Enska77
asked on
Insert in php multiple attachment to mysql database in same time but they can be also empty
Hello, I have form where user can insert title & news to mysql database. But there must be option to insert also couple word or pdf attachments.
But i don't figure how I can make that kind of form and it checker that those pdf attachment can also be empty and then only title and news go to mysql database.
Here is form and now there is only one attachment browser.
And here is action page that insert data to database:
But i don't figure how I can make that kind of form and it checker that those pdf attachment can also be empty and then only title and news go to mysql database.
Here is form and now there is only one attachment browser.
<form action="lisaa_tiedosto_uutinen_action.php" method="post" enctype="multipart/form-data">
Title: <input name="title" size="40" maxlength="255">
<br>
Text1: <textarea name="text1" rows="7" cols="30"></textarea>
<br>
<br>
<input type="file" name="uploaded_file">
<br>
<br>
<input type="submit" value="Lisää uutinen">
</form>
And here is action page that insert data to database:
<body>
<?php
error_reporting(E_ALL ^ E_NOTICE);
include("config.php");
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
// Make sure the file was sent without errors
if($_FILES['uploaded_file']['error'] == 0) {
// Connect to the database
$dbLink = new mysqli('localhost', 'root', 'password', 'db');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
// Gather all required data
$name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
$mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
$data = $dbLink->real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name']));
$size = intval($_FILES['uploaded_file']['size']);
// Set global variables to easier names
$title = $_POST['title'];
$text1 = $_POST['text1'];
$text2 = $_POST['text2'];
// Create the SQL query
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`, `name`, `mime`, `size`, `data`, `created`
)
VALUES (
'$title',NOW(),'$text1','{$name}', '{$mime}', {$size}, '{$data}', NOW()
)";
// Execute the query
$result = $dbLink->query($query);
// Check if it was successfull
if($result) {
echo 'Success! Your file was successfully added!';
}
else {
echo 'Error! Failed to insert the file'
. "<pre>{$dbLink->error}</pre>";
}
}
else {
echo 'An error accured while the file was being uploaded. '
. 'Error code: '. intval($_FILES['uploaded_file']['error']);
}
// Close the mysql connection
$dbLink->close();
}
else {
echo 'Error! A file was not sent!';
}
// Echo a link back to the main page
echo '<p>Click <a href="lisaa_tiedosto.php">here</a> to go back</p>';
?>
</body>
Here is an outline showing how you might want to reconfigure the logic in your action= script. Obviously I cannot test this, but hopefully it will give you some good ideas.
<body>
<?php
// NEVER SUPPRES NOTICE MESSAGES - INSTEAD CORRECT THE UNDERLYING CONDITIONS THAT CAUSE THE NOTICE
error_reporting(E_ALL);
// NOT SURE WHAT THIS DOES - IT SHOULD PROBABLY INCLUDE THE DB CONNECTION?
include("config.php");
$dbLink = new mysqli('localhost', 'root', 'password', 'db');
if(!$dbLink)
{
trigger_error("MySQL connection failed: ". mysqli_connect_error(), E_USER_ERROR);
}
// ESCAPE THE EXTERNAL DATA THAT WILL BE NEEDED
$title = $dbLink->real_escape_string($_POST['title']);
$text1 = $dbLink->real_escape_string($_POST['text1']);
$text2 = $dbLink->real_escape_string($_POST['text2']);
// IF THERE WAS NO FILE UPLOADED
if ($_FILES['uploaded_file']['error'] == 4)
{
/* RUN THE QUERY WITHOUT THE FILE DATA
*/
}
// IF THERE WAS A CLEAN UPLOAD
elseif ($_FILES['uploaded_file']['error'] == 0)
{
/* USE Move_UpLoaded_File()
* ESCAPE NAME, TYPE, ETC
* RUN THE QUERY WITH THE FILE DATA
*/
}
else
{
/* RUN THE QUERY WITHOUT THE FILE DATA
* USE $_FILES['uploaded_file']['error'] TO IDENTIFY THE ERROR
*/
}
?>
</body>
ASKER
Thank you very much Ray, I tested your skript, but there is something that I cant figure out. Nothing goes into mysql database. I don't get any error message, text and title goes nowhere. And when there is attachment that disappear also. Here is action page code.
