i have this problem regarding file upload on php.
I always get this error msg.
Warning: file_get_contents(): Filename cannot be empty in
C:\xampp\htdocs\omf2\emprecords\add8.php on line 25
this is my line 25
$data = $con->real_escape_string(file_get_contents($_FILES['uploaded_file']['tmp_name']));
But still saves the info on my database.
What i am trying to do is save the rest of the records on my database even if not selecting a file to upload. And yes the records are saved and the Attachment field (mediumblob) is [BLOB - 0 B]
Question: How can i eliminate the error/warning message? (because everything is really fine)
<meta http-equiv="refresh" content="2;URL='emphistory.php'">
<?php
{
echo "<center><font color='#AAA' size='3'><br/>Record Added!</center>";
}
?>
<?php
$con=mysqli_connect("localhost","root","","dbomf");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM valueholder");
$row = mysqli_fetch_array($result);
$count = '';
$IDNUM = $row['Val'];
$NS = addslashes($_POST ['NS']);
$ad = addslashes($_POST ['ad']);
$hr = addslashes($_POST ['HR']);
$name = $con->real_escape_string($_FILES['uploaded_file']['name']);
$data = $con->real_escape_string(file_get_contents($_FILES['uploaded_file']['tmp_name']));
include ('../dbconn.php');
$query = "INSERT INTO tblemphist1 VALUES
('".$count."', '".$IDNUM."', '".$NS."', '".$ad."', '".$hr."', '".$data."', '".$name."')";
$result = $db->query($query) or die($db->error);
$db->close();
here
<form method="post" action="add8.php" enctype="multipart/form-data">
<td><strong>Attachment</strong></td>
<td>:</td>
<td><input type="file" name="uploaded_file"></td>
</tr>
</form>
<input type = "file">
should be
<input name="uploaded_file" type = "file">
also form method should be post and use enctype='multipart/form-data
<form action="" method="post" enctype="multipart/form-data">
<input name="uploaded_file" type = "file">
</form>
also check
$name = ''; $data = '';
if ((is_uploaded_file($_FILES['uploaded_file']['tmp_name']) && !($_FILES['uploaded_file']['error'])) {
$name = $con->real_escape_string($_FILES['uploaded_file']['name']);
$data = $con->real_escape_string(#file_get_contents($_FILES['uploaded_file']['tmp_name']));
}
include ('../dbconn.php');
$query = "INSERT INTO tblemphist1 VALUES ('".$count."', '".$IDNUM."', '".$NS."', '".$ad."', '".$hr."', '".$data."', '".$name."')";
$result = $db->query($query) or die($db->error);
Use an if statement. For example:
if (!empty($_FILES)) {
$data = $con->real_escape_string(
file_get_contents($_FILES['uploaded_file'] ['tmp_name'])
);
}
Before accessing any property of $_FILES['uploaded_file'] you have to check the value $_FILES['uploaded_file']['error']. And yes, it's a good idea to check if such key exists at all - as with anything coming from the user, there is no guarantee that it exists in the request.
Simply check if the variable is not empty
$data = '';
if (!empty($_FILES['uploaded_file']['tmp_name'])) {
$data = $con->real_escape_string(file_get_contents($_FILES['uploaded_file']['tmp_name']));
}
if error doesn't affect your project just ignore it and add this code in top of your php.
<?php ERROR_REPORTING(E_ALL & ~E_NOTICE); ?>
it will ignore and hide the error. :)
Related
I have been following a lesson on how to make an admin page. I got all the information out of my database to a table on the page. I have an update button and when I change the information and press the button I receive this error: Warning: undefined array key "WebID" in ..\Update.php on line 3
From my search online everyone is trying to change the code so that if array key does not exist: return null. I tried that and the error does not appear no more, but the table does not change.
Any thoughts?
