Solved

File upload and data insert problem

Posted on 2011-02-18
6
360 Views
Last Modified: 2012-05-11
I'm having an error of: Element NAMEDFILE is undefined in FORM in my code attached. I had someone help me with this code on this site months back and it works great. I have added a new input tag that allows me to name or categorize files that are being uploaded. Looks like I can't set the correct variable name in the loop as it is sent to the "action page".

Can someone help me with this please?
/////FORM//////
<form action="File_Upload_Action.cfm" method="post" enctype="multipart/form-data">
<table width="500" border="0" cellspacing="2" cellpadding="0">
	<cfloop from="1" to="#numberOfFiles#" index="x">
  <tr>
    <td width="33">#x#</td>
    <td width="208">Name 
      <input name="NamedFile#x#" type="text" id="NamedFile" /></td>
    <td width="174"><input name="uploadFile#x#" type="file" size="10"></td>
    <td width="71">&nbsp;</td>
  </tr>
   </cfloop>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input name="uploadButton" type="submit" value="Upload Files">
    <input type="hidden" name="numberOfFiles" value="#numberOfFiles#">
    <input type="hidden" name="ClosingID" value="#ClosingID#">    </td>
    <td>&nbsp;</td>
    <td width="2">&nbsp;</td>
    </tr>
</table>
</form>

/////ACTION PAGE/////
<cfif structKeyExists(form, "uploadButton")>
	<cfparam name="form.numberOfFiles" default="0">
	<!--- replace this with your folder path --->
	<cfset folderToStoreFiles = ExpandPath("Files")>
	<!--- create the directory if it does not exist --->
	<cfif not DirectoryExists(folderToStoreFiles)>
		<cfdirectory action="create" directory="#folderToStoreFiles#">
	</cfif>
	
	<!--- process each file ...--->
	<cfloop from="1" to="#form.numberOfFiles#" index="x">
		<!--- if a file was supplied, upload it ... --->
		<cfif structKeyExists(form, "uploadFile"& x) AND len(trim(form["uploadFile"& x]))>
			<!--- upload the current file to the desired directory --->
	 		<cffile action="upload"
				filefield="uploadFile#x#" 
    			destination="#folderToStoreFiles#" 
                accept = "application/pdf,image/jpeg"
    			nameconflict="makeunique">
	
    		<!--- insert the file name into your database --->
			<cfquery name="insertFile" datasource="#application.datasource#">
				INSERT INTO files (FileName,ClosingID,NamedFile)
				VALUES 
				(
					<cfqueryparam value="#cffile.serverFile#" cfsqltype="cf_sql_varchar">,
                    <cfoutput>#form.ClosingID#</cfoutput>,<cfoutput>#form.NamedFile#+#x#</cfoutput>
				)
			</cfquery>
 
    		<!--- debugging: show uploaded file info --->
			
				<img src="../images/CheckIcon.png" align="absmiddle" /> <cfoutput>#cffile.serverFile#</cfoutput> is uploaded!<br>
			
		<cfelse>		
	    	<!--- debugging: show error --->
			<cfoutput>
				<img src="../images/None.png"  align="absmiddle" />  Processing file #x#: No file found. Skipping ...<br>
		  </cfoutput>
	  </cfif>
	</cfloop>
</cfif>

Open in new window

0
Comment
Question by:jasch2244
  • 4
  • 2
6 Comments
 
LVL 52

Expert Comment

by:_agx_
ID: 34928848
<cfoutput>#form.NamedFile#+#x#</cfoutput>


For dynamic field names, use array notation  ie

        #form["namedFiled"& x]#

instead of

       #form.NamedFile#+#x#

0
 
LVL 52

Expert Comment

by:_agx_
ID: 34928876
<cfquery name="insertFile" datasource="#application.datasource#">
INSERT INTO files (FileName,ClosingID,NamedFile)
VALUES
(
     <cfqueryparam value="#cffile.serverFile#" cfsqltype="cf_sql_varchar">,
    <cfoutput>#form.ClosingID#</cfoutput>,<cfoutput>#form.NamedFile#+#x#</cfoutput>
)
</cfquery>

Not having to do with your error but
1) You don't need to use <cfoutput> within a <cfquery>, or most CF tags for that matter. The #variables# will be evaluated automatically.
2) you should use cfqueryparam on *all* values, not just some of them.




0
 
LVL 1

Author Comment

by:jasch2244
ID: 34929079
ok I think I updated the code and now am getting a: Unknown column 'tES' in 'field list'  tES is what I typed in for the file name in the NamedFile input... I thought it is looping through the NamedFile#x# and would insert to the column  NamedFile in the files table. My updated code is attached.