<?php
// NEVER SUPPRES NOTICE MESSAGES - INSTEAD CORRECT THE UNDERLYING CONDITIONS THAT CAUSE THE NOTICE
error_reporting(E_ALL);
$dbLink = new mysqli('localhost', 'root', 'password', 'db');
if(!$dbLink)
{
trigger_error("MySQL connection failed: ". mysqli_connect_error(), E_USER_ERROR);
}
// ESCAPE THE EXTERNAL DATA THAT WILL BE NEEDED
$title = $dbLink->real_escape_strin g($_POST[' title']);
$text1 = $dbLink->real_escape_strin g($_POST[' text1']);
// IF THERE WAS NO FILE UPLOADED
if ($_FILES['uploaded_file'][ 'error'] == 4)
{
/* RUN THE QUERY WITHOUT THE FILE DATA
*/
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`
)
VALUES (
'$title',NOW(),'$text1'
)";
}
// IF THERE WAS A CLEAN UPLOAD
elseif ($_FILES['uploaded_file'][ 'error'] == 0)
{
// Gather all required data
$name = $dbLink->real_escape_strin g($_FILES[ 'uploaded_ file']['na me']);
$mime = $dbLink->real_escape_strin g($_FILES[ 'uploaded_ file']['ty pe']);
$data = $dbLink->real_escape_strin g(file_get _contents( $_FILES ['uploaded_file']['tmp_nam e']));
$size = intval($_FILES['uploaded_f ile']['siz e']);
/* USE Move_UpLoaded_File()
* ESCAPE NAME, TYPE, ETC
* RUN THE QUERY WITH THE FILE DATA
*/
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`, `name`, `mime`, `size`, `data`, `created`
)
VALUES (
'$title',NOW(),'$text1','{ $name}', '{$mime}', {$size}, '{$data}', NOW()
)";
}
else
{
/* RUN THE QUERY WITHOUT THE FILE DATA
* USE $_FILES['uploaded_file'][' error'] TO IDENTIFY THE ERROR
*/
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`
)
VALUES (
'$title',NOW(),'$text1'
)";
}
?>
<?php
// NEVER SUPPRES NOTICE MESSAGES - INSTEAD CORRECT THE UNDERLYING CONDITIONS THAT CAUSE THE NOTICE
error_reporting(E_ALL);
$dbLink = new mysqli('localhost', 'root', 'password', 'db');
if(!$dbLink)
{
trigger_error("MySQL connection failed: ". mysqli_connect_error(), E_USER_ERROR);
}
// ESCAPE THE EXTERNAL DATA THAT WILL BE NEEDED
$title = $dbLink->real_escape_strin
$text1 = $dbLink->real_escape_strin
// IF THERE WAS NO FILE UPLOADED
if ($_FILES['uploaded_file'][
{
/* RUN THE QUERY WITHOUT THE FILE DATA
*/
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`
)
VALUES (
'$title',NOW(),'$text1'
)";
}
// IF THERE WAS A CLEAN UPLOAD
elseif ($_FILES['uploaded_file'][
{
// Gather all required data
$name = $dbLink->real_escape_strin
$mime = $dbLink->real_escape_strin
$data = $dbLink->real_escape_strin
$size = intval($_FILES['uploaded_f
/* USE Move_UpLoaded_File()
* ESCAPE NAME, TYPE, ETC
* RUN THE QUERY WITH THE FILE DATA
*/
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`, `name`, `mime`, `size`, `data`, `created`
)
VALUES (
'$title',NOW(),'$text1','{
)";
}
else
{
/* RUN THE QUERY WITHOUT THE FILE DATA
* USE $_FILES['uploaded_file']['
*/
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`
)
VALUES (
'$title',NOW(),'$text1'
)";
}
?>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much of your patience and guidance. I have forgot next line $result = $dbLink->query($query); and now everything goes to database, but there is that problem that text1 data goes double to database? When I write "test" in textfield it shows in site like testtest? There is somekind of douple insert?
