File upload script not work

mluci12
Posts: 39

File upload script not work

Hello
I have this file upload script and Mysql& PHP insert in database.Why don't work file upload?

Code: Select all

<?php require('includes/config.php'); $target_dir = "images/"; $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]); $uploadOk = 1; //if logged in redirect to members page if( $user->is_logged_in() ){ header('Location: memberpage.php'); } //if form has been submitted process it if(isset($_POST['submit'])){ $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); if($check !== false) { echo "File is an image - " . $check["mime"] . "."; $uploadOk = 1; } else { echo "File is not an image."; $uploadOk = 0; } } { //very basic validation if(strlen($_POST['username']) < 3){ $error[] = 'Username is too short.'; } else { $stmt = $db->prepare('SELECT username FROM members WHERE username = :username'); $stmt->execute(array(':username' => $_POST['username'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if(!empty($row['username'])){ $error[] = 'Username provided is already in use.'; } } if(strlen($_POST['password']) < 3){ $error[] = 'Password is too short.'; } if(strlen($_POST['broker']) < 3){ $error[] = 'Code is too short'; } if(strlen($_POST['passwordConfirm']) < 3){ $error[] = 'Confirm password is too short.'; } if($_POST['password'] != $_POST['passwordConfirm']){ $error[] = 'Passwords do not match.'; } //email validation if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){ $error[] = 'Please enter a valid email address'; } else { $stmt = $db->prepare('SELECT email FROM members WHERE email = :email'); $stmt->execute(array(':email' => $_POST['email'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if(!empty($row['email'])){ $error[] = 'Email provided is already in use.'; } } $imagename=$_FILES["myimage"]["name"]; //Get the content of the image and then add slashes to it //if no errors have been created carry on if(!isset($error)){ //hash the password $hashedpassword = $user->password_hash($_POST['password'], PASSWORD_BCRYPT); //create the activasion code $activasion = md5(uniqid(rand(),true)); try { //insert into database with a prepared statement $stmt = $db->prepare('INSERT INTO members (username,password,email,active,cod) VALUES (:username, :password, :email, :active, :broker)'); $stmt->execute(array( ':username' => $_POST['username'], ':password' => $hashedpassword, ':email' => $_POST['email'], ':broker' => $_POST['broker'], ':active' => $activasion )); $nr=0; $id = $db->lastInsertId('memberID'); //send email $to = $_POST['email']; $subject = "Registration Confirmation"; $body = "<p>Thank you for registering at Reconnect app</p> <p>To activate your account, please click on this link: <a href='".DIR."activate.php?x=$id&y=$activasion'>".DIR."activate.php?x=$id&y=$activasion</a></p> <p>Regards madustech.com</p>"; $mail = new Mail(); $mail->setFrom(SITEEMAIL); $mail->addAddress($to); $mail->subject($subject); $mail->body($body); $mail->send(); //redirect to index page header('Location: index.php?action=joined'); exit; //else catch the exception and show the error. } catch(PDOException $e) { $error[] = $e->getMessage(); } } } //define page title $title = 'Demo'; //include header template require('layout/header.php'); ?> <div class="form"> <div ><img src="background.jpg" id="bg" alt=""/></div><br> <form role="form" method="post" action="" autocomplete="off" class="login-form"> <!-- <h2>Please Sign Up</h2> --> <p class="message">Already a member? <a href='login.php'>Login</a></p><br></br> <?php //check for any errors if(isset($error)){ foreach($error as $error){ echo '<p class="bg-danger">'.$error.'</p>'; } } //if action is joined show sucess if(isset($_GET['action']) && $_GET['action'] == 'joined'){ echo "<h2 class='bg-success'>Registration successful, please check your email to activate your account.</h2>"; } ?> <br></br> <input type="number" name="username" id="username" placeholder="Phone" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="1"> <input type="email" name="email" id="email" placeholder="Email" value="<?php if(isset($error)){ echo $_POST['email']; } ?>" tabindex="2"> <input type="password" name="password" id="password" placeholder="Password" tabindex="3"> <input type="password" name="passwordConfirm" id="passwordConfirm" placeholder="Confirm Password" tabindex="4"> <input type="text" name="broker" id="broker" placeholder="Your code" tabindex="4"> <input type="file" name="fileToUpload" id="fileToUpload"> <div > <div ><button type="submit" name="submit" value="Register" tabindex="5">Register</button></div> </div> </form> </div> <script> var usrname = document.getElementById('username'); //if #countryCode exiss, register change event var ccode = document.getElementById('countryCode'); if(ccode){ ccode.addEventListener('change', function(e){ //adds the value of selected option in #usrname usrname.value = e.target.value; }); } </script> <script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script> <script src="js/index.js"></script> <?php //include header template require('layout/footer.php'); ?>

Admin
Hi,
That script cannot upload file because it not has the move_uploaded_file() function, that moves the file to the specified folder.
So, you need to add this code in your script, where you want the upload to be performed.

Code: Select all

if(move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_file)) echo 'The file '. basename( $_FILES['fileToUpload']['name']). ' has been uploaded.'; else echo 'Sorry, there was an error uploading your file.';

mluci12
How can i insert in database the name of file?
i have the insert here:

Code: Select all

$stmt = $db->prepare('INSERT INTO members (username,password,email,active,cod) VALUES (:username, :password, :email, :active, :broker)'); $stmt->execute(array( ':username' => $_POST['username'], ':password' => $hashedpassword, ':email' => $_POST['email'], ':broker' => $_POST['broker'], ':active' => $activasion ));

Admin
First, in the mysql table create a column for the file name; for example "filename". Then, you can use this code:

Code: Select all

$stmt = $db->prepare('INSERT INTO members (username,password,email,filename,active,cod) VALUES (:username, :password, :email, :filename, :active, :broker)'); $stmt->execute(array( ':username' => $_POST['username'], ':password' => $hashedpassword, ':email' => $_POST['email'], ':filename' => basename($_FILES['fileToUpload']['name']), ':broker' => $_POST['broker'], ':active' => $activasion ));

mluci12
don t work.Have you any other ideea?

Admin
Maybe the ":" in the array keys is wrong.
Try this, make sure you have the "filename" column in the "members" table; and check for $db /$stmt error.

Code: Select all

$stmt = $db->prepare('INSERT INTO members (username,password,email,filename,active,cod) VALUES (:username, :password, :email, :filename, :active, :broker)'); if(false===$stmt) echo 'prepare() failed: ' . htmlspecialchars($mysqli->error); else { $rc = $stmt->execute(array( 'username' => $_POST['username'], 'password' => $hashedpassword, 'email' => $_POST['email'], 'filename' => basename($_FILES['fileToUpload']['name']), 'active' => $activasion, 'broker' => $_POST['broker'] )); if(false===$rc) echo 'execute() failed: ' . htmlspecialchars($stmt->error); }
- Not have orher ideea.

Similar Topics