I was working on this script which let's you upload and everything is logged in the database. I got this error, any help?
Error :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/home/a6771073/public_html/upload/img.png)' at line 1
Code:
<html>
<body>
<form enctype="multipart/form-data" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name="uploaded_file" type="file" />
<input type="submit" value="Upload" />
</form>
</body>
</html>
<?php
include 'global.php';
//Check that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0))
{
//Check if the file is size is less than 350Kb
$filename = basename($_FILES['uploaded_file']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
if (($_FILES["uploaded_file"]["size"] < 350000))
{
//Determine the path to which we want to save this file
$newname = dirname(__FILE__).'/upload/'.$filename;
//Check if the file with the same name is already exists on the server
if (!file_exists($newname))
{
//Attempt to move the uploaded file to it's new place
if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname)))
{
$rand = rand(1, 1024) . "_" . rand(3, 2673) . "_" . rand(5, 7337);
$name = $_FILES["uploaded_file"]["name"];
mysql_query("INSERT INTO uploads(id, name, todownloadname, path) VALUES(" . $rand . ", " . $name . ", " . $name . ", " . $newname . ")")or die(mysql_error());
echo "It's done! The file has been saved ";
}
else
{
echo "Error: A problem occurred during file upload!";
}
}
else
{
echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
}
}
else
{
echo "Error: Only files under 350Kb are accepted for upload";
}
}
else
{
echo "Error: No file uploaded";
}
?>