Regarding the cfqueryparam I just don't ever know when to use it or not... it's just for query's with updates and inserts no?
////FORM PAGE///

<form action="File_Upload_Action.cfm" method="post" enctype="multipart/form-data">
<table width="500" border="0" cellspacing="2" cellpadding="0">
	<cfloop from="1" to="#numberOfFiles#" index="x">
  <tr>
    <td width="33">#x#</td>
    <td width="208">Name 
      <input name="NamedFile#x#" type="text" id="NamedFile" /></td>
    <td width="174"><input name="uploadFile#x#" type="file" size="10"></td>
    <td width="71">&nbsp;</td>
  </tr>
   </cfloop>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    <td><input name="uploadButton" type="submit" value="Upload Files">
    <input type="hidden" name="numberOfFiles" value="#numberOfFiles#">
    <input type="hidden" name="ClosingID" value="#ClosingID#">    </td>
    <td>&nbsp;</td>
    <td width="2">&nbsp;</td>
    </tr>
</table>
</form>

////ACTION PAGE///
<cfif structKeyExists(form, "uploadButton")>
	<cfparam name="form.numberOfFiles" default="0">
	<!--- replace this with your folder path --->
	<cfset folderToStoreFiles = ExpandPath("Files")>
	<!--- create the directory if it does not exist --->
	<cfif not DirectoryExists(folderToStoreFiles)>
		<cfdirectory action="create" directory="#folderToStoreFiles#">
	</cfif>
	
	<!--- process each file ...--->
	<cfloop from="1" to="#form.numberOfFiles#" index="x">
		<!--- if a file was supplied, upload it ... --->
		<cfif structKeyExists(form, "uploadFile"& x) AND len(trim(form["uploadFile"& x]))>
			<!--- upload the current file to the desired directory --->
	 		<cffile action="upload"
				filefield="uploadFile#x#" 
    			destination="#folderToStoreFiles#" 
                accept = "application/pdf,image/jpeg"
    			nameconflict="makeunique">
	
    		<!--- insert the file name into your database --->
			<cfquery name="insertFile" datasource="#application.datasource#">
				INSERT INTO files (FileName,ClosingID,NamedFile)
				VALUES 
				(
					<cfqueryparam value="#cffile.serverFile#" cfsqltype="cf_sql_varchar">,
                    #form.ClosingID#,
                    #form["NamedFile"& x]#
				)
			</cfquery>
 
    		<!--- debugging: show uploaded file info --->
			
				<img src="../images/CheckIcon.png" align="absmiddle" /> <cfoutput>#cffile.serverFile#</cfoutput> is uploaded!<br>
			
		<cfelse>		
	    	<!--- debugging: show error --->
			<cfoutput>
				<img src="../images/None.png"  align="absmiddle" />  Processing file #x#: No file found. Skipping ...<br>
		  </cfoutput>
	  </cfif>
	</cfloop>
</cfif>

Open in new window

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 52

Expert Comment

by:_agx_
ID: 34929259
Can you post the full error message?  A quick search of the code doesn't show anything containing "tES".

I just don't ever know when to use it or not... it's just for query's with updates and inserts no?

Honestly, it should be used in all queries (insert, select, update, delete).  But especially when you're passing a user supplied value (FORM, URL, etc..).
0
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 34929337
INSERT INTO files (FileName,ClosingID,NamedFile)

Oh wait, I see the problem.  The "NamedFile" column is a string.  So you either need to enclose the value in single quotes

           INSERT INTO files (NamedFile, ....etc)
           VALUES( '#form["NamedFile"& x]#', ... etc )

OR  use cfqueryparam

           VALUES(
               <cfqueryparam value="#form["NamedFile"& x]#" cfsqltype="cf_sql_varchar">
               , ... etc....
            )
0
 
LVL 1

Author Closing Comment

by:jasch2244
ID: 34929863
You are awesome! I don't know what I would do without _agx. Thanks again :)
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

PROBLEM:  How to open a cfwindow or run a function on double click of a cfgrid row. One of my clients wanted to be able to double click on a row item to get more detailed information about a transaction and to be able to modify the line items i…
Today, I was working on some optimization and spam-stopping techniques when I encountered Ben Nadel's post to reduce spam feature using Math (http://www.bennadel.com/blog/197-How-I-Stop-Spammers-On-My-ColdFusion-Blog.htm). While this method is not o…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now