hi everyone,

i encounter problem when trying to create a form page to upload images to images folder and imagelocation will store information for the pathname where the image will be located ( will be used for display image in future)

the code below does not have any error when i trying to upload a image, but the images does not seems to appear in images folder and did not insert new row in mysql. appreciate if you could advice me where went wrong? sorry i am really new to php.

<?php
// Require the database connection:
require ('./includes/config.inc.php');
require (MYSQL);

if ($_SERVER['REQUEST_METHOD'] == 'POST'){    
	// cleaning title field    
	$title = ($_POST['title']);  
	$author = ($_POST['author']);
	$isbn = ($_POST['isbn']);
	$description = ($_POST['description']);
	$publisher = ($_POST['publisher']);
	$year = ($_POST['year']);
	$stock = ($_POST['stock']);
	$price = ($_POST['price']);
	$sold = ($_POST['sold']);
	
	$imagelocation = './images/';
if ($title == '') // if title is not set        
		$title = '(empty title)';// use (empty title) string    

	if (isset($_FILES['imagelocation']))        
	{                       
		if (!isset($msg)) // If there was no error            
		{                
			// Preparing data to be used in MySQL query                
			mysql_query("INSERT INTO Product1 SET 

title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'");                
			$msg = 'Success: image uploaded';            
		}        
	}        
	elseif (isset($_GET['title']))      // isset(..title) needed            
		$msg = 'Error: file not loaded';
			// to make sure we've using                                            
			// upload form, not form                                            
			// for deletion           
	if (isset($_POST['del'])) // If used selected some photo to delete        
	{                         // in 'uploaded images form';            
		$id = intval($_POST['del']);            
		mysql_query("DELETE FROM {$table} WHERE id=$id");            
		$msg = 'Photo deleted';        
	}    
	
}
?>

<html><head>
<title>Administration Page</title>
</head>
<body>
<?php
if (isset($msg)) // this is special section for                 
		// outputing message
{
?>
<p style="font-weight: bold;"><?=$msg?>
<br>
<a href="admin-upload.php">reload page</a>
<!-- I've added reloading link, because     
	refreshing POST queries is not good idea -->
</p>
<?php
}
?>
<h1>Administration Page
</h1>
<h2>Uploaded images:</h2>


</form>
<h2>Upload new image:</h2>
<form action="admin-upload.php" method="POST" enctype="multipart/form-data">
<label for="title">Title:</label><br>
<input type="text" name="title" id="title" size="64"><br><br>
<label for="model">Author:</label><br>
<input type="text" name="author" id="author" size="64"><br><br>
<label for="year">ISBN:</label><br>
<input type="text" name="isbn" id="isbn" size="64"><br><br>
<label for="price">Description:</label><br>
<input type="text" name="description" id="description" size="64"><br><br>
<label for="location">Publisher:</label><br>
<input type="text" name="publisher" id="publisher" size="64"><br><br>
<label for="year">Year:</label><br>
<input type="text" name="year" id="year" size="64"><br><br>
<label for="photo">Stock:</label><br>
<input type="text" name="stock" id="stock"><br><br>
<label for="price">Price:</label><br>
<input type="text" name="price" id="price" size="64"><br><br>
<label for="photo">Sold:</label><br>
<input type="text" name="sold" id="sold"><br><br>


<label for="imagelocation">Photo:</label><br>
<input type="file" name="imagelocaton" id="imagelocation"><br><br>

<input type="submit" value="upload">
</form>
           
</body>
</html>

Don't understand that bracket around variables:

$title = $_POST['title'];
$author = $_POST['author'];
$isbn = $_POST['isbn'];
$description = $_POST['description'];
$publisher = $_POST['publisher'];
$year = $_POST['year'];
$stock = $_POST['stock'];
$price = $_POST['price'];
$sold = $_POST['sold'];

But don't know if this is a Solution try to add or die after the query.
Like:

mysql_query("INSERT INTO Product1 SET title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'") or die(mysql_error());

Don't understand that bracket around variables:

The brackets around the variables is to do with the $_POST variable. When items are posted to a script they are all placed into an array. So these brackets state this part of the array.

