dear friends,
I have created Php form to store data in my mysql database. But i am facing problem in updating file data to store in database. Please check my code below

 $edate=$_POST['edate'];
    //$edate=date("d-m-y h:i:s a",time());
    $ldate=$_POST['ldate'];
    //$ldate=date("d-m-y h:i:s a");
    $cdetail=$_POST['cdetail'];
    $tenNo=$_POST['tenNo'];
    $tdetail=$_POST['tdetail'];

    $name = ($_FILES['uploaded_file']['name']);
    $mime = ($_FILES['uploaded_file']['type']);
    $data = (file_get_contents($_FILES  ['uploaded_file']['tmp_name']));
    $size = intval($_FILES['uploaded_file']['size']);

$sql1="INSERT INTO tentb(edate,ldate,cdetail,tenNo,tdetail,size,data,name,mime) VALUES('$edate','$ldate','$cdetail','$tenNo','$tdetail','$size','$data','$name','$mime')";

      $result1=$conn1->query($sql1);
    if($result1){
    echo "<script>
    alert('Data has saved')
    </script>";
    header("Refresh:2; url=tenderadd.php");}
    else{
        $msg='Error'. $conn1->connect_error;
        header("refresh:2; url=tenderadd.php");
    }
    }

uploaded_file is upload file tag name.

I strongly back up what diafol has said. Right now you're vulnerable to injection attacks. Many folks think that because they can't see POST data that it can't be tampered with, but it's rather simple to not only view it but alter it as well. Look into using filter_var

Ok i changed my code please, check

<!DOCTYPE html>
<?php

//include(headeradmin.php);
date_default_timezone_set("Asia/Karachi");
include('conn1.php');
session_start();
 $epr='';
 $msg='';

    if(isset($_GET['epr'] ))
        $epr=$_GET['epr'];
//***************** Save Record***************************
if($epr=='save' && $_FILES['userfile']['size'] > 0){
            $fileName = $_FILES['userfile']['name'];
            $tmpName  = $_FILES['userfile']['tmp_name'];
            $fileSize = $_FILES['userfile']['size'];
            $fileType = $_FILES['userfile']['type'];

     $edate=$conn1->real_escape_string($_POST['edate']);
     $ldate=$conn1->real_escape_string($_POST['ldate']);
     $cdetail=$conn1->real_escape_string($_POST['cdetail']);
    $tenNo=$conn1->real_escape_string($_POST['tenNo']);
    $tdetail=$conn1->real_escape_string($_POST['tdetail']);

$fp      = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);

        $sql1="INSERT INTO tentb(edate,ldate,cdetail,tenNo,tdetail,'size',data','name','mime') VALUES('$edate','$ldate','$cdetail','$tenNo','$tdetail','$fileName', '$fileSize', '$fileType', '$content')";

        $result1=$conn1->query($sql1);
    if($result1){
    echo "<script>
    alert('Data has saved')
    </script>";
    header("Refresh:2; url=tenderadd.php");}
    else{
        $msg='Error'. $conn1->connect_error;
        header("refresh:2; url=tenderadd.php");
    }
    }
    ?>

here is my form

<form  method="POST" action='tenderadd.php?epr=save'>
 <h1> New Tender</h1>
        <table align='center'>
                    <tr>
                     <td> </td>
                   <td><input type="hidden" name="sr" /></td>
                    </tr>
                    <tr>
                     <td> Current Date </td>
                   <td><input  type="text" value="<?php echo date("d-m-Y"); ?>" readonly="readonly" style='background-color:Black; color:Lime;'   /></td>
                    </tr>

                     <input type="hidden" name="edate"  value='<?php echo date('Y-m-d')?>' readonly="readonly"/></td>

                     <tr>
                     <td> Last Date</td>
                     <td><input id='date' type="text" name="ldate" readonly="readonly" /></td>
                     </tr>

                      <tr>
                      <td> Client Detail</td>
                      <td><input type="text" name="cdetail" size="70" maxlength="200" /></td>
                      </tr>

                      <tr>
                      <td> Tender No.</td>
                      <td><input type="text" name="tenNo" size="70" maxlength="200" /></td>
                      </tr>

                      <tr>
                      <td>Tender Detail</td>
                      <td><input type="text" name="tdetail" size="70" maxlength="200" /></td>
                      </tr>

                      <tr>
                      <td>Tender Upload</td>
                      <td><input type="file" name="userfile" /></td>
                      </tr>

                      <tr>
                      <td> </td>
                      <td><input type="submit" value="submit" /></td>
                      </tr>

        </table>
 </form>

I got
Notice: Undefined index: userfile in C:\wamp\www\SprintWeb\tenderadd.php on line 14
Error,please guide me.

