0

i dont know why but somehow my files are being upload to the server folder but not stored within db

<?php
include_once("conninfo2.php");
error_reporting(E_ALL); 

$usid = 1;   

if(isset($_FILES['files'])){ 
    $query = "INSERT into files(`filename`,`fsize`,`ftype`,`uploadtimest`, `usid`) 
             VALUES(:filename,:fsize,:ftype,now(), :usid)"; 
    $stmt  = $db->prepare($query); 
    $errors= array(); 
    foreach($_FILES['files']['tmp_name'] as $key => $error ){ 
        if ($error != UPLOAD_ERR_OK) { 
            $errors[] = $_FILES['files']['name'][$key] . ' was not uploaded.'; 
            continue; 
        } 
        $filename = $key.$_FILES['files']['name'][$key]; 
        $fsize = $_FILES['files']['size'][$key]; 
        $file_tmp  = $_FILES['files']['tmp_name'][$key]; 
        $ftype = $_FILES['files']['type'][$key]; 


    if($fsize > 5120){ 
        $errors[] = 'File size must be less than 5 GB'; 
        continue; 
    } 
    try{        
        $stmt->bindParam(':filename', $filename , PDO::PARAM_STR ); 
        $stmt->bindParam(':fsize', $fsize, PDO::PARAM_STR ); 
        $stmt->bindParam(':ftype', $ftype, PDO::PARAM_STR ); 
        $stmt->bindParam( ":usid", $_POST['usid']);
        $stmt->execute(); 

        $desired_dir="fileupload/"; 

        if(is_dir($desired_dir)==false){ 
            mkdir($desired_dir, 0700);// Create directory if it does not exist 
        } 
        if(is_file($desired_dir.'/'.$filename)==false){ 
            move_uploaded_file($file_tmp,$desired_dir.'/'.$filename); 
        }else{    //rename the file if another one exist 
            $new_file=$desired_dir.'/'.$filename.time(); 
            move_uploaded_file($file_tmp,$new_file) ;                
        } 
    }catch(PDOException $e){ 
        $errors[] = $filename . 'not saved in db.'; 
        echo $e->getMessage(); 
    }    
} 
if(empty($error)){ 
    echo "Success"; 
} 

} 
?>
3
Contributors
7
Replies
18
Views
3 Years
Discussion Span
Last Post by diafol
0

still brings up a blank page, and it didnt seem to like $

0

it just echoes out the names of the values and not the document
:filename:fsize:ftypenow():usid

0

With regard to usid - I assume this is the id of the logged in user - if so use the session user id value. Don't use a post var as an id - even as a hidden field since it may be possible to spoof post headers and send loads of porn to your site giving somebody else's user id.

0

its working now, i took out the user id for the moment although it doesnt let me redirect once the process has been carried

`if(isset($_FILES['files'])){

        $query = "INSERT into files(`filename`,`fsize`,`ftype`,`uploadtimest`)
                 VALUES(:filename,:fsize,:ftype,now())";
        $stmt  = $db->prepare($query);
        $errors= array();
        foreach($_FILES['files']['tmp_name'] as $key => $error ){
            if ($error != UPLOAD_ERR_OK) {
                $errors[] = $_FILES['files']['name'][$key] . ' was not uploaded.';
                continue;
            }
            $filename = $key.$_FILES['files']['name'][$key];
            $fsize = $_FILES['files']['size'][$key];
            $file_tmp  = $_FILES['files']['tmp_name'][$key];
            $ftype = $_FILES['files']['type'][$key];  
            if($fsize > 2097152){
                $errors[] = 'File size must be less than 2 MB';
                continue;
            }
            try{       
                $stmt->bindParam( ':filename', $filename , PDO::PARAM_STR );
                $stmt->bindParam( ':fsize', $fsize, PDO::PARAM_STR );
                $stmt->bindParam( ':ftype', $ftype, PDO::PARAM_STR );
                $stmt->execute();


            $desired_dir="fileupload";

            if(is_dir($desired_dir)==false){
                            mkdir($desired_dir, 0700);// Create directory if it does not exist
            }
            if(is_file($desired_dir.'/'.$filename)==false){
                                     move_uploaded_file($file_tmp,$desired_dir.'/'.$filename);
            }
            else
            {    //rename the file if another one exist
                $new_file=$desired_dir.'/'.$filename.time();
                move_uploaded_file($file_tmp,$new_file) ;   

            }
        }
        catch(PDOException $e){
            $errors[] = $filename . 'not saved in db.';
            echo $e->getMessage();
        }   
    }
    if(empty($error)){
        echo "Success";  
    }

    }
    ?>`
0
echo "Success";  

Any output like this may stop you redirecting. So check carefully at every point.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.