Member Avatar for diafol

I don't get the brackets thing either.

Anyway - you MUST clean your input ($_POST variables) before inserting them into an SQL query.

Oh I'm sorry, I miss read, didn't see the curved brackets. Yeah they don't make sense.

sorryfor the confusion.
was doing $title = trim(sql_safe($_POST)); earlier..

there is no message or any error when i clickthe upload button.

<?php
// Require the database connection:
require ('./includes/config.inc.php');
require (MYSQL);

if ($_SERVER['REQUEST_METHOD'] == 'POST'){    
	// cleaning title field    
	$title = $_POST['title'];  
	$author = $_POST['author'];
	$isbn = $_POST['isbn'];
	$description = $_POST['description'];
	$publisher = $_POST['publisher'];
	$year = $_POST['year'];
	$stock = $_POST['stock'];
	$price = $_POST['price'];
	$sold = $_POST['sold'];
	
	$imagelocation = './images/'
	or die(mysql_error());
	
if ($title == '') // if title is not set        
		$title = '(empty title)';// use (empty title) string    

	if (isset($_FILES['imagelocation']))        
	{                       
		if (!isset($msg)) // If there was no error            
		{                
			// Preparing data to be used in MySQL query                
			mysql_query("INSERT INTO Product1 SET 

title='$title',author='$author',isbn='$isbn',description='$description',publisher='$publisher',year='$year',stock='$stock',price='$price',sold='$sold',imagelocation='$imagelocation'");                
			$msg = 'Success: image uploaded';            
		}        
	}        
	elseif (isset($_GET['title']))      // isset(..title) needed            
		$msg = 'Error: file not loaded';
			// to make sure we've using                                            
			// upload form, not form                                            
			// for deletion           
	if (isset($_POST['del'])) // If used selected some photo to delete        
	{                         // in 'uploaded images form';            
		$id = intval($_POST['del']);            
		mysql_query("DELETE FROM {$table} WHERE id=$id");            
		$msg = 'Photo deleted';        
	}    
	
}
?>

<html><head>
<title>Administration Page</title>
</head>
<body>
<?php
if (isset($msg)) // this is special section for                 
		// outputing message
{
?>
<p style="font-weight: bold;"><?=$msg?>
<br>
<a href="admin-upload.php">reload page</a>
<!-- I've added reloading link, because     
	refreshing POST queries is not good idea -->
</p>
<?php
}
?>
<h1>Administration Page
</h1>
<h2>Uploaded images:</h2>


</form>
<h2>Upload new image:</h2>
<form action="admin-upload.php" method="POST" enctype="multipart/form-data">
<label for="title">Title:</label><br>
<input type="text" name="title" id="title" size="64"><br><br>
<label for="model">Author:</label><br>
<input type="text" name="author" id="author" size="64"><br><br>
<label for="year">ISBN:</label><br>
<input type="text" name="isbn" id="isbn" size="64"><br><br>
<label for="price">Description:</label><br>
<input type="text" name="description" id="description" size="64"><br><br>
<label for="location">Publisher:</label><br>
<input type="text" name="publisher" id="publisher" size="64"><br><br>
<label for="year">Year:</label><br>
<input type="text" name="year" id="year" size="64"><br><br>
<label for="photo">Stock:</label><br>
<input type="text" name="stock" id="stock"><br><br>
<label for="price">Price:</label><br>
<input type="text" name="price" id="price" size="64"><br><br>
<label for="photo">Sold:</label><br>
<input type="text" name="sold" id="sold"><br><br>


<label for="imagelocation">Photo:</label><br>
<input type="file" name="imagelocaton" id="imagelocation"><br><br>

<input type="submit" value="upload">
</form>
           
</body>
</html>
Member Avatar for diafol

was doing $title = trim(sql_safe($_POST)); earlier..

But it doesn't seem like you're doing it now. Not cleaning your vars can stop your script from working without telling you why. So clean them and them move on to the next logical problem.

In addition, I would strongly recommend that you DON'T send form data to the same page as this plays havoc with refreshing and the back button. I'd send all forms to a general or dedicated formhandler script (file).

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.