Member Avatar

diafol

In order to send files you need the form attribute enctype set to:

<form  method="POST" action='tenderadd.php?epr=save' enctype='multipart/form-data'>

This was mentioned in my tutorial if you read it.

Dear Diafol Boss,
I put

 enctype='multipart/form-data'

But same error.
Please, check my code and tell me where cn i use
$_FILES['userfile']['size'] > 0
in my code, code is bellow

$epr='';
 $msg='';

    if(isset($_GET['epr'] ))
        $epr=$_GET['epr'];
//***************** Save Record***************************
if($epr=='save' ){

            $fileName = $_FILES['userfile']['name'];
            $tmpName  = $_FILES['userfile']['tmp_name'];
            $fileSize = $_FILES['userfile']['size'];
            $fileType = $_FILES['userfile']['type'];

    $edate=$conn1->real_escape_string($_POST['edate']);
    $ldate=$conn1->real_escape_string($_POST['ldate']);
    $cdetail=$conn1->real_escape_string($_POST['cdetail']);
    $tenNo=$conn1->real_escape_string($_POST['tenNo']);
    $tdetail=$conn1->real_escape_string($_POST['tdetail']);

$fp      = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);

        $sql1="INSERT INTO tentb(edate,ldate,cdetail,tenNo,tdetail,'size',data','name','mime') VALUES('$edate','$ldate','$cdetail','$tenNo','$tdetail','$fileName', '$fileSize', '$fileType', '$content')";

        $result1=$conn1->query($sql1);
    if($result1){
    echo "<script>
    alert('Data has saved')
    </script>";
    header("Refresh:2; url=tenderadd.php");}
    else{
        $msg='Error'. $conn1->connect_error;
        header("refresh:2; url=tenderadd.php");
    }
    }

and form HTML Code is here

<form  method="POST" action='tenderadd.php?epr=save' enctype='multipart/form-data'>
 <h1> New Tender</h1>
        <table align='center'>
                    <tr>
                     <td> </td>
                   <td><input type="hidden" name="sr" /></td>
                    </tr>
                    <tr>
                     <td> Current Date </td>
                   <td><input  type="text" value="<?php echo date("d-m-Y"); ?>" readonly="readonly" style='background-color:Black; color:Lime;'   /></td>
                    </tr>

                     <input type="hidden" name="edate"  value='<?php echo date('Y-m-d')?>' readonly="readonly"/></td>

                     <tr>
                     <td> Last Date</td>
                     <td><input id='date' type="text" name="ldate" readonly="readonly" /></td>
                     </tr>

                      <tr>
                      <td> Client Detail</td>
                      <td><input type="text" name="cdetail" size="70" maxlength="200" /></td>
                      </tr>

                      <tr>
                      <td> Tender No.</td>
                      <td><input type="text" name="tenNo" size="70" maxlength="200" /></td>
                      </tr>

                      <tr>
                      <td>Tender Detail</td>
                      <td><input type="text" name="tdetail" size="70" maxlength="200" /></td>
                      </tr>

                      <tr>
                      <td>Tender Upload</td>
                      <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
                      <td><input type="file" name="userfile" /></td>
                      </tr>

                      <tr>
                      <td> </td>
                      <td><input type="submit" value="submit" /></td>
                      </tr>

        </table>
 </form>
Member Avatar

diafol

The max file size should go to the file input tag. Check for errors, e.g.

if($_FILES['userfile']['error']) echo "Error: " . $_FILES['userfile']['error'];

Ok I soved Problem with upload file
One more How can download File From Own my Database Mysql?

I tried this code But does not download File

 while ($row = $result->fetch_assoc()) {

                    $filename=$row['name'];

                echo "<tr>";
                echo "<td>".$i."</td>";
                echo "<td>".$row ['cdetail']. "</td>";
                echo "<td>".$row ['tenNo']. "</td>";
                echo "<td>".$row ['tdetail']. "</td>";
                echo "<td>".$row['ldate']."</td>";
                echo "<td> <a href=adminfrm.php?file=".$filename."target='_blank'>Download</a></td>";

Please, guide me

Member Avatar

diafol

That.s a new question, so new thread.