Uploading file links to MySQL database

Report · Feb 24, 2012

WALL 1 :

I followed the basic upload tutorial from about.com . There I have hit a small problem:

Processing the form: Hit a wall.

I keep getting "Notice: Undefined index:" at lines 4, 7-10, and 20. those line correspond to

line 4: $target=$target . basename($_FILES['photo']['name']);
line 7: $name=$_POST['name'];
line 8: $email=$_POST['email'];
line 9: $phone=$_POST['phone'];
line 10: $pic=($_FILES['photo']['name']);
line 20: if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))

However for kicks, I tested the form and everything got inserted into the database and the photos got placed into the file- so yea! (viewing data section worked as well, yea again!)
Any tips on getting the error messages to go away?

(code is after wall 2)

WALL 2:

I am using Dreamweaver. And my actual database has 20 some odd fields and multiple tables. As such I am using Dreamweaver's ‘bindings’ and ‘server behaviours’ to generate the code for me. Without thinking about images, I was able to create and entry form and an update form that worked. Trying to adopt them for images proved to be a fiasco. So, since the code in WALL 1 got the info to the server, I decided to look at what Dreamweaver was doing and create a simple form mimicking about.com.

The good news is that the undefined index messages from above went away.

Instead I got two error messages:

Notice: Undefined index: photo in C:\wamp\www\employees.php on line 67

Notice: Undefined variable: target in C:\wamp\www\employees.php on line 67

line 67 corresponds to: if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))

Plus, this time none of the info uploaded to the database.

The code for wall 1:

<?php

//This is the directory where images will be saved

$target="images/uploaded/";

$target=$target . basename($_FILES['photo']['name']);

//This gets all the other information from the form

$name=$_POST['name'];

$email=$_POST['email'];

$phone=$_POST['phone'];

$pic=($_FILES['photo']['name']);

// Connects to your Database

mysql_connect("localhost","root","*****") or die (mysql_error());

mysql_select_db("beer_diary") or die (mysql_error());

//Writes the information to the database

mysql_query("INSERT INTO `employees` VALUES ('$name','$email','$phone','$pic')");

//Writes the photo to the server

if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))

{

//Tells you if its all ok

echo "The file " . basename($_FILES['uploadedfile']['name']). "hase been uploaded, and your information hase been added to the directory.";

} else {

// Gives error message

echo "Sorry you screwed up!";

}

?>

The code for wall 2:

<?php // Connects to your Database

mysql_connect("localhost", "root", "*****") or die(mysql_error()) ;

mysql_select_db("beer_diary") or die(mysql_error()) ; ?>

<?php

// prep

function mysql_prep ($value) {

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

if (PHP_VERSION < 6) {

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

//This is the directory where images will be saved

$target = "images/uploaded/";

$target = $target . basename( $_FILES['photo']['name']);

//This gets all the other information from the form

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

$insertSQL = sprintf("INSERT INTO `employees` ('name','email','phone','photo') VALUES (%s, %s, %s, %s)",

GetSQLValueString($_POST['name'], "text"),

GetSQLValueString($_POST['email'], "text"),

GetSQLValueString($_POST['phone'], "text"),

GetSQLValueString($_FILES['photo'], "text")

);

mysql_select_db($database_beer_diary, $beer_diary);

$Result1 = mysql_query($insertSQL, $beer_diary) or die(mysql_error());

}

//Writes the information to the database

//mysql_query("INSERT INTO `employees` VALUES ('$name', '$email', '$phone', '$pic')") ;

//Writes the photo to the server

if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))

{

//Tells you if its all ok

echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";

}

else {

//Gives and error if its not

echo "Sorry, there was a problem uploading your file.";

}

?>

Cheers,

Report · Feb 25, 2012

Wall 1:

Is that code located on the same page as the form? If so, you are not testing if the $_POST was submitted. Thus as of about PHP 5.2.3'ish that code will generate an error because the index "email", "name", etc. have not been defined. So PHP is telling you these values are not empty, but they have never been used but you are trying to use them. If the processing code is on the same page, simply enclosing the processing the code within an if statement will do the trick.

Wall 2:

I have a feeling the same may be true for Wall 2. Can you confirm?

Report · Feb 25, 2012

So, yes the code, in both situations are on the same page. Should some of the code be on a different page? If so, which part of the code should be on a different page?