in a right way, so I am thinking that the error undefined index file_up is the one that if I resolved it will send the data with the file and the whole oertation will be completed successfully. – Nader Hussein May 01 '23 at 19:54
  • @ADyson , that's the error I got which stops the whole operation, (Notice: Undefined index: file_in in functions.php on line 44), and that's the code, `/*--------------------------------------------------------------*/ /* Function for Checking input fields not empty /*--------------------------------------------------------------*/ function validate_fields($var){ global $errors; foreach ($var as $field) { $val = remove_junk($_POST[$field]); // line 44 if(isset($val) && $val==''){ $errors = $field ." can't be blank."; return $errors; } } }` – Nader Hussein May 01 '23 at 20:21
  • @ADyson , I fixed the issue but the problem now is that I want to use the validation for all fields but if I did that I got error that the file input is empty because of the undefined index file_up in the functions.php file then the whole process will stop and If I removed the file_up from the validation array `$req_fields = array('book_title','file_up');` to be like that `$req_fields = array('book_title');` then everything is ok, so how to force validate that file_up input without getting error that the it is empty because it is undefined index? – Nader Hussein May 02 '23 at 04:32
  • Please add all clarifications directly to your question by editing it. The [edit] button is just below the blue tags at the end of your question. Code in comments is hard to read, and information snippets spread across multiple comments starts to become incoherent and difficult to follow. Make the question the single, coherent place for all the important info, and then we can help a lot more easily. See also [ask]. Thanks – ADyson May 02 '23 at 05:31

0 Answers0