<?php
// NEVER SUPPRES NOTICE MESSAGES - INSTEAD CORRECT THE UNDERLYING CONDITIONS THAT CAUSE THE NOTICE
error_reporting(E_ALL);
$dbLink = new mysqli('localhost', 'root', 'password', 'db');
if(!$dbLink)
{
trigger_error("MySQL connection failed: ". mysqli_connect_error(), E_USER_ERROR);
}
// ESCAPE THE EXTERNAL DATA THAT WILL BE NEEDED
$title = $dbLink->real_escape_string($_POST['title']);
$text1 = $dbLink->real_escape_string($_POST['text1']);
// IF THERE WAS NO FILE UPLOADED
if ($_FILES['uploaded_file']['error'] == 4)
{
/* RUN THE QUERY WITHOUT THE FILE DATA
*/
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`
)
VALUES (
'$title',NOW(),'$text1'
)";
// Execute the query
$result = $dbLink->query($query);
if($result) {
echo 'Success! Your file was successfully added!';
}
}
// IF THERE WAS A CLEAN UPLOAD
elseif ($_FILES['uploaded_file']['error'] == 0)
{
// Gather all required data
$name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
$mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
$data = $dbLink->real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name']));
$size = intval($_FILES['uploaded_file']['size']);
/* USE Move_UpLoaded_File()
* ESCAPE NAME, TYPE, ETC
* RUN THE QUERY WITH THE FILE DATA
*/
$query = "
INSERT INTO `uutiset_tiedostot` (
`title`, `dtime`, `text1`, `name`, `mime`, `size`, `data`, `created`
)
VALUES (
'$title',NOW(),'$text1','{$name}', '{$mime}', {$size}, '{$data}', NOW()
)";
// Execute the query
$result = $dbLink->query($query);
if($result) {
echo 'Success! Your file was successfully added!';
}
}
?>
I cannot readily see anything that would cause the fields to be concatenated to themselves in the way you describe. There must be more to the script than this, and since we cannot see that part, there is no way to figure out what might be wrong. You might start by checking the input to this script. You can use var_dump($_POST) and var_dump($_FILES) to see the external input.
http://php.net/manual/en/function.var-dump.php
I'm going to recommend that you take some time to study the basics about PHP and MySQL. File uploads are a somewhat more advanced topic and sometimes it's wise to walk before you try to run. To that end there are some good learning resources in this article. The article will also help you avoid the many bad examples that litter the internet (such as the example that led you to believe it's a good idea to put an image file into a data base).
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
http://php.net/manual/en/function.var-dump.php
I'm going to recommend that you take some time to study the basics about PHP and MySQL. File uploads are a somewhat more advanced topic and sometimes it's wise to walk before you try to run. To that end there are some good learning resources in this article. The article will also help you avoid the many bad examples that litter the internet (such as the example that led you to believe it's a good idea to put an image file into a data base).
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
ASKER
Thank you Ray, i need investigate that store the file in the server file system and put a URL pointer into the data base. Is there somewhere example?
There are examples of PHP code all over the internet. Unfortunately these do not come with expiration dates or endorsement for best practices, and many of them are terrible -- just plain dangerous, insecure or wrong. For that reason, let this article guide your learning adventures in PHP. I've been careful to choose the best-of-breed resources (books, web sites, etc.) and list them in the article. If it's not called out in the article, don't even look at it! Once you've been through the learning resources in the article, you will be well qualified to seek out and evaluate PHP examples, and to write your own PHP code examples.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
Here is my teaching example showing the principles of file uploads.
Open in new window
HTH, ~Ray