This is the code:
<?php
require_once("DB/DB.php");
$SearchQueryParameter = $_GET["WebID"];
if (isset($_POST["Update"])) {
$Ename = $_POST["Ename"];
$Eid = $_POST["Eid"];
$Erank = $_POST["Erank"];
$Eemail = $_POST["Eemail"];
$Edate = $_POST["Edate"];
$Epassword = $_POST["Epassword"];
$Specialisms = $_POST["Specialisms"];
global $ConnectingDB;
$sql ="UPDATE emp_data SET Ename='$Ename', Eid='$Eid', Erank='$Erank', Eemail='$Eemail', Edate='$Edate', Epassword='$Epassword',
Specialisms='$Specialisms' WHERE WebID='$SearchQueryParameter'";
$Execute = $ConnectingDB->query($sql);
if ($Execute) {
echo '<script>window.open("adminpage.php?WebID=Recored Updated","_self")</script>';
}
}
?>
<?php
<?php
global $ConnectingDB;
$sql = "SELECT * FROM emp_data WHERE WebID='$SearchQueryParameter'";
$stmt = $ConnectingDB->query($sql);
while ($DataRows = $stmt->fetch()) {
$WebID = $DataRows["WebID"];
$Ename = $DataRows["Ename"];
$Eid = $DataRows["Eid"];
$Erank = $DataRows["Erank"];
$Eemail = $DataRows["Eemail"];
$Edate = $DataRows["Edate"];
$Epassword = $DataRows["Epassword"];
$Specialisms = $DataRows["Specialisms"];
}
?>
Html file used to update:
<form id="UpdateForm" method="post" action="Update.php?WebID<?php echo $SearchQueryParameter; ?>">
<div class="form-group">
<button type="submit" name="Update" class="form-control-submit-button">Update</button>
</div>
you have to write the form action like this.. you missed the = sign
action="Update.php?WebID=<?php echo $SearchQueryParameter; ?>"
<form id="UpdateForm" method="post" action="Update.php?WebID=<?php echo $SearchQueryParameter; ?>">
You missed the = sign, in the url
I have made up this html form
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" enctype="multipart/form-data">
<input type="file" name="image1" /><br/>
<input type="file" name="image2" /><br/>
<input type="submit" name='submit' value="upload" />
</form>
this is my php code
<?php
include "conf/connect.php";
if (isset($_POST['submit'])){
$uploadpath1 = 'upload/';
$image1_name = $_FILES['image1']['name'];
$image1_size = $_FILES['image1']['size'];
$image1_type = $_FILES['image1']['type'];
$image1_url =
$image1_temp_name = $_FILES['image1']['tmp_name'];
$uploadpath1 = $uploadpath1. time() . basename($image1_name);
$image1_url = 'http://'.$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['REQUEST_URI']), '\\/').'/'.$uploadpath1;
////
if(empty($errors)) {
move_uploaded_file($image1_temp_name, $uploadpath1);
$success[] = 'Uploaded!';
}
}
///
if (isset($_POST['submit'])){
$uploadpath2 = 'upload/';
$image2_name = $_FILES['image2']['name'];
$image2_size = $_FILES['image2']['size'];
$image2_type = $_FILES['image2']['type'];
$image2_temp_name = $_FILES['image2']['tmp_name'];
$uploadpath2 = $uploadpath2. time() . basename($image2_name);
$image2_url = 'http://'.$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['REQUEST_URI']), '\\/').'/'.$uploadpath2;
////
if(empty($errors)) {
move_uploaded_file($image2_temp_name, $uploadpath2);
$success[]= 'Uploaded';
}
}
if(isset($_POST['submit'])){
$id = $_GET['id'];
$table = 'products';
mysqli_query($connect, "UPDATE `$table` SET `image1` = $uploadpath1, `image2` = $uploadpath2 WHERE `id` = $id");
}
?>
All in : image_multi.php
So when i post submit .. the images uploaded successfully but nothing updated in my table
my table
I run this link : mydomainname.com/image_multi.php?id=1
images uploaded but not appears in database at all
Thanks
Check type and length for fields 'image1' and 'image2' in your table
the problem is definitely in the mysql statement, you didn't quote the filenames that's why the update doesn't run through. in the future simply check the db log for errors.
to fix this should work
mysqli_query($connect, "UPDATE `$table` SET `image1` = '$uploadpath1', `image2` = '$uploadpath2' WHERE `id` = $id");
notice the ' enclosing your $vars, that's only for when you need strings in the rows - which you clearly need. I'm not sure the Id should be string, check to see if it's numeric.
i'm trying to add text and images using
Image is successfully added into folder path. but the value of text and images did not add into database
<?php
function insertpost(){
global $connect;
if(isset($_POST['sendpost']))
{
$title = mysqli_real_escape_string($connect,$_POST["title"]);
$target_image = "images/".basename($_FILES['post_image']['name']);
$post_image = $_FILES['post_image']['name'];
$insert_post_and_image = "INSERT INTO table(title, image) VALUES ('$title','$post_image')";
mysqli_query($connect, $insert_post_and_image);
if(move_uploaded_file($_FILES['post_image']['tmp_name'], $target_image))
{
echo "<h3>Posted to timeline!</h3>";
}
}
}
?>
html code
<form action="" method="post" id="form" enctype="multipart/form-data">
<input type="text" name="title"/>
<input type="file" name="post_image"/>
<input type="submit" name="sendpost" value="POST"/>
</form>
any solution? thanks
I think you have mistake in table name in your query .Just replace table with your actual table name.For example if you have defined table name as user then your query must be
$insert_post_and_image = "INSERT INTO user(title, image) VALUES ('$title','$post_image')";
Also you can check error using
if (mysqli_query($connect, $insert_post_and_image)) {
echo "success";
} else {
echo "Error: " . mysqli_error($connect);
}
*correction
Hi, already found the answer . i'm not sure if it's correct or not . please advise. thanks :)
<?php
function insertpost(){
global $connect;
if(isset($_POST['sendpost']))
{
$title = mysqli_real_escape_string($connect,$_POST["title"]);
$target_image = "images/".basename($_FILES['post_image']['name']);
$post_image = $_FILES['post_image']['name'];
$insert_post_and_image = "INSERT INTO table(title, image) VALUES ('$title','$post_image')";
$result = mysqli_query($connect, $insert_post_and_image);
if($result)
{
move_uploaded_file($_FILES['post_image']['tmp_name'], $target_image);
echo "<h3>Posted to timeline!</h3>";
}
}
}
?>
Im new to php and would like to ask about uploading multiple files using name="image[]". Here's my code :
HTML
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="image[]" multiple="multiple"/>
<input type="submit" name="submit"/>
</form>
PHP
<?php
$table_name ="posts";
$_POST['submit'];
$title = $_POST['title'];
$cat_id = $_POST['cat_id'];
$date = date('Y-m-d', strtotime($_POST['date']));
$description = mysql_real_escape_string($_POST['description']);
$status = $_POST['status'];
$sql = "INSERT INTO $table_name (title,cat_id,date,description,status) VALUES ('$title','$cat_id','$date','$description','$status')";
$result = mysql_query($sql);
$sqlImage = mysql_fetch_array(mysql_query("SELECT id FROM $table_name ORDER BY id DESC "));
$parentId = $sqlImage['id'];
foreach ($_POST['image'] as $images) {
$resImage = mysql_query("INSERT INTO media (parent_id,image) VALUES ('$parentId','$images') ");
}
$_SESSION['add_content'] = true;
echo ' <script>location.href="'.$base_url.''.$table_name.'"</script>';
?>
How can I input my image?
