cursive
asked on
Adding file upload to a database insert
I have an insert record form which inserts content into a title and content field of a table (as well as id). I would like to add an upload form which will
Upload a file into a folder called 'docs'
Add the file name into a filed called 'doc' in the above table
Here is my code, could someone please modify it to add the upload functionality?
Many thanks
<?php require_once('../Connectio
<?php
function GetSQLValueString($theValu
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STR
$editFormAction .= "?" . htmlentities($_SERVER['QUE
}
if ((isset($_POST["MM_insert"
$insertSQL = sprintf("INSERT INTO jobs (content, title) VALUES (%s, %s)",
GetSQLValueString($_POST['
GetSQLValueString($_POST['
mysql_select_db($database_
$Result1 = mysql_query($insertSQL, $hudsonwalker_conn) or die(mysql_error());
$insertGoTo = "content.php";
if (isset($_SERVER['QUERY_STR
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Add a Vacancy</title>
<link href="hwadmin.css" rel="stylesheet" type="text/css" />
</head>
<body>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td>
Insert job details
</td>
</tr>
<tr valign="baseline">
<td><input type="text" name="title" value="Title" size="32"></td>
</tr>
<tr valign="baseline">
<td><textarea name="content" cols="60" rows="50">Content</textare
</td>
</tr>
<tr valign="baseline">
<td><input type="submit" value="Insert record"></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1">
</form>
</body>
</html>
Upload a file into a folder called 'docs'
Add the file name into a filed called 'doc' in the above table
Here is my code, could someone please modify it to add the upload functionality?
Many thanks
<?php require_once('../Connectio
<?php
function GetSQLValueString($theValu
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STR
$editFormAction .= "?" . htmlentities($_SERVER['QUE
}
if ((isset($_POST["MM_insert"
$insertSQL = sprintf("INSERT INTO jobs (content, title) VALUES (%s, %s)",
GetSQLValueString($_POST['
GetSQLValueString($_POST['
mysql_select_db($database_
$Result1 = mysql_query($insertSQL, $hudsonwalker_conn) or die(mysql_error());
$insertGoTo = "content.php";
if (isset($_SERVER['QUERY_STR
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Add a Vacancy</title>
<link href="hwadmin.css" rel="stylesheet" type="text/css" />
</head>
<body>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td>
Insert job details
</td>
</tr>
<tr valign="baseline">
<td><input type="text" name="title" value="Title" size="32"></td>
</tr>
<tr valign="baseline">
<td><textarea name="content" cols="60" rows="50">Content</textare
</td>
</tr>
<tr valign="baseline">
<td><input type="submit" value="Insert record"></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1">
</form>
</body>
</html>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Really all you need to create is:
<!-- file upload -->
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload!" />
<!-- file upload -->
in the form
Then check that the file was uploaded correctly:
so make sure $_FILES['uploadedfile']['s
then
$data = file_get_contents($_FILES[
and insert this into your query (after escaping)
After that:
//Delete File
unlink($file);
For column content use BLOB data type. BLOB is a binary large object that can hold a variable amount of data. MySQL have four BLOB data types, they are :
* TINYBLOB
* BLOB
* MEDIUMBLOB
* LONGBLOB
Since BLOB is limited to store up to 64 kilobytes of data use MEDIUMBLOB so you can store larger files ( up to 16 megabytes ).
Just to add your GetSQLValueString function is quite flawed, you might want to have a look at mysql_real_escape_string.
Cheers.
<!-- file upload -->
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload!" />
<!-- file upload -->
in the form
Then check that the file was uploaded correctly:
so make sure $_FILES['uploadedfile']['s
then
$data = file_get_contents($_FILES[
and insert this into your query (after escaping)
After that:
//Delete File
unlink($file);
For column content use BLOB data type. BLOB is a binary large object that can hold a variable amount of data. MySQL have four BLOB data types, they are :
* TINYBLOB
* BLOB
* MEDIUMBLOB
* LONGBLOB
Since BLOB is limited to store up to 64 kilobytes of data use MEDIUMBLOB so you can store larger files ( up to 16 megabytes ).
Just to add your GetSQLValueString function is quite flawed, you might want to have a look at mysql_real_escape_string.
Cheers.
ASKER
Thank you