First of all the $_POST['submit'] currently doesn't do anything. Secondly uploading files requires you to use $_FILES instead of $_POST.
This should work to get all of the files uploaded
foreach($_FILES['image'] as $file)
{
//do something with the data
}
PHP manual : $_FILES
Hope this helps!
I have a page called index.html which takes in a few variable from the user, when the user submits them, it goes to the next page (result.php) On results.php the variables from the form on the index.html are posted. The results.php connects to database runs a query etc. All of this works fine. the results.php looks something like this:
<?php
$h = "localhost";
$u = "root";
$p = "******";
$d = "********";
//connectipn to mysql
$conn = mysql_connect( $h, $u, $p );
//connection to database
mysql_select_db($d);
$code = $_POST['code'];
$usage = $_POST['usage'];
$days = $_POST['days'];
$value = $_POST['value];
$sql_runners_up = "SELECT code
from some_table
where number = $value;"
$plans['p_h10'] = array();
$rs2 = mysql_query( $sql_runners_up, $conn );
while ( $row = mysql_fetch_array( $rs2 ))
{
$plans['p_h10'][] = $row["p_h10"];
}
?>
The results.php also has a form that the user can update some fields that are used in the query. the form that I currently have looks like this...
<form action="results.php" name="filter" method="post">
usage:<input name="" type="search" value="" /><br/>
days:<input name="" type="search" value="" /><br/>
<input name="" type="checkbox" value="" />value<br />
<input type="submit" value="submit" name="submit" />
</form>
Even with a blank as soon as the user submits the form I get an error (i have tried filling out the form to use real variable but still get the same error)
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
result resource
the error refers to the line around the while statement. my guess is that some variable/s are not being passed after the form is submitted or the entire results.php form is not being submitted / processed by the server. But to be honest I am really not sure. Any help will be greatly appreciated.
That's because mysql_query returned false.
Also, in your code, you've got a syntax error
$value = $_POST['value'];
Also, your code is vulnerable. Don't trust user's input!
so, correct code would be
$value = intval($_POST['value']);
Try:
$value = (int) $value;
$sql_runners_up = "SELECT code from some_table where number = $value";
$plans['p_h10'] = array();
$rs2 = mysql_query( $sql_runners_up);
try with this:
$sql_runners_up = "SELECT * from some_table where number = '$value';"
and also check that the $value has containing the value..
EDIT: in the above code i use * which select all the fields, cause that is see in your code you did:
$sql_runners_up = "SELECT code from some_table where number = $value;"
and in fetch query you are calling to field name p_h10:
while ( $row = mysql_fetch_array( $rs2 ))
{
// didn't selected $row["p_h10"] in your query
$plans['p_h10'][] = $row["p_h10"];
}
First of all, this row is invalid:
$value = $_POST['value];
It should be $_POST['value'];
But, this error occurs usually when there is an error in your query, or the connection is bad. Check your mysql_connect() & mysql_select_db() settings, it is probably bad.
looks like you did typos...
<?php
$h = "localhost";
$u = "root";
$p = "******";
$d = "********";
//connectipn to mysql
$conn = mysql_connect( $h, $u, $p );
//connection to database
mysql_select_db($d);
$code = $_POST['code'];
$usage = $_POST['usage'];
$days = $_POST['days'];
$value = $_POST['value']; // here
$sql_runners_up = "SELECT code
from some_table
where number = $value"; // and here
$plans['p_h10'] = array();
$rs2 = mysql_query( $sql_runners_up, $conn );
while ( $row = mysql_fetch_array( $rs2 ))
{
$plans['p_h10'][] = $row["p_h10"];
} ?>
also your form is not POSTing parameters... because name attributes are not set
<form action="results.php" name="filter" method="post">
usage:<input name="usage" type="search" value="" /><br/>
days:<input name="days" type="search" value="" /><br/>
<input name="value" type="checkbox" value="" />value<br />
<input type="submit" value="submit" name="submit" />
</form>